does CTM protect against TDSS/TDL rootkits?

[Guest]

[taleblou]

Hi:
I would like to know does using CTM and make snapshot of clean computers and later during a tdss/tdl rootkit infection when trying to restore a clean  snapshot get rid of the tdl/tdss rootkits? The reason is I used wondershare time-freeze virtualization and a tdl-3 rootkit by passed it and infected my pc forcing a format to make sure is clean and I have heard shadow defender also fails tdl/tdss rootkits. SO on my new formated pc I was wondering if I use CTM will it protect me against these rootkit or will the snapshots and CTM get infected as well?

Also anyone knows any protection against these rootkits? By the way I have CIS perimum and it failed to detect the rootkit. The only softwares detected was hitman pro 3.5 and GMER. Thanks in advance for your reply.

[Tech]

Most probably yes. You can have a clean computer after restoring the clean snapshot.
But I'm not an expert on CTM (yet).
If GMER detects it, avast will do the same (as the full GMER technology is bundled into avast).

[dax123]

I'll do the tests using my samples.
It can screw systems with returnil, shadow defender, deepfreeze, time freeze etc.

I'm installing xp in my vpc and will test it as soon as it finishes.

[taleblou]

Hii:

Thank you for testing it for me. Also could you test it on windows 7 home perimum 32bit as well please? SInce I formated my pc because of the tdl infection I have installed win 7 instead of xp. Thanks in advance.

[dax123]

Hii:

Thank you for testing it for me. Also could you test it on windows 7 home perimum 32bit as well please? SInce I formated my pc because of the tdl infection I have installed win 7 instead of xp. Thanks in advance.

not sure but I'll try
(I'm downloading trial   )

I'm ready to perform the test.
my ENIAC is so slow you gotta have patience.
anyway Buster_BSA is doing similiar test.
http://www.wilderssecurity.com/showthread.php?t=276210

[Tech]

Thanks for testing. I'm really interested in the results.
I'm putting a lot of hope in the CTM, but if the data could be screwed up... well...

[dax123]

(Windows 7 used to have a internal sandbox) for thread optimization's sake 

[Apach]

CTM has been tested already - http://www.wilderssecurity.com/showpost.php?p=1704893&postcount=26

[Tech]

CTM has been tested already - http://www.wilderssecurity.com/showpost.php?p=1704893&postcount=26

Many thanks... Seems that it fails and we need to find a way to have secure snapshots.
Hope any of the programmers could comment this.

[dax123]

Bad News.
I couldn't properly tested on my Virtualbox VM
SafeSys worm just keeps making BSOD so I couldn't test it
and under a limited account it just removes self.
I think this virus is aware of virtual environment.
gotta test again with VPC 2007

CTM has been tested already - http://www.wilderssecurity.com/showpost.php?p=1704893&postcount=26

he just posted it several hours ago  
that's a bad news again.

[Tech]

Is there a way to safe the snapshots?

[dax123]

( thread moved to http://forums.comodo.com/news-announcements-feedback-ctm/light-virtualization-software-partial-sandbox-test-includes-ctmcisbox-t58848.0.html )

CTM is vulnerable to several malware samples.

[Flykite]

Hi dax123:
    Please use CIS to protect against TDSS/TDL rootkits.
    Thanks a lot.
    Best Regards!

[dax123]

Hi dax123:
    Please use CIS to protect against TDSS/TDL rootkits.
    Thanks a lot.
    Best Regards!

so you've already tested with TDSS rootkits?
I have some kinds of TDSS rootkit and a SafeSys worm.
I can send you these samples right away 

[Josh™]

so you've already tested with TDSS rootkits?
I have some kinds of TDSS rootkit and a SafeSys worm.
I can send you these samples right away 

Hey mate. Do you mind uploading and and PMing those samples to me (Just for testing purposes).

Josh

[Tags:]