SpyShelter 5.20 final released

Discussion in 'other anti-malware software' started by guest, May 30, 2011.

Thread Status:
Not open for further replies.
  1. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
  2. guest

    guest Guest

    When the message appears "Setting hooks for process firefox.exe (PID=XXXX) is blocked." it's only for 1 module usually the antinetworkspy.

    If SS fails to set the Hook on the browser probably is because is sandboxed or it's being protected by other app.
    If SS fail on set the hook on other security app is because this app's are protecting themselves.
    If I'm not wrong setting a hook it's like inject a dll.

    In my case I get this message for the app's that I'm protecting with EMET, and all of them are from the antinetworkspy module.
     
    Last edited by a moderator: Jun 18, 2011
  3. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Once I got the same hook error while trying spyshelter and trusteer raport side by side. It was gone after I uninstall raport.
     
  4. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
    Well, if my browsers are somehow protected, I don't need SS for that. Or so it would seem to me.

    I looked at a video of EMET, not having heard of it. It looks like one has to know a lot more than I do to be able to use it.
    http://www.youtube.com/watch?v=iOpcwEz0b1A

    Oh well, as long as I have a complete WindowsSystemBackup on my external drive that was made when everything had already been running normally for a few weeks at least, I might be lucky and it is clean. I make one after every Windows update.

    If a good hacker would really want to get into my machine, I am not knowledgeable enough to prevent it. And if worse comes to worst I can always reformat.

    It looks like I don't really need SS, already using OA and Sandboxie.

    PS: don't know why the link is not clickable. It has url encased in [] and a / and url and encased in [] in the text writing window.
     
    Last edited: Jun 18, 2011
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    you should look into imaging instead of relying on backups and reformating.
    with a clean system image you can start anew after any problems in about 5 minutes, providing you keep your OS drive/partition lean and use another drive/partition for data.

    you should be more than ok with OA and SBie.
    i recommend never using more than 1 real-time anti-malware app, otherwise you're asking for troubles because of conflicts and stability.
    SBie is an exception as it is very 'light' and can live peacefully with another real-time app.
     
    Last edited: Jun 18, 2011
  6. guest

    guest Guest

    Also can be an incompatibility with OA or other security software.
    OA and most of the other HIPS are not able to pass the 100% of the spyshelter test, although maybe is not that important.

    And as far as I know sandboxie does not protect against the new banking malware like Zeus.
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if you start a new session by having deleted the sandbox previously and surfing right to your bank site i don't see how one could get that malware.

    unless i'm missing something...
     
  8. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
    Thank you for confirming that with OA and Sandboxie I should be more than ok. On top of that I have Avira Premium, Immunet free and SAS Pro. They don't conflict in my experience. As second opinion scanners MBAM free, Hitman Pro free, and EAM free.

    I always make an image or clone of my laptop after Windows installed its updates. That's what I meant by "WindowsSystemBackup." It is a handy integrated part of Windows 7. :cool:
    I keep the image on an external drive, and I don't bother making "incremental" or partial backups.
    It takes about 10 minutes to make it or set it back on my machine. I do it when I have something else to take care of anyway. Like eating or taking a shower... :D
     
    Last edited: Jun 19, 2011
  9. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
    I did the SS AntiTest recently and OA Premium blocked all of it until I gave it permission to run. And even during the test runs it would block each new module until I allowed it. Afterwards they were reported in OA's Anti-keylogger log as keyloggers.

    Sandboxie does not prevent anyone from spying on one's pc while one is online, but deleting its sandbox removes any spyware that might have installed itself.

    The times Avira blocked malware it was always in the sandbox, as I have set Sandboxie to force my browsers to run sandboxed by default. So even allowing it any malware would have been gone after emptying the virtual space as shown here:
    http://www.sandboxie.com/
     
    Last edited: Jun 19, 2011
  10. guest

    guest Guest

    If your computer is already infected (and sandboxie can only prevent an infection through the browser and only for future sessions) with Zeus or any other similar banking malware, sandboxie is not able to block it. At least this is the result obtained in an unoficial test of the MRG banking test where sandboxie fails.

    Here they don't say it directly but, you can ask by pm, I did it. Because I though that sandboxie was ablet to protect against this, but no.
    http://forums.malwareresearchgroup.com/viewtopic.php?f=29&t=582&p=2130&hilit=sandboxie#p2130
     
  11. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Sandboxie is not designed to protect you if your computer is already infected.
    if used correctly, SBie should prevent from getting infected in the first place.

    you can set Run/Start and Internet restrictions to only allow the browser to run and connect to the 'net.
    this way, malware should not be able run or connect to the 'net if you happened to catch a baddie during a sandboxed session.

    of course, one should always delete the content of the sandbox before doing any kind of sensitive transaction online.
     
  12. guest

    guest Guest

    Of course and is not designed either to protect you if the infection comes from any other place, just the browser.
     
  13. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
    You can run your e-mail program sandboxed with Sandboxie as well. Even if you would open an infected attachment, it would still only run in the sandbox.

    I use Opera's free e-mail program, which is integrated in the browser. Since by default I always run Opera sandboxed, so is my e-mail always sandboxed.

    When I was using Outlook Express on my xp I had it run sandboxed as well. And there is a host of e-mail programs that can be run in Sandboxie.

    In the free version it is not by default, only by paying the once for a lifetime very reasonable fee can you set it to automatically open browsers and e-mail sandboxed. In the free version you have to choose every time to go sandboxed, question of a few clicks. But I got too lazy for that after a month or so... so I paid once years ago.
     
  14. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    You can also use Sandboxie to isolate PDF files/readers, e-readers and a host of other apps which could potentially pose a threat if certain contents were released.

    And of course it oftentimes allows the capability to test software without contaminating your real system.
     
  15. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
    True. Great protection.

    Once I had a hacker attack, but that was because I had gone to a bad website unsandboxed. Another two times I was sandboxed, and just out of curiosity to test Sandboxie I let him do his thing. We were actually fighting over the cursor! I would move the little white arrow to the top left red/white cross button using my touchpad, and not quiet reaching it, would lift my finger to push it further to that button to close the website. But every time, as soon as my finger was off the touchpad for a fraction of a second, he would make the cursor shoot away from it. This kept happening for a while.
    In the mean time by the frenzied activity of my laptop I got the impression he was downloading/installing I don't know what... but all in the sandbox.

    The first time -after some 5 minutes of watching in fascination- I could quickly reach Sandboxie's "End all programs" icon popup in the tray, thus emptying the sandbox, and he was gone.

    The second time he would not let me empty the sandbox -the icon would not react- so I pressed the physical Off button and he was gone also, including whatever he had been downloading/installing in the virtual space.

    Now I would feel naked surfing unsandboxed.
     
    Last edited: Jun 19, 2011
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    good testing man:thumb:
     
  17. LodeStone

    LodeStone Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    29
    :)

    PS: That last time I kept the On/Off button pressed for 4 or 5 seconds until the notebook shut down. Not giving it time to save anything, just in case...
     
  18. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Could you test those on spyshelter restricted mode?
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    in restricted mode the malware will not even run properlly:thumb: spyshelter restricted mode will will criple the malware;)
     
  20. chris1341

    chris1341 Guest

    A big misunderstanding I'm afraid, dude. Blues7 has said what was needed already but SBIE can contain/restrict all of the threat-gates I'm aware of. I personally sandbox pdf, media players, p2p, office applications, mail clients, drive letters associated with USB/CD/DVD/Flash devices, specific folders and directories - even VM's on occasion. With care and effort it is a complete all rounder - hugely configurable and unnoticeable in terms of resources used. Anyway.......
     
  21. guest

    guest Guest

    I see, I didn't used it in this way since I was using the free version. But the paid version it's worth it.
    Must be a pain configure all this xD
     
  22. chris1341

    chris1341 Guest

    You can set up shortcuts to do most of it with the free version. Not a pain, a joy. Don't know what that says about me though :D

    Cheers
     
  23. guest

    guest Guest

    Yes I know, but with the free version you can not have 2 sandbox at the same time
     
  24. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    When I open IE9 spyshelter warns that iexplore.exe is trying to inject remote dll to some process. The pid of the target process is given but I cannot find the process in task manager. Any ideas?

    I also use EMET 2.1 for all browsers. But there are no issues while opening opera, safari or firefox.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hmmm.... so weired. Seems your system infected but I can,t be usre. It may be something legit that is not yet in SS,s whitelist. Can you post a screenshot? Any special plugins/ toolbars installed for IE?

    I wil strongly suggest a scan with MBAM and some good AV.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.