Unable to delete contents, object in use

Please post your problem description here

Moderator: Barb@Invincea

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Unable to delete contents, object in use

Post by captnamerca » Sat Oct 15, 2016 9:45 pm

Sandboxie version 5.14
Windows 10
Running Firefox 49.0.1
AV/AM programs: MalwareBytes Anti-Malware Premium, Avira AV

After using Sandboxie with this setup for about 6 months, I now get an error when trying to delete the contents of a sandbox (also see attached):

"Could not move the sandbox folder out of the way The object (file or folder) may be in use by another program. Close any applications or windows that may prevent the access. System Error Code: Access is denied (5)"

I've done some Googling, and searched this forum. I first tried rebooting. Not effective.
I tried to "unlock" the Sandbox folder itself using MB's FileAssassin unlocker program. It was unable to find the folder (see attachment).

I tried to manually delete the contents of the sandbox, and I was able to clear out all the files in the quick recovery folders, and the AppData. All that is left is a few files called desktop.ini, RegHive, RegHive.LOG1, RegHive{long string of digits}.regtrans-ms (see attachment)

I'm not sure what options are left? Any ideas?
Thank you for your time.
Attachments
Sandboxie Error3.PNG
Error from Malwarebytes' FileASSASSIN, where it could not find the DefaultBox folder to unlock nor delete
Sandboxie Error3.PNG (4.94 KiB) Viewed 2206 times
Sandboxie Error2.PNG
Sandboxie Screenshot of files left in DefaultBox. All others were manually deleted in Windows File Explorer
Sandboxie Error2.PNG (39.03 KiB) Viewed 2206 times
Sandboxie Error.PNG
Original error from attempt to delete contents of DefaultBox
Sandboxie Error.PNG (10.74 KiB) Viewed 2206 times

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 621
Joined: Fri Nov 13, 2015 4:11 pm

Re: Unable to delete contents, object in use

Post by Syrinx » Mon Oct 17, 2016 1:10 pm

http://forums.sandboxie.com/phpBB3/view ... 84#p123790
You could try running Procexplorer
On the menu > Find > Find handle or dll then give it the path of the sandbox (eg C:\Sandbox or whatever your path is) you can't delete and see what has something opened there?

You could also try regedit and navigate to HKEY_USERS\ and see if any Sandbox_ entries related to the box that won't delete is open there and try to unload them (after the box is closed) by selecting the proper Sandbox_ entry and going to the menu > File > Unload Hive... .
A reboot [shutdown may not be enough on 10 with fast startup enabled as it's a form of hibernation instead of a clean boot] should ensure they are not mounted though so if they still can't be deleted after that then something else is likely at play (likely a 3rd party AV/security).
https://www.ntlite.com

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Mon Oct 17, 2016 8:45 pm

I ran Process Explorer, but there doesn't seem to be anything running.
Sandboxie Error4.PNG
Process Explorer
Sandboxie Error4.PNG (5.98 KiB) Viewed 2188 times
I ran Registry Editor, and there are a whole bunch of subfolders under my DefaultBox sandbox. I do not know where to start. I've never messed with the Registry before, so I wouldn't recognize a problem if I saw it.

Sandboxie Error5.PNG
Registry Editor - lots of stuff here. Don't have any experience with this.
Sandboxie Error5.PNG (38.46 KiB) Viewed 2188 times

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 621
Joined: Fri Nov 13, 2015 4:11 pm

Re: Unable to delete contents, object in use

Post by Syrinx » Mon Oct 17, 2016 9:37 pm

hmm, it shouldn't be locked if there aren't any handles. The picture you showed has the reg entry added though so it's mounted and so the Sandbox seems to be active at the time you took the picture? Was it?

Let's try it this way. Close everything that is running in sandboxie. Rename the folder followed a reboot. After boot up attempt to delete the renamed folder.
https://www.ntlite.com

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Mon Oct 17, 2016 10:41 pm

The sandbox was not active, as far as I can tell. I mostly browse with it, occasionally File Explorer opens sandboxed. Those applications were terminated. Everything that is actively running has been terminated. Again, as far as I can tell. I suspect there is a background process running or using Sandboxie that I just haven't seen, but I'm not an expert detective in these matters. I keep getting this notice everyday:
Sandboxie Error6.PNG
Sandboxie Error6.PNG (11.33 KiB) Viewed 2182 times
I can't rename the sandbox, because it is still in use somewhere.
Sandboxie Error7.PNG
Sandboxie Error7.PNG (3.09 KiB) Viewed 2182 times
I went into File Explorer and just attempted to delete all the contents. There is only one file left preventing a full delete:
Sandboxie Error8.PNG
Sandboxie Error8.PNG (9 KiB) Viewed 2182 times
Don't know what to do with it though. Can't tell what is using it.

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 621
Joined: Fri Nov 13, 2015 4:11 pm

Re: Unable to delete contents, object in use

Post by Syrinx » Tue Oct 18, 2016 2:47 am

Thanks for checking at least, yes I can duplicate the folder rename failure while the reghive is opened. I was able to rename the Reghive itself though, odd.

At this point I'd suggest just right clicking on the Sandboxie Icon in the notification area, selecting 'Terminate all programs' then try clearing/deleting the box again. If that doesn't do it we may need to get a list of running processes or a procmon log to continue. Something has it opened and if it's not SBIE then we need to figure out what and close/stop it before you can delete the box properly.

Another option might be booting into safe mode and deleting the folder manually?
https://www.ntlite.com

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Tue Oct 18, 2016 10:09 am

The problem is on my home PC, and I can't access it at work, but I will try to Terminate Programs, and delete contents again when I can get to it.

I'll also try File Assassin on the RegHive file itself. Before, I was attempting to unlock the entire DefaultBox folder. I may have better luck trying to unlock/delete an actual file.

If that does not work, what is the most useful screenshot of running processes?

Booting into Safe Mode and manually deleting might work. I'd prefer that to be an option of last resort, and try to figure out what program is keeping this file locked or in use. I don't want to have a recurring problem, and this is honestly a good learning experience for me. I like learning how all these things work. I think of a computer like a car - the more you know about it, the better you can keep it running. I appreciate your patience and your suggestions.

Guest10
Posts: 5134
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Unable to delete contents, object in use

Post by Guest10 » Tue Oct 18, 2016 12:54 pm

While Sandboxie Control's tray icon does NOT show any red dots in it, run regedit again.

Click on "Sandbox_John_DefaultBox" in the regedit window, then while only that one item is selected, click File > Unload Hive > click Yes to "unload the current key and ..."

Then Delete Contents of the sandbox.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Firefox, Thunderbird
Sandboxie user since March 2007

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Tue Oct 18, 2016 8:41 pm

First thing I attempted was to use File Assassin to unlock or delete the RegHive file itself. No luck. Got this message box from Sandboxie, then the standard "cannot delete file while in use...."
Sandboxie Error10.PNG
Sandboxie Error10.PNG (13.74 KiB) Viewed 2141 times
Syrinx wrote:Thanks for checking at least, yes I can duplicate the folder rename failure while the reghive is opened. I was able to rename the Reghive itself though, odd.

At this point I'd suggest just right clicking on the Sandboxie Icon in the notification area, selecting 'Terminate all programs' then try clearing/deleting the box again. If that doesn't do it we may need to get a list of running processes or a procmon log to continue. Something has it opened and if it's not SBIE then we need to figure out what and close/stop it before you can delete the box properly.

Another option might be booting into safe mode and deleting the folder manually?
Next, I tried another round of terminating all programs, then delete contents. Still unable to delete that pesky RegHive file.
Guest10 wrote:While Sandboxie Control's tray icon does NOT show any red dots in it, run regedit again.

Click on "Sandbox_John_DefaultBox" in the regedit window, then while only that one item is selected, click File > Unload Hive > click Yes to "unload the current key and ..."

Then Delete Contents of the sandbox.
I opened Registry Editor, and clicked on the folder Sandbox_John_DefaultBox. I assume you meant the folder, and not the object in the folder called (Default) with type: REG_SZ.
Sandboxie Error12.PNG
Sandboxie Error12.PNG (21.87 KiB) Viewed 2141 times
Tried to "Unload Hive", but got this error:
Sandboxie Error11.PNG
Sandboxie Error11.PNG (5.02 KiB) Viewed 2141 times
Still can't seem to budge that file out.

What will allow me to view whatever process is accessing that file?

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2863
Joined: Wed Apr 22, 2009 9:17 pm

Re: Unable to delete contents, object in use

Post by bo.elam » Tue Oct 18, 2016 10:12 pm

captnamerca wrote:First thing I attempted was to use File Assassin to unlock or delete the RegHive file itself. No luck. Got this message box from Sandboxie,.....
You need to run File assassin unsandboxed.

Bo

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Wed Oct 19, 2016 8:59 pm

bo.elam wrote:
captnamerca wrote:First thing I attempted was to use File Assassin to unlock or delete the RegHive file itself. No luck. Got this message box from Sandboxie,.....
You need to run File assassin unsandboxed.

Bo
I don't think File Assassin was executed sandboxed. I didn't specifically run it as a sandboxed program, and it doesn't have a yellow border, or the hashtags when it starts.
Sandboxie Error14.PNG
Sandboxie Error14.PNG (128.44 KiB) Viewed 2111 times
The only time that it appears to be running in the sandbox, is when I right-click on the RegHive File, and select "Delete/Unlock File Using FileASSASSIN". Then I get the typical Sandboxie yellow-bordered window, then failure notice.
Sandboxie Error15.PNG
Sandboxie Error15.PNG (158.07 KiB) Viewed 2111 times
Sandboxie Error10.PNG
Sandboxie Error10.PNG (13.74 KiB) Viewed 2111 times


Maybe this FileASSASSIN is not working. I only used it because it came with my paid MBAM. I'd try another program if anyone knew one that works on Windows 10. Unlocker does not.

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2863
Joined: Wed Apr 22, 2009 9:17 pm

Re: Unable to delete contents, object in use

Post by bo.elam » Thu Oct 20, 2016 1:43 am

captnamerca wrote: I don't think File Assassin was executed sandboxed. I didn't specifically run it as a sandboxed program, and it doesn't have a yellow border, or the hashtags when it starts.

The only time that it appears to be running in the sandbox, is when I right-click on the RegHive File, and select "Delete/Unlock File Using FileASSASSIN". Then I get the typical Sandboxie yellow-bordered window, then failure notice.
I am thinking it ran sandboxed because you are getting Sandboxie messages. If File assassin is not running sandboxed, you shouldn't get SBIE messages like you got.

I am not familiar with FA but one of the pictures you just posted does show FA with the yellow border. That means its running sandboxed.

Bo

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Thu Oct 20, 2016 7:23 am

bo.elam wrote:
captnamerca wrote: I don't think File Assassin was executed sandboxed. I didn't specifically run it as a sandboxed program, and it doesn't have a yellow border, or the hashtags when it starts.

The only time that it appears to be running in the sandbox, is when I right-click on the RegHive File, and select "Delete/Unlock File Using FileASSASSIN". Then I get the typical Sandboxie yellow-bordered window, then failure notice.
I am thinking it ran sandboxed because you are getting Sandboxie messages. If File assassin is not running sandboxed, you shouldn't get SBIE messages like you got.

I am not familiar with FA but one of the pictures you just posted does show FA with the yellow border. That means its running sandboxed.

Bo
You are correct, and I see it too. The attempt to unlock/delete using FA produces Sandboxie errors, but it is odd because the yellow bordered box only appears when I attempt to unlock/delete a file in a sandbox. I tried to unlock other folders that are not in a sandbox, and none of the message boxes look like sandboxed programs, i.e. no yellow borders, no hashtags in the program title, no problem unlocking.

Today I will try to research another program that will unlock or delete locked folders, that also works on Windows 10. Maybe I can get them to at least run their program on a file in a sandbox, without actually being sandboxed themselves.

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1660
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Unable to delete contents, object in use

Post by Curt@invincea » Thu Oct 20, 2016 5:46 pm

It is not difficult to tell what is running in Sbie. SbieCtrl shows all processes running in the sandbox. You can also use "Is Window Sandboxed?" off the File menu to see if a window is sandboxed.

captnamerca
Posts: 16
Joined: Sat Feb 13, 2016 9:43 am

Re: Unable to delete contents, object in use

Post by captnamerca » Thu Oct 20, 2016 9:08 pm

Curt@invincea wrote:It is not difficult to tell what is running in Sbie. SbieCtrl shows all processes running in the sandbox. You can also use "Is Window Sandboxed?" off the File menu to see if a window is sandboxed.
You're right, using the "Is Window Sandboxed?" tool does show if the app is running in a sandbox. Also, just opening the window shows everything that's running sandboxed.

Here's the weird part (to me, anyway):

Startup FileAssassin = Not Sandboxed
Sandboxie Error19.PNG
Start FileAssassin app = not sandboxed
Sandboxie Error19.PNG (60.39 KiB) Viewed 2075 times
Select file in FA's window = Not Sandboxed
Sandboxie Error20.PNG
Select file = not sandboxed
Sandboxie Error20.PNG (84.85 KiB) Viewed 2075 times
Right-click file, select Unlock or Delete File Using FileASSASSIN = Sandboxed
Sandboxie Error21.PNG
try to perform actions = sandboxed
Sandboxie Error21.PNG (166.01 KiB) Viewed 2075 times

Post Reply

Who is online

Users browsing this forum: Majestic-12 [Bot] and 17 guests