Author Topic: does CTM protect against TDSS/TDL rootkits?  (Read 24857 times)

Offline taleblou

  • Comodo Family Member
  • ***
  • Posts: 86
does CTM protect against TDSS/TDL rootkits?
« on: June 30, 2010, 08:22:25 PM »
Hi:
I would like to know does using CTM and make snapshot of clean computers and later during a tdss/tdl rootkit infection when trying to restore a clean  snapshot get rid of the tdl/tdss rootkits? The reason is I used wondershare time-freeze virtualization and a tdl-3 rootkit by passed it and infected my pc forcing a format to make sure is clean and I have heard shadow defender also fails tdl/tdss rootkits. SO on my new formated pc I was wondering if I use CTM will it protect me against these rootkit or will the snapshots and CTM get infected as well?

Also anyone knows any protection against these rootkits? By the way I have CIS perimum and it failed to detect the rootkit. The only softwares detected was hitman pro 3.5 and GMER. Thanks in advance for your reply.

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #1 on: June 30, 2010, 08:29:00 PM »
Most probably yes. You can have a clean computer after restoring the clean snapshot.
But I'm not an expert on CTM (yet).
If GMER detects it, avast will do the same (as the full GMER technology is bundled into avast).
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #2 on: July 01, 2010, 09:36:16 AM »
I'll do the tests using my samples.
It can screw systems with returnil, shadow defender, deepfreeze, time freeze etc.

I'm installing xp in my vpc and will test it as soon as it finishes.
« Last Edit: July 01, 2010, 09:54:41 AM by dax123 »
i cannot help but confess, dang I wanted to get that. LOL

Offline taleblou

  • Comodo Family Member
  • ***
  • Posts: 86
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #3 on: July 01, 2010, 09:56:03 AM »
Hii:

Thank you for testing it for me. Also could you test it on windows 7 home perimum 32bit as well please? SInce I formated my pc because of the tdl infection I have installed win 7 instead of xp. Thanks in advance.

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #4 on: July 01, 2010, 10:04:08 AM »
Hii:

Thank you for testing it for me. Also could you test it on windows 7 home perimum 32bit as well please? SInce I formated my pc because of the tdl infection I have installed win 7 instead of xp. Thanks in advance.

not sure but I'll try ;D
(I'm downloading trial  ;D ;D)

I'm ready to perform the test.
my ENIAC is so slow you gotta have patience.
anyway Buster_BSA is doing similiar test.
http://www.wilderssecurity.com/showthread.php?t=276210
« Last Edit: July 01, 2010, 12:22:20 PM by dax123 »
i cannot help but confess, dang I wanted to get that. LOL

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #5 on: July 01, 2010, 10:08:59 AM »
Thanks for testing. I'm really interested in the results.
I'm putting a lot of hope in the CTM, but if the data could be screwed up... well...
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #6 on: July 01, 2010, 12:37:39 PM »
(Windows 7 used to have a internal sandbox) for thread optimization's sake  ;D
« Last Edit: July 01, 2010, 03:01:23 PM by dax123 »
i cannot help but confess, dang I wanted to get that. LOL

Offline Apach

  • Comodo Loves me
  • ****
  • Posts: 161
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #7 on: July 01, 2010, 02:47:09 PM »

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #8 on: July 01, 2010, 02:54:33 PM »
CTM has been tested already - http://www.wilderssecurity.com/showpost.php?p=1704893&postcount=26
Many thanks... Seems that it fails and we need to find a way to have secure snapshots.
Hope any of the programmers could comment this.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #9 on: July 01, 2010, 02:59:42 PM »
Bad News.
I couldn't properly tested on my Virtualbox VM
SafeSys worm just keeps making BSOD so I couldn't test it :-\
and under a limited account it just removes self.
I think this virus is aware of virtual environment.
gotta test again with VPC 2007


CTM has been tested already - http://www.wilderssecurity.com/showpost.php?p=1704893&postcount=26

he just posted it several hours ago  :a0
that's a bad news again.
« Last Edit: July 01, 2010, 03:04:53 PM by dax123 »
i cannot help but confess, dang I wanted to get that. LOL

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #10 on: July 01, 2010, 08:38:20 PM »
Is there a way to safe the snapshots?
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
« Last Edit: July 03, 2010, 02:40:02 PM by dax123 »
i cannot help but confess, dang I wanted to get that. LOL

Offline Flykite

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 312
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #12 on: July 01, 2010, 09:50:36 PM »
Hi dax123:
    Please use CIS to protect against TDSS/TDL rootkits.
    Thanks a lot.
    Best Regards!
« Last Edit: July 01, 2010, 10:20:04 PM by Flykite »

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #13 on: July 01, 2010, 10:31:27 PM »
Hi dax123:
    Please use CIS to protect against TDSS/TDL rootkits.
    Thanks a lot.
    Best Regards!


so you've already tested with TDSS rootkits?
I have some kinds of TDSS rootkit and a SafeSys worm.
I can send you these samples right away  ;D
« Last Edit: July 01, 2010, 10:33:52 PM by dax123 »
i cannot help but confess, dang I wanted to get that. LOL

Offline Joshâ„¢

  • Retired Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1010
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #14 on: July 01, 2010, 11:29:47 PM »
so you've already tested with TDSS rootkits?
I have some kinds of TDSS rootkit and a SafeSys worm.
I can send you these samples right away  ;D


Hey mate. Do you mind uploading and and PMing those samples to me (Just for testing purposes).

Josh
Learn from the past, live in the present, prepare for the future.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek