CTM vs. MBR attacking malware

is there any protection against malware which attacks the MBR?

a very good question , anyone can reply this? ???

I believe there is protection against this, However I am not sure.

Can you explain against which programs CTM must defend?

For example MBR killers, Sinowal MBR rootkits etc.

Sure here is nothing like that protection.
Moreover in case of MBR changes all Ur system will b ruined at least until U reinstall CTM (= repair Win = quickinstall frsh Win = loose all snapshots until last baseline).
From screenshots I see that CTM is quite similar to RollBack and/or EazFix.

So U must protects Ur MBRs by self (with a/v, hips etc.)

I use MBRwhiskey to save a copy of the MBR and a SHA1 hash to compare my MBR with a ‘known clean version’ then at least i know my MBR has changed… not prevention but at least detection :wink:

red boot mbrwhisky ? COMODO detects it as an unknow malware …it looks like a false positive based on code since it is recommended by good sources ( same for for mbr.exe from Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer

Strange too i submit the file to virustotal and got weird results : aren’t 7z archives analysed ??? :

File MBRWHISKY.EXE 8/41 (19.51%)
MbrWiz.7z ( archive with the exe ) 0/41 (0.00%)

I use to protect/repair Windows partitions or Ubuntu… to check/repair any change.

No virustotal doesn’t support archives

Thanks … I learn something today … Next time i will use only CAMAS :wink:

I reported the false positive here.

http://virscan.org/ supports archives (rar and zip) only though.

I do a test since i was unsure about 7z support :

  1. same file zipped with 7z but with zip extension File MbrWiz.zip
    Result: 3/40 (7.50%)


  1. subfolder ‘files’ only ( with the exe ) zipped with 7z with 7z extension

File files.7z Result: 1/41 (2.44%) : Comodo Base 3234 2009.12.14 UnclassifiedMalware


  1. subfolder ‘files’ only ( with the exe ) zipped with 7z with zip extension

File files.zip Result: 3/41 (7.32%) (same as 1)

First conclusion : You can hide files in subfolder when zipped with 7z but not from Comodo :o

Finally I realize my first scan was File MbrWiz.7z received on 2009.08.18 07:25:33 (UTC) ( it was a pemanent link since the file was already scanned )

I did it again with the original ultra solid 7z from the site ( i even download it again ) but I did my own fresh scan this time :

Result: 1/41 (2.44%)

Same with VirScan - 多引擎文件在线检测平台

Last conclusion : Always stay update and never trust a stranger NOR Comodo … at least until next database update :wink:

http://virusscan.jotti.org/en/scanresult/2acbe148eb7086e4c938d2d6fe23230b8285feda found nothing ( but there is nothing to found ).

Final word : 7z is supported … at least by Comodo :a0

The file looks clean