 |
 | Has Sandboxie caught a Virus/Malware? |  |
|
exus69
|
|
Hello,
I've allowed only certain programs to access the internet in Sandboxie settings for eg. yahoo msngr, firefox, etc. I came across an exe file in my D drive which had a Notepad icon!!! Getting suspicious when I opened the file as Sandboxed I got the following messages from Sandboxie: SBIE1215 Cannot resolve path to process image [C0000005 / 88] SBIE1214 Cannot inject SbieDll [C0000005 / 11] SBIE1215 Cannot resolve path to process image [C0000005 / 88] SBIE1214 Cannot inject SbieDll [C0000005 / 11] SBIE1307 Program 'dwwin.exe' cannot access the Internet due to restrictions After getting these message that exe showed an error message whether to send or not send the error report to Microsoft. My fully updated Norton Internet Security 2011 did not detect any virus/malware in this file. I think this might be a virus/malware. What do you think? Please comment |
|||||||||||
|
|||||||||||||
 |
| |
|
SnDPhoenix
|
|
Hmm, to me it looks like it caught a virus!
From the messages, it seems the file might have tried to inject itself into another process, failed and so the file crashed, which launched Dr Watson (dwwin) asking if you would like to report it? Upload the file to virustotal.com and see what the results are!  |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
I agree, it's probably a virus. Don't worry about the error messages -- they just mean something is not right with the EXE file and Sandboxie could not run the program in the sandbox. It certainly doesn't mean the EXE file got out of the sandbox.
|
|||||||||||
|
_________________ tzuk
|
|||||||||||||
|
| |
|
exus69
|
|
Thanks for the quick replies
 |
|||||||||||
|
|||||||||||||
|
| SANDBOXIE VIRUS | |
|
MARBORO
Guest
|
|
Hello,
I updated Sandboxie 3.54 yesterday and caught a horrific virus. It installed something called SpywareDoctor and something about Cyber ... something and tried to connect out on 209.xxx.xxx.xxx. I'm having the HDD professionally analyzed now. It ripped the whole OS apart. Had I not been using XP and Kerio 2.1.5, I would have never caught it trying to connect out masquerading as Internet Explorer. I pity Windows 7 users who really have no proper outbound control of IP ADDRESSES!! |
|||||||||||
|
|||||||||||||
|
| |
|
D1G1T@L
|
|
The probable scenario is that you failed to use Sandboxie correctly ie. running a file that appeared "clean" outside the sandbox. Other reasons include: Your system was infected before using Sandboxie and you've managed to discover this only now, also you may have been infected through other vectors that were not protected such as an infected USB. Before making such bold claims, re-assess your security approach and try to find out where you went wrong.
Absent any sample files or urls of this malware attack, no reasonable person would believe or act upon what you've written. |
|||||||||||
|
_________________ One Program to rule them all, One Program to confine them, One Program to wrest them all and in the sandbox bind them.
|
|||||||||||||
|
 | Has Sandboxie caught a Virus/Malware? | |
|
||
Use the RSS feed to watch this topic for replies |
|
|