Malware that possible ?bypassed SBIE

Discussion in 'other anti-malware software' started by aigle, Jul 8, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    LOL, I do like GW much more than SBIE. :D

    Don,t tel anyone.:) BTW i am not too emotional with it.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    There are malware that bypassed SBIE in the past. So is true of other snadboxes like DW, GW , BZ etc. Ur ignorance can,t hide the facts.

    Infact anything can be bypassed by some malware.
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Don't be so emotional aigle.;)

    I am aware of no damaging in the wild malware that has bypassed Sandboxie, being the best ever security app.

    There have been obscure, user initiated and non destructive bypass methods in the past which were patched in about 5 secs by Tzuk.

    And now with the process restricted setting nothing can run unless allowed.
     
  4. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I totally agree with that!
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    So no one see this jfiehayd.dll?
     
  6. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I would respectfully say that I think it is very emotional.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    You could say that! :-*

    Like my new avatar. Nifty eh.:D
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    your avatar is missing the pepperoni:D
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Files :
    IXP000.TMP
    1647768414.exe
    3174676118.exe
    hpzs34ff0
    install8828.exe
    install27214.exe
    install43984.exe
    jkwhy7.exe
    install30572.exe
    winlogan.exe
    syswcc32.exe
    td_maintor.exe
    setup.exe
    strcmd.dll
    removalfile.bat
    ¦1eem.exe
    584741526.exe
    kfgoirejrhjf848hg.tmp
    ldfkg094klorgt.tmp
    install10393.exe
    webHancer files
    jfiehayd.dll
    stray.exe
    hohmtuba.exe
    csrssc.exe
     
    Last edited: Jul 9, 2008
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    no his avatar is missing the ground beef:D
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    The files you have listed,while testinig Sandboxie?If so did they remain trapped Inside.
     
  12. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    All except
    jfiehayd.dll
    2 reg entries and win.ini
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    OK, I will try my best. :)
    KillDisk

    https://www.wilderssecurity.com/showpost.php?p=754193&postcount=11

    http://forum.sysinternals.com/search_results_posts.asp?SearchID=20080709101142&KW=tzuk

    Leak was confirmed by Tzuk BTW. An exe running inside SBIE was able to launch browser outside of SBIE.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I tried with 3.26 version also. No leak. Seems an issue on ur system only. What other security applicatiosn you were running at the same time with SBIE?
     
  15. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    aigle,
    At first none just Port Explorer. Then tried in another snapshot with NAB and MBAM.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Nope, I looked. But it may use a random name.
     
  17. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Filename is random. Usual thing.
     
  18. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I understand how to use SBIE, but GW is over my head. Hey aigle -- how about doing a Wilders thread-tutorial for GW?
     
  19. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Thanks for your replies Meriadoc and HURST. They are much appreciated :thumb:
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    meriadoc those 2 registry entries wont do any harm to your pc anyway,as long as sandboxie blocks the actual malware.exe and be able to delete it from sandbox,the registry entry is useless without the installer anyway is just junk.
    maybe if you let tzuk know about it maybe he can patch fast like he always does.
     
  21. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Just tested it with default settings. Nothing got out. Just FYI.
     
  22. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Good to hear :thumb:
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    If ever i could have time n expertise to do this. I wish.:mad:

    May be Kees/ He is previous user and has written many detailed tutorials.
     
  24. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi jmonge, yes I know this:thumb: for me the importance was the leak.
    _________________________
    I have the weekend off so I will debug this situation and find the conflict.
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    got it meriadoc:) hey are you making a bar-b-cue?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.