Sandboxie is Weird After Trojans

Hello. My computer had recently been acting kind of weird and I did a thorough scan with Eset and they found and neutralized 5 Trojans. But after that my Sandboxie program stopped working and I can't Modify or Uninstall it from Apps & features in Settings because the buttons are grayed out. Also, I must have deleted it and installed it again from Major Greeks because it's dated 01/06/21 from yesterday. Plus, Eset calls the trojan "a variant of Win32/Agent.ABZW.gen trojan."

Additionally, since I always use Sandoxie(or used to), the only way that I can think of how this trojan slipped in is from downloading an image and allow Sandboxie to Recover it. Although, I usually use a free image hosting site to host an image and then save it to my computer from there, but I forgot to do that this time. But other than that, that's the only way that I think I may have gotten this trojan. Also, as you see from one of my images, some of the trojans are associated with Sandboxie, even though I was actually running Sandboxie at the time during the Eset scan before Sandboxie stopped. Plus, it appears that Microsoft security won't allow me to download any other Sandboxie links because it says that Sandboxie is dangerous to my computer.

 

Download the installer, uninstall from there and then reinstall.

 

I'm sorry, but could you be more specific because I don't quite understand what you mean... Sorry.

 

Download Sandboxie:

https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.5.4

When it asks select Uninstall. Reboot and then reinstall.

 

Okay, when I did that, I got the Delete messages(I clicked twice) at the bottom of my screen. And when I clicked Keep, it took me to another page and gave the Microsoft Defender message. See second image.

 

Also, I clicked on the Show more link and and clicked on Keep and it seemed to download and install, but nothing different happened except the way it looked:

 

Okay, Buster_BSA, I found an Install Anyway link(or something like that) on the Microsoft Defender Dialogue shield and clicked on it and was able to install Sandboxie again and was able to uninstall it, and I'm about to reboot now... See you on the other side.

 

I'm back in business. Thank you very much, Buster_BSA.

 

Oh, no! Just when you thought it was safe to go back in the water. Also, since a picture speaks a thousand words, below in the images is what happened.

 

And I'm also getting a SBIE2101 error message.

 

Complain to SAS about them producing false positives, as their customer you can do that.
Can't you set exclusions in SAS to tolerate Sandboxie-Plus / Sandboxie?

 

You must allow Sandboxie's driver to operate. Your antispyware is blocking it.

Add "SbieDrv.sys" to SUPERAntiSpyware's exclusion (white) list.

 

@Capricornia:
Concerning the two messages by Sandboxie in your pictures: I got exactly the same messages when trying to install v. 5.46.0.

You only need to (try to) install Sandboxie a second time --> then choose the option to uninstall the existing version (+ saying "Yes" to keeping the ini.file if you like to stay with your old settings) --> then restart your computer.

And now it should work. (Finally I had to do this procedure two times, if I remember correctly).

But all this only if you get the messages again after having fixed the issue with your antispyware, as described by Buster_BSA and bjm.

 

Just a reminder: Sandboxie from David Xanatos got a signed driver but not signed exes. So some AV will just flag files for that reason.
You could report the files as a fp to your AV vendor and maybe they will fix it.
Got also a download problem with FF while MS edge said it was ok.

 

It wasn't SAS. I had just did a SAS scan(which showed clean) and then I tried to launch Sandboxie and the image still had the SAS dialogue box because I couldn't close it until I closed the Sandboxie dialogue boxes and I wanted to show the images of the Sandboxie dialogue boxes.

 

It's not SAS. See my post above.

 

Hmmm. Okay, I'll try it twice. Although, I still think that the trojan did something to my computer and my software.

 

What is/are your resident security solution/s?
Do you still feel your machine has infection/s?
Maybe, try:
Save backup of Sandboxie.ini...just in case
Disable your resident security solutions.
Uninstall 5.45 + if asked retain Sandboxie.ini > restart machine (not Shut down) > install v0.5.4b / 5.46.1 - Hotfix
Release Release v0.5.4 / 5.46.1 - Hotfix · sandboxie-plus/Sandboxie · GitHub

 

Well, I did it twice and it looks like the second time wasn't the charm. And I'm getting the same error messages and dialogues boxes. Plus, it's showing that Microsoft Defender is blocking it. See images below along with #5 Reply.

 

What is/are your resident security solution/s?
Do you still feel your machine has infection/s?
Disable Microsoft Defender Antivirus and any other resident security solutions.
Disable Microsoft Defender SmartScreen in Edge
Save Sandboxie-Plus 0.5.4b / Sandboxie 5.46.1 installer to your desktop.
Uninstall 5.45 + retain Sandboxie.ini > restart machine (not Shut down) > install v0.5.4b / 5.46.1 - Hotfix
Release Release v0.5.4 / 5.46.1 - Hotfix · sandboxie-plus/Sandboxie · GitHub
After you install Sandboxie-Plus / Sandboxie. Exclude Sandoxie-Plus / Sandboxie folder in Microsoft Defender Antivirus and any other resident security solutions.

 

I temporarily disabled my Windows Defender Virus & threat protection, but that didn't help. Also, I have a full version of Malewarybytes, but I don't think that's blocking Sandboxie.

 

I don't think so. Because previously, my Settings icon and Paint 3D icon, which I had pinned to the taskbar, had disappeared. But that isn't happening now. Plus, the Eset scan said all the trojans were gone.

 

Yeah, I think Malwarebytes whitelisted Sandboxie.
Are you running Malwarebytes Premium real-time?
Do you register Malwarebytes Premium with Windows Security Center?
Do you have mutual exclusions setup for Malwarebytes Premium and Microsoft Defender.
Does SAS run real-time?
Maybe, get Malwarebytes Forum to check your machine for malware.
Why did you run ESET Online Scanner?
ESET ripped out your Sandboxie install.
Were my machine. I'd clean install Sandboxie-Plus.
Good Luck

 

Register Malwarebytes Premium with Windows Security Center + restart machine. Windows will disable Microsoft Defender seeing Malwarebytes Premium.

 

You never had any ' trojans '. All the detection's are false alarms, Eset, W.D, and SAS, which are picking up Sandboxies own files.I imagine a lot of other AV engines will flag them too. I am still using version 5.33.6 which was one of the last if not the last version while S.B was updated by Sophos. Apparently it has security issues but I will takes my chances.
It is my opinion that S.B is becoming something used by an ever decreasing number of users desperate to keep something that has become problematic for the average user. All you can do is is whitelist the files, get your resident security programs vendors to whitelist the files ( which the probably won't ) or revert to 5.33.6 and take your chances