Hotkeys

Ideas for enhancements to the software
Post Reply
Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Hotkeys

Post by Oneder » Mon Dec 27, 2010 11:21 pm

Built in dedicated Hotkeys that can't be circumvented to the terminate command would be of help against some ransom/screenlockers type malware.

I know they are contained but hotkeys could save a reset.
Hunting the Hunter!

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Tue Dec 28, 2010 3:00 am

I support this feature request.

ssj100
Posts: 945
Joined: Thu Apr 23, 2009 1:21 am
Contact:

Post by ssj100 » Tue Dec 28, 2010 4:20 am

Sounds good to me too.
Sandboxie + SUA + DEP
Windows Firewall + NAT Router
Drive SnapShot (on-demand)

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Dec 28, 2010 6:24 am

I explained the problem at the bottom of this post:

http://www.sandboxie.com/phpbb/viewtopic.php?t=9338

I've not fixed that yet, but what I described there is going to be the approach that I will take to deal with this issue.
tzuk

Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Post by Oneder » Wed Dec 29, 2010 12:21 am

Ok thanks tzuk.

For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open.

Thanks to majoMo wilders.

Code: Select all

::30=30 sec.
@echo off
:START
ping 127.0.0.1 -n 30 > nul
start "" "C:\Program Files\Sandboxie\Start.exe" /box:DefaultBox /terminate
GOTO START 
Hunting the Hunter!

soccerfan
Posts: 440
Joined: Tue Sep 25, 2007 2:59 pm

Post by soccerfan » Wed Dec 29, 2010 8:44 am

Oneder wrote:For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open.[/code]
Thanks Oneder. In a followup post in that thread http://www.wilderssecurity.com/showpost ... ostcount=6 Franklin says:
I was using WinHotKey here but some of these new Ransom/Winlock/Screenlockers lock everything up where hotkeys just won't work whereas the batchfile, which has to be running before executing the malware, works a treat.
The batchflie must be already running before executing the malware.
This may be nice for those testing malware (not me!) :wink:
soccerfan

Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Post by Oneder » Wed Dec 29, 2010 10:02 am

soccerfan wrote: The batchflie must be already running before executing the malware.
This may be nice for those testing malware (not me!) :wink:
Franklin and I are always testing malware so the batch works a treat in not having to reset with these screenlockers. :wink:

On my XP VM's where I'm not using SB I point the batch to RogueKiller.

Yes you can use Task scheduler to run a normal terminate bat but minimum wait to execute is a minute.
Hunting the Hunter!

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Wed Dec 29, 2010 11:14 am

I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.

Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Post by Oneder » Wed Dec 29, 2010 7:34 pm

Buster wrote:I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.
Sounds good buster, wouldn't mind a look at it if OK by you.
Hunting the Hunter!

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Thu Dec 30, 2010 3:16 am

Oneder wrote:Sounds good buster, wouldn't mind a look at it if OK by you.
The program, named Extractor, is used to extract contents from all kind of packed files: archives, setups, embedded files, etc.

It supports: 7z, ZIP, GZIP, BZIP2, TAR, RAR, CAB, ISO, ARJ, LZH, CHM, Z, CPIO, RPM, DEB, NSIS, ACE, EML, Inno Setup, Microsoft SZDD, Microsoft TNEF, RTF, Gentee, Setup Factory, RapSFX, Thraex´s Astrum InstallWizard, SEA, Instyler, BInstall, Cexe, Quick Batch File Compiler, WScript, Smart Install Maker, Stubbie SFX Extractor, ARC, ZOO, SIS and virtually any executable compressed file format.

I can show you a screenshot of the project:

Image

Extractor is an improved version of Universal Extractor: http://legroom.net/software/uniextract

In fact I started coding Extractor in 2007 because I was not satified with UE. Right now Extractor is the best program of its kind (there are not many of them :wink: ). It´s able to automatize many setups even. That means contents get extracted without any user intervention because the program automatically clicks on "Next" button.

Here you can see some statistics:

Image

Oneder
Posts: 364
Joined: Tue Aug 30, 2005 8:19 am
Location: Perth,West Oz

Post by Oneder » Thu Dec 30, 2010 6:37 am

Excellent Buster. Will give it a whirl in a little while. 8)
Hunting the Hunter!

soccerfan
Posts: 440
Joined: Tue Sep 25, 2007 2:59 pm

Post by soccerfan » Thu Dec 30, 2010 7:29 am

Buster wrote:Extractor is an improved version of Universal Extractor:...
In fact I started coding Extractor in 2007 because I was not satified with UE...
Wow. I have been using uniextract for quite a while but your Extractor even wraps it all in sandboxie. :lol:
Buster, do you have any plans of a public release (or a contributed utility)?
soccerfan

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Thu Dec 30, 2010 7:33 am

soccerfan wrote:Wow. I have been using uniextract for quite a while but your Extractor even wraps it all in sandboxie. :lol:
Well, Extractor uses a combination of 7Zip, Sandboxie and other custom extraction procedures.

As you can see in the statistics, 7Zip does the job most of the time and Sandboxie usually does the rest.
soccerfan wrote:Buster, do you have any plans of a public release (or a contributed utility)?
No, I don´t have plans of releasing this tool.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests