CTM 2.9 bootkit MBR FP?

Discussion in 'backup, imaging & disk mgmt' started by JoeBlack40, Aug 10, 2012.

Thread Status:
Not open for further replies.
  1. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Few days ago i bought a new laptop and i installed on it CTM as it is part of my security.On my other laptop,CTM 2.8 version works flawlessly for over 2 years now.But on the new one,the 2.8 version doesn't work,it won't install,it gave that "couldn't find the operating system" error.Searched a little on their forum and decided to install the 2.9 beta version.This one installed fine,but...when i scanned yesterday with Hitman pro,a bootkit MBR warning was detected.After that,i scanned with:
    Kaspersky TDSS killer-clean (3 suspicious drivers from CTM,but these 3 are flagged in the 2.8 version too,no big deal)
    BitDefender Antibootkit Tool-clean
    Eset Online Scanner-clean
    MBAM-clean
    SAS-clean
    Emsisoft Toolkit-suspicious MBR rootkit
    GMER-possible MBR rootkit.
    I want to mention the fact that on the laptop with CTM 2.8 version,these detections doesn't exist.So my question is...anyone using the 2.9 beta version and facing these detections?I suppose they're FP...or not...?
    Thanks guys for your replies.
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    It's a FP,no cause for concern.Anything that modifies the MBR is always likely to trigger a FP unless specifically whitelisted.
     
  3. Jim1cor13

    Jim1cor13 Registered Member

    Joined:
    Aug 4, 2012
    Posts:
    453
    Location:
    US
    Thank you andy, I was thinking the same thing. Generally this is common with anything that lodges itself within the MBR such as a program like CTM, and it may handle that differently than say RollbackRX, etc., but they all still embed within the MBR.

    It is good though that Joe mentioned this, but I am sure it is a FP.
     
  4. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    What operating system? Just curious as you stated new. I love CTM but as far as I know can't use on 64 bit W7.
     
  5. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Thank you guys,yes,we could say that it's a FP.Just wondering why with the 2.8 version this doesn't happen...
    Windows 7 Ultimate x32.
     
  6. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    WHATo_O Yes you can use it on win-7 64bit. I am using it for a long time. Also yes the 2.8 gives some failed windows message but 2.9 beta works fine and installs well. You can use it on 64bit fine as I have it now.

    Also the false positive is true with both CTM and rollback rx. They give FP in hitman and kaspersky and also emsisoft antimalware. SO white list them.
     
  7. DarkPhoenix

    DarkPhoenix Registered Member

    Joined:
    Dec 1, 2010
    Posts:
    87
    I suspect the reason why all those programs didn't detect the False Positive is because their definitions were updated to include the known 2.8 versions software - the 2.9 versions definitions were probably not updated yet.

    Glad to hear someone used CTM for 2 years without problems.. it always crashed my system hard after a week or so with no chance at recovery but a windows reinstall. I'm looking forward to the new 3.0 if it ever gets finished to try it again. BTW, RollBack RX crashed my system in the same exact way CTM did, and they are really dragging their feet on a new version.
     
  8. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Ok,now the proof that it's a FP.Uninstalled CTM for disk defrag and Hitman pro doesn't detect the bootkit anymore.:thumb:
     
Thread Status:
Not open for further replies.