Quote:
Originally Posted by doquan0
English isn't my mother tongue. Please sympathize for my poor English.
|
Your english is perfect. Welcome to our forum...
Quote:
"The worm is called W32.SafeSys.Worm and attacks a particular program called Deep Freeze.
Deepfreeze is a computer protection utility that prevents malicious code from writing to the hard drive itself.
|
We are familiar with deep freeze and other restore on reboot products. This software is similar to our Drive Vaccine PC restore product - that protects public access machines be restoring baseline settings on every reboot.
Quote:
|
The W32.SafeSys.Worm bypasses the Deep Freeze method and writes data to the biffer, which then enables direct writing to the hard drive sectors. Thus allowing full access to the PC's hard drive."
|
We are unfamiliar with this specific worm; it seems specific enough for Deep Freeze. We have not had anyone, or have anyway of testing this. If you can test this, somehow with our Drive Vaccine product (or Rollback Rx) we would appreciate it.
Post your results here, if you find out anything.
Quote:
1. Can Safesys virus damage Rollback Rx's MBR ?
2. Does Rollback rx recover my clean system successfully after Safesys infection ?
|
RollBack should be able, in theory, to rollback any changes as Rollback (and Drive Vaccine) write directly to the sectors of the hard drive, and not as hidden windows files or virtual drives.
We do not have a difiniteve answer on your specific worm, because there is really no way for us to test this out. Please (anyone) let us know if you know how to do this, and can duplicate this worm bypassing security with Drive Vaccine or Rollback Rx.
