does CTM protect against TDSS/TDL rootkits?

Hi:
I would like to know does using CTM and make snapshot of clean computers and later during a tdss/tdl rootkit infection when trying to restore a clean snapshot get rid of the tdl/tdss rootkits? The reason is I used wondershare time-freeze virtualization and a tdl-3 rootkit by passed it and infected my pc forcing a format to make sure is clean and I have heard shadow defender also fails tdl/tdss rootkits. SO on my new formated pc I was wondering if I use CTM will it protect me against these rootkit or will the snapshots and CTM get infected as well?

Also anyone knows any protection against these rootkits? By the way I have CIS perimum and it failed to detect the rootkit. The only softwares detected was hitman pro 3.5 and GMER. Thanks in advance for your reply.

Most probably yes. You can have a clean computer after restoring the clean snapshot.
But I’m not an expert on CTM (yet).
If GMER detects it, avast will do the same (as the full GMER technology is bundled into avast).

I’ll do the tests using my samples.
It can ■■■■■ systems with returnil, shadow defender, deepfreeze, time freeze etc.

I’m installing xp in my vpc and will test it as soon as it finishes.

[attachment deleted by admin]

Hii:

Thank you for testing it for me. Also could you test it on windows 7 home perimum 32bit as well please? SInce I formated my pc because of the tdl infection I have installed win 7 instead of xp. Thanks in advance.

not sure but I’ll try ;D
(I’m downloading trial ;D ;D)

I’m ready to perform the test.
my ENIAC is so slow you gotta have patience.
anyway Buster_BSA is doing similiar test.

[attachment deleted by admin]

Thanks for testing. I’m really interested in the results.
I’m putting a lot of hope in the CTM, but if the data could be ■■■■■■■ up… well…

(Windows 7 used to have a internal sandbox) for thread optimization’s sake ;D

CTM has been tested already - TDL/TDSS trojan series bypassing isolation software | Page 2 | Wilders Security Forums

Many thanks… Seems that it fails and we need to find a way to have secure snapshots.
Hope any of the programmers could comment this.

Bad News.
I couldn’t properly tested on my Virtualbox VM
SafeSys worm just keeps making BSOD so I couldn’t test it :-
and under a limited account it just removes self.
I think this virus is aware of virtual environment.
gotta test again with VPC 2007

he just posted it several hours ago :a0
that’s a bad news again.

Is there a way to safe the snapshots?

( thread moved to https://forums.comodo.com/news-announcements-feedback-ctm/light-virtualization-software-partial-sandbox-test-includes-ctmcisbox-t58848.0.html )

CTM is vulnerable to several malware samples.

[attachment deleted by admin]

Hi dax123:
Please use CIS to protect against TDSS/TDL rootkits.
Thanks a lot.
Best Regards!

so you’ve already tested with TDSS rootkits?
I have some kinds of TDSS rootkit and a SafeSys worm.
I can send you these samples right away ;D

Hey mate. Do you mind uploading and and PMing those samples to me (Just for testing purposes).

Josh

I sent you the link.

I have not tested. Please send those samples to me(jackwang@comodo.com).
Thank you very much.
Best Regards!

I sent a link.
and I’m testing it again with bigger disk
greets ;D

Yeah :cry:

Seems it has a “better” drive to protect the system.
But it does not allow snapshots, just a “frozen” system that can be reverted.
Although avast gives me a very good protection against rootkits (with GMER technology incorporated), you know, it would be better to have a stronger CTM driver.
I’m “disappointed”…

yeah I agree.
CTM has more features like snapshot, rebooting support, etc. and it’s free.
for security, we’d rather use a disk imaging software as i mentioned before.
we once used to live on without that software. O0