Malware in sandbox affecting task manager

Here is a wierd one.

I had my dad (an old school programmer - think mainframe) use SBIE for a year now I guess. We set it up to force Firefox into the box, but didn't restrict it much. He uses win7 ultimate as LUA/UAC.

Anyway, he told me the other day his stuff was acting wierd, and could not start system restore, nor task manager, and some other things. My thought was some corruption or maybe a virii/malware in his real system. He could not delete the sandbox either. I told him to restore or delete sandbox or even remove sandboxie.

Today he told me my brother installed something (I think MBAM) and it cleaned up a hotbar or something, and that fixed the issue. It is the first time I have ever heard of a malware within a sandbox effecting something like taskmanager in the real OS.

I don't have all the details yet. The malware may have been on the real system, but my dad is pretty knowledgeable in general and would realize if he used a different browser or if something wanted to run with root without his permission.

Anyone ever heard of this?

Sul.

 

Is it possible that malware got through some other route? Non sandboxed browser used or via email etc. etc.

or might not have been malware but some obnoxious adware. I guess checking MBAM logs would give more clues

 

It is possible. I know he uses yahoo for mail only, so that would have been in the browser, rules out that avenue. The strange thing is, he is definately knowledgeable enough to know what is going on. He was a programmer up until about 4 years ago, so he knows a lot, coming from the days when you built your own printer, up to using a browser for your tool - thus he codes html and script languages. He knows what to expect.

But, he said as far as he knew, it was always sandboxed, and he doesn't install much of anything. Mainly codes in spare time (web pages and assembly and scripting lanugages), surfs the web and plays a few games.

I haven't talked to my brother yet, who is also pretty savvy with computers. Hopefully he will know if it was in the sandbox or not, and can get the logs. I don't think he can get to the logs though as once they removed the malware, they were then able to perform a system restore. I will see if they can restore it to a later date where the malware may still exist. lol, I am not sure they really want to, but I will coerce them

Sul.