Returnil-infections found

[liz1954]

  Well, on a previous post I said I was a happy camper and I was since all  my scans showed no infections. So, I was downloading Returnil free version, and did not like the start up lag so I uninstalled it. Mike from returnil informed me that he would work with me on the interface options that I did not like and so I downloaded it again to try it. I did not engage the virus gaurd until I could get a definitive answer about it's real time protection vs MSE, since he said it would work with mse, but your articles state strictly one antivirus. So I ran a scan without the gaurd on, it took 4 hours at 2mb/s and less as scan went on. I would have canceled scan but I wanted the results! Well now I have them, 25 infections and 18 skipped due to some process being run? So, I wanted to post in the malware removal forum, but the instructions were to read the stickys pinned to the top. I tried to find anything pinned to the top and does this mean just to read all the topics, whether in progress or not. I started to, but then half of them said do not do these things unless asked specifally by someone helping me. Can I get further clarification on "sticky's pinned to the top"? And thanks once again for any assistance rendered, Liz.

[1972vet]

First, to address your question regarding the creation of a help thread in the malware removal forum. The instruction asks that you read the "sticky posts" at the top. What that refers to is the top seven threads, although you wouldn't really know that unless you were familiar with this type of forum software. I've had issues myself with the way that instruction is worded since there is no real good method for a new member to determine with certainty, what that means. If you look to the icon to the far left, it appears to be grayed out. That is what indicates the thread is a "sticky" topic...again, you wouldn't know that either as a newbie. Now you do.

Next, I'd like to point out that Returnil is merely a piece of software. The software's purpose and design is to create a virtual image of your entire operating system. While you have mounted the virtual system, that system can become infected just as any other.  The theory is, the virtual system, along with any malware that it may have collected, will just go away upon reboot. That is actually the way it does work...the vast majority of times. However, there are those few rare occasions that malware can jump past the virtual machine and infect the real hard disk. Those instances are rare but real. That is one good reason to have the returnil antivirus product engaged while you have it mounted even though you are also using another installed antivirus product.

Not to confuse the masses, but consider that the Returnil software's antivirus product is also "virtual". The rub though, is having it engaged while the system is not mounted as virtual. Now that I have the feeling that I've confused you, let me give you a bit more detail.

Returnil's software runs on each boot. You can't turn that off without breaking the software so it must run. The software must also be configured immediately after installation to tweak the default settings to suit your needs. By default, Returnil system safe, for example, installs with the virtual system mounted on each reboot. That said, it makes sense then that it's default installation is already in a virtual mode since most users also have an antivirus product on board and, it's just my guess, the author didn't feel the need to take months and months to test every single antivirus product out there as to it's irritation with Returnil's antivirus product.

With that in mind, the default install, going directly into a mounted virtual system, isn't going to struggle much with the native antivirus product which is real...not virtual. It's after your first reboot that you might have problems. I did. I had to boot to safe mode to disable Returnil's antivirus product since it conflicted with my native antivirus product while mounted into the real operating system. In my case, my antivirus product stalled the reboot because of the wrestling match that ensued.

Safe mode, in my case, was the fix.

Now...with all that out of the way...I'd like to add that a fair sampling would be to run a complete system scan of the operating system while mounted into the real system, or normal mode. Then, boot into the virtual mode and conduct your business online, whatever that may be. When that session is complete and you reboot back into the real system, or normal mode, run another complete system scan. THAT is a fairly good way to test your security with Returnil. Compare those results with your previous results. Knowing that your first scan, while in normal mode, has already found and quarantined whatever the scan produced, then the system should be considered clean. If you mounted the virtual system immediately after that and conducted your business online, then rebooted back into the normal mode and performed another complete system scan, THAT scan should produce no results. If that scan DOES produce results, then you have a pretty good case against returnil.

I might add one last note...I have used Returnil for years and years, and while actually testing the affect that certain malicious code has on the system. Sometimes testing malicious code online, such as malicious web sites, and sometimes by purposely installing malicious software and yet, not one infection jumped past it on my system.

[liz1954]

1972vet. I uninstalled the program, but I will install it again and try it your way. Thanks, Liz, and sorry for the delay answereing, we had a power outage over here.

[liz1954]

1972Vet, these are the steps I followed after my last reply. 1. reinstalled Returnil, 2. ran a scan, only medium as I had no time left. 3. repaired the one malware found. 4. engaged virus guard and ran another scan, none( med scan) 5. went on line for an hour. 6. left explorer and ran scan, med, nothing found. (btw went on line in virtual mode) 7. restarted computer to get out of virtual mode. 8. turned off internet, insured virus and virtual modes were off ran another Long scan. 4 hours later it was finished and 25 malwares were found. They are now quarantined. (the ones from the 2nd installation of Returnil, went with the uninstallation I suppose.) Now, were these the steps I should have taken. I am not in virtual mode at this time but I do have virus gaurd on. I will go run another scan now. Liz.

[1972vet]

No. My first post explains it rather well.

[liz1954]

1972Vet, ok, these are the steps as I understand them.
1. scan system, but not in virtual mode.
2. engage virtual mode after scan.
3. go online.
4. reboot.
5. scan system again not in virtual mode.
Are these correct? And should I have virus gaurd engaged before I perform step 1 and 5?

[Bugbatter]

Liz, although you have addressed your question to 1972vet, when you were in contact with Returnil Support at Dell Community they expressed a desire to help you with the program.

I will check the information you sent and would love an opportunity to work with you to try and determine a root cause if you are willing at some point.

Perhaps the Returnil folks should be the ones to walk you through using their product.

[liz1954]

Bugbatter and 1972Vet. Apologies for your time spent on my questions.
1. My question at dell was on RSS feeds, not Returnil. I do not know how returnil or why they answered that topic. Evidently RSS is an acrynom for Returnil. Anyway I did try to contact Mike at the email address listed in the topic at dell. It came back through yahoo as undeliverable.
2. I have sent a support email to Returnil and hope to hear something soon.
3. Again my apologies, goodbye, Liz.