 |
|
Julian
| Joined: 09 Aug 2009 |
| Posts: 170 |
|
|
|
 Posted: Wed Jan 27, 2010 4:03 pm |
|
 |
 |
|
|
I found a malware that creates an executable outside of the sandbox ("C:\Program Files\AVP.exe"). Very critical. 
Shall I send the link to you via PM, tzuk? |
|
|
|
tzuk
| Joined: 22 Jun 2004 |
| Posts: 15003 |
|
|
|
| Posted: Wed Jan 27, 2010 5:22 pm |
|
|
|
|
|
Julian and nick, regarding Chrome: do you use the ActiveX installer perhaps? Have you tried the "direct link" EXE installer? And regarding your other problems, haven't had a chance to look into that yet, but I will.
And for the malware, Julian, you can send a PM, or just post it here, as you prefer.
|
|
_________________
tzuk
|
 |
 | |  |
|
Julian
| Joined: 09 Aug 2009 |
| Posts: 170 |
|
|
|
| Posted: Wed Jan 27, 2010 5:33 pm |
|
|
|
|
|
| tzuk wrote: |
Julian and nick, regarding Chrome: do you use the ActiveX installer perhaps? Have you tried the "direct link" EXE installer? And regarding your other problems, haven't had a chance to look into that yet, but I will.
|
I hope this link works for you:
http://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B7FD13CCD-DACA-B256-AD1B-DCE9D0F7B3E5%7D%26lang%3Dde%26browser%3D3%26usagestats%3D1%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse/update2/installers/ChromeSetup.exe
Is this the EXE installer you mean?
| tzuk wrote: |
And for the malware, Julian, you can send a PM, or just post it here, as you prefer. |
PW: "infected" |
|
|
|
| | |
|
_try_
Guest
|
|
| Posted: Wed Jan 27, 2010 9:10 pm |
|
|
|
|
|
| Julian wrote: |
I found a malware that creates an executable outside of the sandbox ("C:\Program Files\AVP.exe"). Very critical.
|
Thanks for the example. Can't reproduce that in Win XP (Sandboxie v. 3.40).
It's created - sandboxed (nothing in real system):
. Registry:
[HKEY_LOCAL_MACHINE\software\microsoft\A]
"StubPath"="C:\\Program Files\\AVP.exe"
. Files:
R:\Sandbox\<User>\DefaultBox\drive\C\del.bat
"del.bat" does a looping (CPU).
Checked with SandboxDiff. |
|
|
|
Julian
| Joined: 09 Aug 2009 |
| Posts: 170 |
|
|
|
| Posted: Wed Jan 27, 2010 9:29 pm |
|
|
|
|
|
Yes, I couldn't reproduce it in a XP SP3 VM either but in return in a fresh Seven x64 VM. So it shouldn't be specific to my real system, it's a general bug of the x64 version.
|
|
|
|
nick s
| Joined: 20 Dec 2008 |
| Posts: 329 |
|
|
|
| Posted: Wed Jan 27, 2010 9:34 pm |
|
|
|
|
|
| Julian wrote: |
| I found a malware that creates an executable outside of the sandbox ("C:\Program Files\AVP.exe"). |
I am also unable to reproduce this. Tested on 7 64-bit, 7 32-bit, and XP SP3 32-bit (non-VMs). |
|
_________________
Nick
|
|
nick s
| Joined: 20 Dec 2008 |
| Posts: 329 |
|
|
|
| Posted: Wed Jan 27, 2010 9:38 pm |
|
|
|
|
|
| tzuk wrote: |
| Julian and nick, regarding Chrome: do you use the ActiveX installer perhaps? Have you tried the "direct link" EXE installer? |
I downloaded and used the installer ( http://www.google.com/chrome). |
|
|
|
| | |
|
tzuk
| Joined: 22 Jun 2004 |
| Posts: 15003 |
|
|
|
| Posted: Thu Jan 28, 2010 1:01 am |
|
|
|
|
|
nick: Version 3.43.19 should fix the foobar playback problem.
Julian: Version 3.43.19 should fix the QTracker XP SP 3 problem.
I still don't know how to reproduce the problem with Chrome setup. All I can say is it works just like on Windows XP for me. I download ChromeSetup.exe, in various ways, including the link Julian posted, and it installs fine, BITS and all, and launches the Chrome window at the end of the installation. So I don't know what to do about this.
And finally, I still haven't looked into the virus thing. But since nick says he can't reproduce, and Julian, a few posts back you were saying you added some file access exclusions on your hard disks, so perhaps you inadvertantly allowed the virus free access?
|
|
|
|
nick s
| Joined: 20 Dec 2008 |
| Posts: 329 |
|
|
|
| Posted: Thu Jan 28, 2010 6:47 am |
|
|
|
|
|
| tzuk wrote: |
| nick: Version 3.43.19 should fix the foobar playback problem. |
Confirmed. |
|
|
|
Julian
| Joined: 09 Aug 2009 |
| Posts: 170 |
|
|
|
| Posted: Thu Jan 28, 2010 1:49 pm |
|
|
|
|
|
| tzuk wrote: |
And finally, I still haven't looked into the virus thing. But since nick says he can't reproduce, and Julian, a few posts back you were saying you added some file access exclusions on your hard disks, so perhaps you inadvertantly allowed the virus free access? |
No. I tested in a clean VM with Sandboxie *.18 at default settings (except of drop my rights disabled). Of course I ran the sample with admin privileges. There is nothing more I can tell. It just must be reproduceable.
I tested again one minute ago - same result.
Edit: Just to let you know: *.19 doesn't help. |
|
|
|
RSecure
Guest
|
|
| Posted: Thu Jan 28, 2010 5:06 pm |
|
|
|
|
|
what kind of services do you have enabled?, a few months ago a critter broke out due to the print spooler being turned off or on manual. Listing your config and settings would be most helpful for testers
|
|
|
|
Julian
| Joined: 09 Aug 2009 |
| Posts: 170 |
|
|
|
| Posted: Thu Jan 28, 2010 5:24 pm |
|
|
|
|
|
| RSecure wrote: |
what kind of services do you have enabled?
|
The very standard.
| RSecure wrote: |
a few months ago a critter broke out due to the print spooler being turned off or on manual.
|
It was about loading a driver. I bet in this case nothing very deep is going on -> not comparable
| RSecure wrote: |
| Listing your config and settings would be most helpful for testers |
Please ready carefully, I expressed myself clearly: Standard settings! |
|
|
|
tzuk
| Joined: 22 Jun 2004 |
| Posts: 15003 |
|
|
|
| Posted: Thu Jan 28, 2010 6:21 pm |
|
|
|
|
|
Thanks Julian, I can reproduce the problem. I agree, nothing deep is going on, it's a simple file rename/move operation that is handled a bit differently in 64-bit than in 32-bit, and I need to address that.
|
|
|
|
| | |
|
Julian
| Joined: 09 Aug 2009 |
| Posts: 170 |
|
|
|
| Posted: Thu Jan 28, 2010 8:11 pm |
|
|
|
|
|
| tzuk wrote: |
Julian: Version 3.43.19 should fix the QTracker XP SP 3 problem.
|
Confirmed. Thank you for fixing also those minor bugs.
| tzuk wrote: |
I still don't know how to reproduce the problem with Chrome setup. All I can say is it works just like on Windows XP for me. I download ChromeSetup.exe, in various ways, including the link Julian posted, and it installs fine, BITS and all, and launches the Chrome window at the end of the installation. So I don't know what to do about this.
|
Odd.
I'll try in a clean VM with the next beta release and then report.
| tzuk wrote: |
| Thanks Julian, I can reproduce the problem. I agree, nothing deep is going on, it's a simple file rename/move operation that is handled a bit differently in 64-bit than in 32-bit, and I need to address that. |
Nice to hear. 
The remaining issues not fixed yet:
1.) Steam + games aren't working sandboxed.
I suppose that forcing the game executables starts sandboxed isn't working because so the games can't communicate with Steam -> I guess it's not so easy to fix. I neither think that it is important, I wouldn't mind if it doesn't get fixed.
But maybe it could be possible to make Steam working sandboxed? I suppose then also almost all Steam games would be working.
2.) cFosSpeed installer can mess up the network connection of the real system.
Thank you, nick s, for confirming the foobar issue. |
|
|
|
| | |
|
tzuk
| Joined: 22 Jun 2004 |
| Posts: 15003 |
|
|
|
| Posted: Thu Jan 28, 2010 11:54 pm |
|
|
|
|
|
The rename problem should be fixed in version 3.43.20 which I will release tomorrow.
The Steam problem, I'm going to leave it as it is for now, perhaps address it in a future version. Same for cFosSpeed.
|
|
|
You cannot post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 3 of 4
 Use the RSS feed to watch this topic for replies
|
|
|
|
| |
