|
|
|||||||
|
|
Thread Tools | Search this Thread |
|
#1
June 14th, 2010, 09:32 PM
|
||||
|
||||
MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
I ran a scan and it found 2 traces of it. 0_o How come? I emptied the sandbox? The traces said they were in sandboxie even after I emptied it after I deleted the detection. I scanned again with MSE, Hitman Pro, Superantispyware and Malwarebytes and they came up clean after MSE got rid of the left over files.
__________________
I have Windows 7 64 bit Comodo Firewall 6 set to block, Avast Free Edition, K9 Web Protection set to block malicious and phishing sites only, Zemana Free Anti Keylogger, Comodo DNS, Firefox with Noscript, Adblock Plus, WOT set to block, Secunia PSI, and common sense. ^_^ |
|
#2
June 14th, 2010, 10:34 PM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Are you sure the rogue was inside SandBoxie?
Traces are leftover files/registry settings that may have been caused by a rogue (according to MSE). |
|
#3
June 14th, 2010, 11:03 PM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
I never released it from the sandbox and what was detected was in sandboxie as temp files from when I saw the destination of the files. I scanned with MBAM, SAS, Spyware Terminator and Hitman Pro again and they all came up empty.
__________________
I have Windows 7 64 bit Comodo Firewall 6 set to block, Avast Free Edition, K9 Web Protection set to block malicious and phishing sites only, Zemana Free Anti Keylogger, Comodo DNS, Firefox with Noscript, Adblock Plus, WOT set to block, Secunia PSI, and common sense. ^_^ |
|
#5
June 15th, 2010, 07:28 AM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Quote:
I don't think you read the post.
__________________
OpenDNS with DNSCrypt SSD: Windows 8 Pro x64 | IE10 (Enhanced Protected Mode) & Fanboy's TPLs HDD: Xubuntu 12.04 LTS (x64) | Firefox: ABP(Fanboy's list) & HTTPS Everywhere |
|
#6
June 15th, 2010, 07:33 AM
|
|||
|
|||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Quote:
If that true then it still in sandbox ok? Not on real system. May be didnt delete like you thought. |
|
#7
June 15th, 2010, 07:40 AM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Are you sure that you deleted the contents and not just Terminated Programs?
Can you check the MSE log and find the exact path of the traces found.
__________________
Lean, Mean and Clean!  Sandboxie, Buster Sandbox Analyser, Returnil 2008, Microsoft Virtual PC 2007 SP1, Drive Snapshot
|
|
#8
June 15th, 2010, 10:04 AM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Unfortunately I deleted the history. But I scanned with my programs and its clean now and I emptied temp files. I emptied the sandbox after MSE reported it was found and I deleted it. Then I ran a scan and it did find 2 temp files within sandboxie with it in but MSE said that it was suspended. So I guess MSE detected it in that and thats why it found it during a scan was because it picked it up out of the sandbox.
__________________
I have Windows 7 64 bit Comodo Firewall 6 set to block, Avast Free Edition, K9 Web Protection set to block malicious and phishing sites only, Zemana Free Anti Keylogger, Comodo DNS, Firefox with Noscript, Adblock Plus, WOT set to block, Secunia PSI, and common sense. ^_^ Last edited by cheater87 : June 15th, 2010 at 10:12 AM. |
|
#9
June 15th, 2010, 10:31 PM
|
|||
|
|||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Anti virus programs can maintain a lock on files in the sandbox even
though they run outside of the sandbox. May be that's what happen here. In other words, you surfed and something got detected by MSE and even though you deleted the sandbox, those files remained locked by your Anti virus. Trying to make sense of what you describe, that is the best explanation I can come up with. The best part is that you are clean. Bo |
|
#10
June 17th, 2010, 06:18 AM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
As Franklin pointed out, the log should definitely show the 'traces' were in the C:\sandboxed location, but would have since disappeared as sandboxie's contents were emptied.
|
|
#11
June 17th, 2010, 10:00 AM
|
||||
|
||||
|
Re: MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.
Thats the best way I can think of it Bo.
__________________
I have Windows 7 64 bit Comodo Firewall 6 set to block, Avast Free Edition, K9 Web Protection set to block malicious and phishing sites only, Zemana Free Anti Keylogger, Comodo DNS, Firefox with Noscript, Adblock Plus, WOT set to block, Secunia PSI, and common sense. ^_^ |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
