Has Sandboxie caught a Virus/Malware?

If it doesn't fit elsewhere, it goes here
Post Reply
Posts: 62
Joined: Mon Apr 25, 2011 6:09 am

Has Sandboxie caught a Virus/Malware?

Post by exus69 » Mon May 02, 2011 11:25 am


I've allowed only certain programs to access the internet in
Sandboxie settings for eg. yahoo msngr, firefox, etc.

I came across an exe file in my D drive which had a Notepad icon!!!
Getting suspicious when I opened the file as Sandboxed I got
the following messages from Sandboxie:

SBIE1215 Cannot resolve path to process image [C0000005 / 88]
SBIE1214 Cannot inject SbieDll [C0000005 / 11]
SBIE1215 Cannot resolve path to process image [C0000005 / 88]
SBIE1214 Cannot inject SbieDll [C0000005 / 11]
SBIE1307 Program 'dwwin.exe' cannot access the Internet due to restrictions

After getting these message that exe showed an error message
whether to send or not send the error report to Microsoft.

My fully updated Norton Internet Security 2011 did not detect any virus/malware
in this file.

I think this might be a virus/malware. What do you think?

Please comment

Posts: 2690
Joined: Tue Dec 26, 2006 11:44 pm
Location: West Florida

Post by SnDPhoenix » Mon May 02, 2011 2:20 pm

Hmm, to me it looks like it caught a virus! :D
From the messages, it seems the file might have tried to inject itself into another process, failed and so the file crashed, which launched Dr Watson (dwwin) asking if you would like to report it?

Upload the file to virustotal.com and see what the results are! ;)

Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Mon May 02, 2011 7:19 pm

I agree, it's probably a virus. Don't worry about the error messages -- they just mean something is not right with the EXE file and Sandboxie could not run the program in the sandbox. It certainly doesn't mean the EXE file got out of the sandbox.

Posts: 62
Joined: Mon Apr 25, 2011 6:09 am

Post by exus69 » Tue May 03, 2011 4:50 am

Thanks for the quick replies :)



Post by MARBORO » Tue Jan 31, 2012 4:32 am


I updated Sandboxie 3.54 yesterday and caught a horrific virus.

It installed something called SpywareDoctor and something about Cyber ... something
and tried to connect out on 209.xxx.xxx.xxx.

I'm having the HDD professionally analyzed now. It ripped the whole OS apart.

Had I not been using XP and Kerio 2.1.5, I would have never caught it trying to
connect out masquerading as Internet Explorer. I pity Windows 7 users who really
have no proper outbound control of IP ADDRESSES!!

Posts: 577
Joined: Mon Apr 18, 2011 12:40 am
Location: DefaultBox

Post by D1G1T@L » Tue Jan 31, 2012 5:05 am

The probable scenario is that you failed to use Sandboxie correctly ie. running a file that appeared "clean" outside the sandbox. Other reasons include: Your system was infected before using Sandboxie and you've managed to discover this only now, also you may have been infected through other vectors that were not protected such as an infected USB. Before making such bold claims, re-assess your security approach and try to find out where you went wrong.

Absent any sample files or urls of this malware attack, no reasonable person would believe or act upon what you've written.
One Program to rule them all, One Program to confine them, One Program to wrest them all and in the sandbox bind them.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests