Remove Deeply Rooted Malware
key review info
- Application: Safe Returner 1.24
- Reviewed on:
- Heuristic malware detection engine
- (4 more, see all...)
Malware lurking around waiting for a chance to drop itself in the system and take over or simply snoop for bank details, or account credentials is not exactly unbelievable news; it’s not even news anymore. The diversity of the threats lately and their rapid propagation combined with high damage rate make the background that imposed special measures to be taken by antivirus developers around the world. And the response was faster scanning of vaster amounts of data and increased detection accuracy.
Safe Returner is not an antivirus per se and does not mean to take over the tasks and purpose of an antivirus. It is a complementary solution designed to take care of malware already rooted in the system. You have 30 days to test it with absolutely no limitations imposed. The price tag of the program says $29.95 if you decide to buy it.
It relies on malware signatures but also employs its own heuristic engine, which analyzes files for activity that is generally associated with malware. The third layer of defense that completes Safe Returner’s arsenal against malware is generic detection that can detect characteristics of a given malware family group. All of them are designed to detect and eliminate any sort of suspicious activity on your system.
Installing the app does not waste too much of your time and there are no unexpected stops during the process. A minimalist interface carrying only necessary menus and nothing more will definitely appeal to users, beginners and experts alike. The developer kept everything so simple that even setting up the program is a piece of cake.
The three menus present in the main application window let you check the current state of the software, start new scans or configure the program to work your way. The “Overview” screen presents details about the time and date of the last scan and signature update. More details include subscription status, database and program version.
From this window, you can also initiate a new scan. In order to benefit from Safe Returner’s full power, the developer advises closing or disabling any anti-malware program. Internet connection is also recommended for the best results.
Safe Returner does not come with proactive protection, but detects threats that have slipped through the cracks of your regular antivirus software and have already infected the system. Thus, it will verify only the places on the system that malware is most likely to take shelter in.
During our tests, the entire process did not take too long to complete (about 2 minutes on fairly clean systems) and revealed some of the threats we let loose on the test machine. Besides the normal mode, which displays the threats detected after the checking is complete, the “Scan” window also sports an expert mode. Here, you will see both legitimate, as well as malicious programs that are automatically started with Windows.
Depending on the system we tested Safe Returner, we were shown legitimate processes belonging to reputed companies such as BitDefender or NVIDIA. However, the purpose of the expert screen in the application is to allow experienced users to discern between malignant items and innocent ones whose actions target the system’s state. On the flipside, Safe Returner labels each process with a risk level running on a scale with 100 being the maximum, only in expert mode.
Normally, the higher the threat score, the higher the suspicions of the item to be a threat; but in Safe Returner’s Expert mode, you will find perfectly healthy processes with very high suspicion score. So, this basically means that the rating is not necessarily something to determine the threat level of the process with and it is only up to you to decide whether you’re dealing with an infection or not.
As far as the options are concerned, the context menu for expert users is richer. You can quickly jump to the registry entry (uses RegJump) or learn more about the selected item on various security websites. On the downside, for the latter actions, a specific search will be carried out in Google (opened automatically in Internet Explorer) instead of taking you directly to the page describing the threat on the security sites.
In normal mode, when the application detects a threat, you have the possibility to save a report of the encounter, locate the file, add it to the exclusion list, start a search for more details about it on Google or submit it to Safe Returner labs as a false positive. Its threat level is also marked by levels such as “High Risk” or “Moderate Risk.”
Before running a scan of the most important areas of the computer with Safe Returner, you have to be perfectly aware of the fact that the application will automatically terminate some processes. In our case, PicPick and Foobar were forced to shut down so that the scanning could start off. It is recommended to follow the advices in the “Overview” window for the best results of the scan and no unwanted events.
Setting up the program is just a simple matter of ticking check boxes. Scan-related options are the most important as they allow you to improve the speed or efficiency of the process. You can configure the program to skip files larger than 4MB, ignore non-executable data, restrict system checking to known file types and appeal to online analysis in the case of unknown threats. Additional configuration allows you to enforce automatic update of the database and program, as well as sending error logs and info about unknown items to Safe Returner laboratories.
Because Safe Returner uses a highly aggressive heuristic engine that can pick false positives, the application and especially its threat findings should be treated with utmost care and eliminated only when you are positively sure that the target is indeed malware. We did not experience any false positives in normal mode, but the fact that there is a threat score pinned to legitimate processes in Expert mode may mislead users into believing that they are actually a threat to the system (despite the warning in the upper part of the screen stating that both legit and malicious items are displayed).
During our tests, Safe Returner accurately detected a pool of menaces that found comfortable residence in sensitive system areas in wait for instructions. Although most of these were easily detected by antivirus software such as Panda Cloud or BitDefender Total Security, the app had its contribution to consolidating the security of the system.
Safe Returner is a simple program with a simple mission: detect any malicious processes that take shelter in sensitive system areas. It is easy to configure and offers plenty of possibilities to check whether detected items are friends or foes.
It is easy to use and configure and scanning operations take very little to complete. Malware removal is done with a push of a button.
When looking for details about a detected item on the security websites provided by the application, you are not taken directly to the information page on those websites but to Google search results.
False positives are likely to be reported because of the aggressive heuristics engine Safe Returner relies on. Expert mode shows valid processes and malware together, no segregation being involved; also, all items in this section have a threat score. The $29.95 price does not make the application more appealing either.
The program is still at the beginning and it shows. At this stage of development, it is not firm enough in declaring which detected item is a threat to the system and which is actually a valid one, leaving this decision to the user. Sunny side up, an average user should be able to recognize the files that are clean and entitled to run unhindered on the system.
Although aggressive and inclined to false positives, the heuristic engine driving Safe Returner is powerful enough to root out malware. The app is designed as an additional layer of protection for your computer and to intervene where conventional antivirus products couldn’t.
This article is also available in Spanish: Elimina el malware arraigado en tu sistema