Trust No Program

Has Sandboxie caught a Virus/Malware?

If it doesn't fit elsewhere, it goes here

Has Sandboxie caught a Virus/Malware?

Postby exus69 » Mon May 02, 2011 11:25 am

Hello,

I've allowed only certain programs to access the internet in
Sandboxie settings for eg. yahoo msngr, firefox, etc.

I came across an exe file in my D drive which had a Notepad icon!!!
Getting suspicious when I opened the file as Sandboxed I got
the following messages from Sandboxie:

SBIE1215 Cannot resolve path to process image [C0000005 / 88]
SBIE1214 Cannot inject SbieDll [C0000005 / 11]
SBIE1215 Cannot resolve path to process image [C0000005 / 88]
SBIE1214 Cannot inject SbieDll [C0000005 / 11]
SBIE1307 Program 'dwwin.exe' cannot access the Internet due to restrictions

After getting these message that exe showed an error message
whether to send or not send the error report to Microsoft.

My fully updated Norton Internet Security 2011 did not detect any virus/malware
in this file.

I think this might be a virus/malware. What do you think?

Please comment
exus69
 
Posts: 62
Joined: Mon Apr 25, 2011 6:09 am

Postby SnDPhoenix » Mon May 02, 2011 2:20 pm

Hmm, to me it looks like it caught a virus! :D
From the messages, it seems the file might have tried to inject itself into another process, failed and so the file crashed, which launched Dr Watson (dwwin) asking if you would like to report it?

Upload the file to virustotal.com and see what the results are! ;)
SnDPhoenix
 
Posts: 2690
Joined: Tue Dec 26, 2006 11:44 pm
Location: West Florida

Postby tzuk » Mon May 02, 2011 7:19 pm

I agree, it's probably a virus. Don't worry about the error messages -- they just mean something is not right with the EXE file and Sandboxie could not run the program in the sandbox. It certainly doesn't mean the EXE file got out of the sandbox.
tzuk
tzuk
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby exus69 » Tue May 03, 2011 4:50 am

Thanks for the quick replies :)
exus69
 
Posts: 62
Joined: Mon Apr 25, 2011 6:09 am

SANDBOXIE VIRUS

Postby MARBORO » Tue Jan 31, 2012 4:32 am

Hello,

I updated Sandboxie 3.54 yesterday and caught a horrific virus.

It installed something called SpywareDoctor and something about Cyber ... something
and tried to connect out on 209.xxx.xxx.xxx.

I'm having the HDD professionally analyzed now. It ripped the whole OS apart.

Had I not been using XP and Kerio 2.1.5, I would have never caught it trying to
connect out masquerading as Internet Explorer. I pity Windows 7 users who really
have no proper outbound control of IP ADDRESSES!!
MARBORO
 

Postby D1G1T@L » Tue Jan 31, 2012 5:05 am

The probable scenario is that you failed to use Sandboxie correctly ie. running a file that appeared "clean" outside the sandbox. Other reasons include: Your system was infected before using Sandboxie and you've managed to discover this only now, also you may have been infected through other vectors that were not protected such as an infected USB. Before making such bold claims, re-assess your security approach and try to find out where you went wrong.

Absent any sample files or urls of this malware attack, no reasonable person would believe or act upon what you've written.
One Program to rule them all, One Program to confine them, One Program to wrest them all and in the sandbox bind them.
D1G1T@L
 
Posts: 577
Joined: Mon Apr 18, 2011 12:40 am
Location: DefaultBox


Return to Anything Else

Who is online

Users browsing this forum: No registered users and 1 guest