|
|
#1
August 10th, 2012, 04:08 AM
|
||||
|
||||
CTM 2.9 bootkit MBR FP?
Few days ago i bought a new laptop and i installed on it CTM as it is part of my security.On my other laptop,CTM 2.8 version works flawlessly for over 2 years now.But on the new one,the 2.8 version doesn't work,it won't install,it gave that "couldn't find the operating system" error.Searched a little on their forum and decided to install the 2.9 beta version.This one installed fine,but...when i scanned yesterday with Hitman pro,a bootkit MBR warning was detected.After that,i scanned with:
Kaspersky TDSS killer-clean (3 suspicious drivers from CTM,but these 3 are flagged in the 2.8 version too,no big deal) BitDefender Antibootkit Tool-clean Eset Online Scanner-clean MBAM-clean SAS-clean Emsisoft Toolkit-suspicious MBR rootkit GMER-possible MBR rootkit. I want to mention the fact that on the laptop with CTM 2.8 version,these detections doesn't exist.So my question is...anyone using the 2.9 beta version and facing these detections?I suppose they're FP...or not...? Thanks guys for your replies.
__________________
Avira free-Privatefirewall-Sandboxie-WinPatrol Plus-Wondershare TimeFreeze |
|
#3
August 10th, 2012, 12:19 PM
|
|||
|
|||
|
Re: CTM 2.9 bootkit MBR FP?
Thank you andy, I was thinking the same thing. Generally this is common with anything that lodges itself within the MBR such as a program like CTM, and it may handle that differently than say RollbackRX, etc., but they all still embed within the MBR.
It is good though that Joe mentioned this, but I am sure it is a FP. |
|
#4
August 10th, 2012, 07:23 PM
|
|||
|
|||
|
Re: CTM 2.9 bootkit MBR FP?
Quote:
__________________
Linksys WRT54GS (Tomato) Firewall Norton AntiVirus 2012 Sandboxie (license) CTM |
|
#5
August 10th, 2012, 07:34 PM
|
||||
|
||||
|
Re: CTM 2.9 bootkit MBR FP?
Thank you guys,yes,we could say that it's a FP.Just wondering why with the 2.8 version this doesn't happen...
Quote:
__________________
Avira free-Privatefirewall-Sandboxie-WinPatrol Plus-Wondershare TimeFreeze |
|
#6
August 11th, 2012, 11:17 AM
|
|||
|
|||
|
Re: CTM 2.9 bootkit MBR FP?
Quote:
WHAT  Yes you can use it on win-7 64bit. I am using it for a long time. Also yes the 2.8 gives some failed windows message but 2.9 beta works fine and installs well. You can use it on 64bit fine as I have it now.Also the false positive is true with both CTM and rollback rx. They give FP in hitman and kaspersky and also emsisoft antimalware. SO white list them. |
|
#7
August 11th, 2012, 01:22 PM
|
|||
|
|||
|
Re: CTM 2.9 bootkit MBR FP?
I suspect the reason why all those programs didn't detect the False Positive is because their definitions were updated to include the known 2.8 versions software - the 2.9 versions definitions were probably not updated yet.
Glad to hear someone used CTM for 2 years without problems.. it always crashed my system hard after a week or so with no chance at recovery but a windows reinstall. I'm looking forward to the new 3.0 if it ever gets finished to try it again. BTW, RollBack RX crashed my system in the same exact way CTM did, and they are really dragging their feet on a new version. |
|
#8
August 11th, 2012, 07:00 PM
|
||||
|
||||
|
Re: CTM 2.9 bootkit MBR FP?
Ok,now the proof that it's a FP.Uninstalled CTM for disk defrag and Hitman pro doesn't detect the bootkit anymore.
__________________
Avira free-Privatefirewall-Sandboxie-WinPatrol Plus-Wondershare TimeFreeze |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
