MSE detected a rogue in sandboxie so I removed it and then emptied the sandbox.

Discussion in 'sandboxing & virtualization' started by cheater87, Jun 14, 2010.

Thread Status:
Not open for further replies.
  1. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I ran a scan and it found 2 traces of it. 0_o How come? I emptied the sandbox? The traces said they were in sandboxie even after I emptied it after I deleted the detection. I scanned again with MSE, Hitman Pro, Superantispyware and Malwarebytes and they came up clean after MSE got rid of the left over files.
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Are you sure the rogue was inside SandBoxie?
    Traces are leftover files/registry settings that may have been caused by a rogue (according to MSE).
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I never released it from the sandbox and what was detected was in sandboxie as temp files from when I saw the destination of the files. I scanned with MBAM, SAS, Spyware Terminator and Hitman Pro again and they all came up empty.
     
  4. Empath

    Empath Registered Member

    Joined:
    Nov 13, 2002
    Posts:
    178
    Malware in your sandbox isn't a problem. Just empty the sandbox, and it's gone.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I don't think you read the post.
     
  6. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    If that true then it still in sandbox ok? Not on real system. May be didnt delete like you thought.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Are you sure that you deleted the contents and not just Terminated Programs?

    Can you check the MSE log and find the exact path of the traces found.
     
  8. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Unfortunately I deleted the history. But I scanned with my programs and its clean now and I emptied temp files. I emptied the sandbox after MSE reported it was found and I deleted it. Then I ran a scan and it did find 2 temp files within sandboxie with it in but MSE said that it was suspended. So I guess MSE detected it in that and thats why it found it during a scan was because it picked it up out of the sandbox.
     
    Last edited: Jun 15, 2010
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Anti virus programs can maintain a lock on files in the sandbox even
    though they run outside of the sandbox. May be that's what happen
    here. In other words, you surfed and something got detected by MSE
    and even though you deleted the sandbox, those files remained locked
    by your Anti virus. Trying to make sense of what you describe, that is
    the best explanation I can come up with. The best part is that you are
    clean.
    Bo
     
  10. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    As Franklin pointed out, the log should definitely show the 'traces' were in the C:\sandboxed location, but would have since disappeared as sandboxie's contents were emptied.
     
  11. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Thats the best way I can think of it Bo.
     
Loading...
Thread Status:
Not open for further replies.