Author Topic: does CTM protect against TDSS/TDL rootkits?  (Read 35325 times)

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #45 on: July 03, 2010, 03:02:17 PM »
I think dax123 nullified that here. Maybe split this testing request into another topic

I'm still alive ;D spilting the topic is a good idea


Also try the latest Beta of SandboxRx
http://privateworkplace.com/sandboxrx.php
Sandbox RX - received.

Are they detected by www.virustotal.com ?
I've got a 30% sample ( most of 30% detects it by heuristics )
I'm not a TDSS author though, so i'm still looking the latest sample  88)

Could you PM me the samples by any chance?  Thanks mate.
I'll send you the link. but i don't think you will be interested in my sample though  :-\ it's old
« Last Edit: July 03, 2010, 03:16:41 PM by dax123 »
:)

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #46 on: July 03, 2010, 05:05:57 PM »
Hi:

The tdss/tdl rootkit that originaly infected my pc even with CIS set to highrest setting and even scanning with comodo and a-squares, malwarebyte, superantispyware all did not detect and time freeze failed and it infected the atapi.sys driver (hitman identified it as atapi.sys  rootkit) that was very new. Perhapse can anyone test this particular rootkit against these security softwares? I think I may have gotten it through malwaredomainlist site link testing.

So I think the atapi rootkit is a badass one.

What's galling is that simply running as a limited user (no security software required!) would probably have saved you.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek