How do I isolate a USB stick which has a malware virus on SandBoxie?[SOLVED]

If it's not about a problem in the program
Post Reply
ARazvan
Posts: 2
Joined: Tue Dec 25, 2018 6:08 pm

How do I isolate a USB stick which has a malware virus on SandBoxie?[SOLVED]

Post by ARazvan » Tue Dec 25, 2018 6:11 pm

I have an old 16gb USB stick with important data that has a malware virus on it. I don't want to infect the PC.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2858
Joined: Mon Nov 07, 2016 3:10 pm

Re: How do I isolate a USB stick which has a malware virus on SandBoxie?

Post by Barb@Invincea » Thu Dec 27, 2018 10:04 am

Hi ARazvan,

Please, have a look at these:
viewtopic.php?t=9819
viewtopic.php?t=2322
viewtopic.php?t=18645
viewtopic.php?t=5922
viewtopic.php?t=7752

You should also consider ForceFolders and Restriction settings:
https://www.sandboxie.com/ForceFolder
https://www.sandboxie.com/RestrictionsSettings

To see all the help topics:
https://www.sandboxie.com/HelpTopics

Keep in mind that when dealing with malware, you are proceeding at you own discretion.

Regards,
Barb.-

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2876
Joined: Wed Apr 22, 2009 9:17 pm

Re: How do I isolate a USB stick which has a malware virus on SandBoxie?

Post by bo.elam » Thu Dec 27, 2018 5:22 pm

ARazvan wrote:
Tue Dec 25, 2018 6:11 pm
I have an old 16gb USB stick with important data that has a malware virus on it. I don't want to infect the PC.
Hi ARazvan. Personally, if I knew a USB drive had malware, I would rather not open it and trow it away but if I had to, and as you, wanted to recuperate important data, this is what I would do.

The best way would be to have a licensed Sandboxie and set up your USB drives as Forced folders, that way they would open up and run sandboxed automatically when a flash drive is plugged. And if you restrict the sandbox as described below, its pretty easy and safe to do what you want to do.

Open Sandbox settings, and in Restrictions window, set up the sandbox in a way that no program can have access to the internet. In the Internet restriction tab, there is the option there to forbid all programs from accessing the internet. For Start/Run, only allow explore.exe and rundll32.exe. That way, only this exes can run.

If you are using Sandboxies free version, Then I would set up the sandbox forbidding all programs from accessing the internet (as described above). I would use the default sandbox and use Windows explorer to access the flash drive. You can easily run Windows explorer in the defaultbox from Sandboxies folder in Windows Start menu. And make sure auto run is not enabled. After you plug in the flash drive, navigate to the USB folder via the sandboxed Windows explorer, get what you want and get out.

With the paid version you could restrict things even more. If you add ARazvan.exe in the Start/Run restrictions tab, only non existent ARazvan.exe would be allowed to run in your USB drives sandbox. That would work as forbidding all programs from running. So, no program can run or have access to the internet when you browse the USB folder, that's the protection you can have with Sandboxie. You cant do this with the free version because you need Windows explorer running sandboxed while browsing files in the infected USB drive.

Bo

ARazvan
Posts: 2
Joined: Tue Dec 25, 2018 6:08 pm

Re: How do I isolate a USB stick which has a malware virus on SandBoxie?

Post by ARazvan » Wed Jan 02, 2019 1:15 pm

explore.exe or explorer.exe?

MERGED POST
How do I set autorun for Windows explorer in SandBoxie? Also, how do I force a letter on the USB? Can't I just browse the USB stick like you have told me?

Thank you in advance. I appreciate the effort.

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2876
Joined: Wed Apr 22, 2009 9:17 pm

Re: How do I isolate a USB stick which has a malware virus on SandBoxie?

Post by bo.elam » Wed Jan 02, 2019 5:15 pm

ARazvan wrote:
Wed Jan 02, 2019 1:15 pm
explore.exe or explorer.exe?

MERGED POST
How do I set autorun for Windows explorer in SandBoxie? Also, how do I force a letter on the USB? Can't I just browse the USB stick like you have told me?

Thank you in advance. I appreciate the effort.
Hi ARazvan, I meant explorer.exe.

Sounds like you have the paid version, if so, do it as I described in the last paragraph of my earlier post. 1. Create a new sandbox and name it USB, 2. Add ARazvan.exe in the Start/Run restrictions tab, that way only non existent ARazvan.exe would be allowed to run in your USB drives sandbox, 3. Plug the flash drive, you ll get a Sandboxie message telling you eplorer.exe cant run, 4. After you close the message and terminate programs, navigate to the USB folder using a non sandboxed Windows explorer, to recover what you want.

The way things are set, if something attempts to run or if by mistake you click on something, it will not run.

Autorun? I meant in Windows. But now, you can forget about that. How to force a letter? In my W7 and W10, one letter covers all my USB drives. What I do is, plug a flash drive, after that the USB folder appears in Sandbox settings, then you can add it via: Sandbox settings>Program start>Forced folder, Click Add folder, navigate to it to add it. If your computer is like mine were one letter covers all USB drives, then just plug another USB drive and do as I do. But if your computer uses more than one letter for USB drives, them you might want to add them manually to Sandbox settings. Use this line below, change the letter for each drive and add the setting under your USB drive settings in your configuration file.

ForceFolder=E:\

After you add the settings manually, they should look like mine. Look at picture below.

Bo
Attachments
Sin título.jpg
Sin título.jpg (84.95 KiB) Viewed 136 times

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests