Safe Returner 1.27.5 Release

Discussion in 'other anti-malware software' started by egomoo, Oct 26, 2010.

Thread Status:
Not open for further replies.
  1. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    Safe Returner is an awesomely impressive anti-malware tool which aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware and rootkits.

    Features

    1.Safe Returner is a smart version of Sysinternal's Autoruns which also shows you what programs are configured to run during system bootup. However, while Autoruns could not use without dedicated IT-staff, even a computer novice knows how to use Safe Returner right away.

    2.None signature antimalware.
    Safe Returner does not replace an antivirus product. It is strictly a post-infection removal tool.

    What it does?

    Safe Returner examines all the system files, the Windows Registry and the programs and files loaded at boot time. The majority of malicious programs (once triggered) load this way.

    What's new

    It could detect most type of hidden service rootkits,even the popular Black Energy 2.1+ rootkit

    I know it is very difficult to remove Black Energy rootkit even manually use other anti-rootkit tools because the random driver will recreated while deleted by others.

    the Black Energy 2.1+ rootkit sample is from
    http://www.kernelmode.info/forum/viewtopic.php?f=16&t=42&p=3224#p3172

    welcome for any other rootkit test!


    Home page: http://www.safereturner.com
     

    Attached Files:

    Last edited: Oct 26, 2010
  2. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @egomoo: You site still shows and let us download old version (1.27.3) only.
     
  3. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    I'm sorry,it will update while click "Scan" button
     
  4. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    What about offline use? What will be update scenario when user has lost internet connection due to malware and you get Safe Returner trial from a friend on USB?
     
  5. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    thanks for your tip,boyfriend

    the new version download has been updated.
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I have noticed this catchme.txt log being created when I run the program since version 1.27.4.
    Log details:

    read file error: C:\WINDOWS\System32\drivers\luvtnw.sys, The system cannot find the file specified.

    ;)
     
  7. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @egomoo: Update version number (1.27.3 to 1.27.3) on your main page and post updated 'Plus" version on your site.
     
  8. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    that means the file "C:\WINDOWS\System32\drivers\luvtnw.sys" do not exists

    I use catchme to check whether the file is truely not found.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I wasn't worried...just curious.
     

    Attached Files:

  10. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    Hi egomoo, I just installed the latest version (1.27.5) and your GUI still shows the DPI problem that I reported earlier when the system is set to use 120 DPI.

    Al.
     
  11. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Dr. Web quarantines this for Backdoor Trojans. Would you upload the update to them so they can whitelist it?
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Why do I feel that I am looking at Emmisoft at that GUI ?
     
  13. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    Only Dr. Web report as a trojan.loader

    I have uploaded two times the early version but the next time it happened again
    :oops:
     
  14. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I didn't notice you made a new thread for the new version.
    I have a post in the old thread, FYI.
    45+ minutes and counting. :D
     
  15. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    Hi,

    Is that mean you scan stop at "online analysis"?

    if the can takes more than 10 minutes,it must have a error in the scan process.
     
  16. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    Hi,I'm sorry.

    It's a difficult problem,I have not fixed it now when you set 120 DPI.
     
  17. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    1:46+ and counting. [​IMG]

    How do I figure out what the error is.
    Should I create a minidump of the process via task manager?
    I have closed the program now.
     
  18. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Should I upload the .exe that your program keeps stopping on to somewhere?
     
  19. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    could you do a scan again?What about the online anlysis progressbar ?

    Does that stop at the end of progressbar ?
     
  20. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    It halts during signature scanning, progress bar is 3/4 through, it stops on 1 specific .exe each scan attempt and stops there.
    FYI, The version I downloaded was the top choice 1.27.5, not the bottom choice 1.27.3.
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I am confused about RegKernelHelp.sys...Does it load before the SrKillKit.dll?

    It seems to not load some of the time.

    Also, I have this error in the device manager.
     

    Attached Files:

  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    ...one more screenshot
     

    Attached Files:

  23. egomoo

    egomoo Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    115
    Yes,RegKernelHelp.sys is a part of SafeReturner to detect rootkits.

    RegKernelHelp.sys will be created just like catchme.sys will be created by catchme.exe.
     
  24. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Still having the issue with it locking on one file.
    Should I have run the installer as administrator?
    I have tried run as admin and without, doesn't make a difference.
     

    Attached Files:

    Last edited: Oct 27, 2010
  25. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    It just updated to version 1.27.6 ;)
     
Loading...
Thread Status:
Not open for further replies.