Rescue Mode

Rampant
Rampant ✭✭
in Feature request

I would like to have access to edit the registry, bitdefender can remove the virus, which locks the system, but the modification in the registry can disable loading user profiles. Editing the registry can correct the situation.

Comments

  • Rampant
    Rampant ✭✭
    edited June 2013

    Here's an example, just made this test. The system is locked, bitdefender scan revealed no problems.


    1097b0020a.jpg


    abb2560eff.jpg


    Boot a recovery disk from Kaspersky Lab.


    2be4b3c743.jpg


    Start the registry editor, and find a virus that does not boot profile.


    d9e9e82180.jpg


    d0e747bbcf.jpg


    Edit the registry and loaded into the system.


    b0f1ed6479.jpg


    Now the virus can be sent to labs bitdefender, to add to the base. I agree that this should be done advanced users, but can you go to meet us?

  • csalgau
    csalgau ✭✭

    Registry scanning and cleanup from the rescue mode and rescue CD environments is work in progress, but it won't be available to end-users to manually change things. An ETA was set to 'when it's done', since any improper action in this case can easily cause more harm than good.


    It would appear that the sample is undetected, and at the moment realtime blocking is the only safe action. If you can, please provide a hash or sample.


    Thank you.

  • Rampant
    Rampant ✭✭

    The damage has already been done by a virus, will not be worse)) and the sample I sent through the form.


    http://www.bitdefender.com/site/Defense/fileSubmission


    And why you do not agree to the Kaspersky Lab? they trust the users, or is it only in Russia?))

  • csalgau
    csalgau ✭✭

    Not necessarily.


    Strictly speaking, if such samples were detected at the moment and removed without their registry entries, clients would be locked out.


    We can pick up and clean traces of an infection if the infection is still there, but it is not up to an antivirus product to correct random invalid registry entries like winlogon paths. This applies just as well to previously cleaned infections that did not correct paths.


    When saying it will not be available to clients I was referring to automatic registry cleanup.


    Inclusion of a separate registry editor has nothing to do with trust. You simply cannot except users to know what the problem is, and then expect them to correct it themselves. Users who do know what to do probably have tools available to do so.

  • coolcool1227
    coolcool1227 ✭✭✭
    ........... I agree that this should be done advanced users, but can you go to meet us?


    ........... And why you do not agree to the Kaspersky Lab? they trust the users, or is it only in Russia?))


    Hi Rampant


    Why you forget that this is a world of novice users, the era of trust worthy Advanced users is over. They have not implemented the very fundamental feature in Normal Mode in their esteemed products while you are asking for more complicated features to be implemented in Rescue Mode...... Just re-view the Feature request sub-forum, all our request are just cloned to the new location (and will hopefully continue to clone 20xx version) , but there are no chances and signs of implementation of any of the feature suggested. :rolleyes:

  • csalgau
    csalgau ✭✭
    edited June 2013
    The damage has already been done by a virus, will not be worse


    I believe I have not properly addressed this. There are two completely different things here.


    Rampant posted about a sample that is not detected and mentioned that we are not offering a registry editor as part of Rescue Mode.


    My opinion, and that of many of my colleagues, is that this should not be left to the user, but fixed on clean, as it happens while Windows is running. This specific thing is work in progress.


    Without removing that, most novice users and, I believe I can safely assume, a large number of people considering themselves advanced users, would find that their system is not booting up properly after cleanup.


    This is not to say that advanced users wouldn't know how to fix a problem. It just means a large number of them would find themselves searching for removed filenames in the registry, and that is not very productive. I hold that an advanced user can use a third-party tool for this, especially after noticing that no detection was picked up by the scanner.


    If they do decide to include a registry editor in the Rescue Mode or Rescue CD, you'll probably see it there at some point.


    On the other hand, I really see no need for one in normal mode.

  • coolcool1227
    coolcool1227 ✭✭✭
    edited June 2013
    .......Without removing that, most novice users and, I believe I can safely assume, a large number of people considering themselves advanced users, would find that their system is not booting up properly after cleanup.


    This is not to say that advanced users wouldn't know how to fix a problem. It just means a large number of them would find themselves searching for removed filenames in the registry, and that is not very productive. .......


    What about the Roll-back option in case of any mistake?


    Its good to enhance the cleaning routine to remove infection and all its traces and revert the damages made. What about the time frame in case of integrating the new routine while the advance user wants to clean the infection on the spot on urgent basis?

  • csalgau
    csalgau ✭✭

    While I understand your point of view, the two things are completely unrelated. The team working on enhancing cleanup to cover offline disinfection is not targeting a split product, nor would they be able to release it in a time-frame convenient to clients.


    What I can say is that this support will not target individual routines. To the extent possible, this should, in the end, work for all cleanups done on a system.


    I'll leave it to a colleague in support to post if inclusion of a separate editor will happen or not, as indicated by product teams.

  • Rampant
    Rampant ✭✭
    edited June 2013

    That's right, Catalin, I know a lot of ways to restore the system boot, I have a lot of specialized tools, I am an administrator security forum, I have a private practice in solving problems with the computer, but still I am a long-time user of products bitdefender, and if I delete all of its programs, and leave only your products, but that will all solutions to protect and restore the damaged systems, I'll tell you a huge thank you) I apologize for the bad English.

  • Rampant
    Rampant ✭✭

    I want to make an explanation to the test, and to reassure users bitdefender that would lock the system, I turned off all antivirus protection, otherwise, proactive technologies to successfully block and remove the virus.


    9210ff94c9.jpg


    ff2a5263e9.jpg


    a3b8090b28.jpg


    7e364545ef.jpg

  • Charyb
    Charyb ✭✭✭
    edited June 2013

    Would something similar to RegShot be what you are requesting to be implemented into the program?


    -http://sourceforge.net/projects/regshot/


    This does a before and after snapshot of your registry and allows you to compare differences made whether it be an install, uninstall, or malware infection.


    I really, really like this idea but, as stated, could be harmful in the wrong hands.


    You and ONT always come up with great ideas.

  • coolcool1227
    coolcool1227 ✭✭✭
    ..... could be harmful in the wrong hands.....


    When someone don't want to implement such feature, its an excellent excuse :rolleyes: .


    And many thanks for your kind words for me. :)

All Time Leaders

Categories

Defenders of the month