is there any protection against malware which attacks the MBR?
a very good question , anyone can reply this? ???
I believe there is protection against this, However I am not sure.
Can you explain against which programs CTM must defend?
For example MBR killers, Sinowal MBR rootkits etc.
Sure here is nothing like that protection.
Moreover in case of MBR changes all Ur system will b ruined at least until U reinstall CTM (= repair Win = quickinstall frsh Win = loose all snapshots until last baseline).
From screenshots I see that CTM is quite similar to RollBack and/or EazFix.
So U must protects Ur MBRs by self (with a/v, hips etc.)
I use MBRwhiskey to save a copy of the MBR and a SHA1 hash to compare my MBR with a ‘known clean version’ then at least i know my MBR has changed… not prevention but at least detection
red boot mbrwhisky ? COMODO detects it as an unknow malware …it looks like a false positive based on code since it is recommended by good sources ( same for for mbr.exe from Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer
Strange too i submit the file to virustotal and got weird results : aren’t 7z archives analysed ??? :
File MBRWHISKY.EXE 8/41 (19.51%)http://www.virustotal.com/en/analisis/be4c265cfd08214eb8fea39f70ec7be61d49378a16743698df43015e4ea13b82-1255104064
MbrWiz.7z ( archive with the exe ) 0/41 (0.00%)http://www.virustotal.com/en/analisis/a2838596b7d5f3e14f682fa9632046942f0670a756ec8ff2451e56a7a35981a6-1250580333
No virustotal doesn’t support archives
Thanks … I learn something today … Next time i will use only CAMAS
I reported the false positive here.
http://virscan.org/ supports archives (rar and zip) only though.
I do a test since i was unsure about 7z support :
- same file zipped with 7z but with zip extension File MbrWiz.zip
Result: 3/40 (7.50%)
- subfolder ‘files’ only ( with the exe ) zipped with 7z with 7z extension
File files.7z Result: 1/41 (2.44%) : Comodo Base 3234 2009.12.14 UnclassifiedMalware
- subfolder ‘files’ only ( with the exe ) zipped with 7z with zip extension
File files.zip Result: 3/41 (7.32%) (same as 1)
First conclusion : You can hide files in subfolder when zipped with 7z but not from Comodo :o
Finally I realize my first scan was File MbrWiz.7z received on 2009.08.18 07:25:33 (UTC) ( it was a pemanent link since the file was already scanned )
I did it again with the original ultra solid 7z from the site ( i even download it again ) but I did my own fresh scan this time :
Result: 1/41 (2.44%)
Same with VirScan - 多引擎文件在线检测平台
Last conclusion : Always stay update and never trust a stranger NOR Comodo … at least until next database update
http://virusscan.jotti.org/en/scanresult/2acbe148eb7086e4c938d2d6fe23230b8285feda found nothing ( but there is nothing to found ).
Final word : 7z is supported … at least by Comodo :a0
The file looks clean