how to scan a downloaded file while inside Sandbox

If it doesn't fit elsewhere, it goes here
Post Reply
pvrbulls

how to scan a downloaded file while inside Sandbox

Post by pvrbulls » Wed Feb 17, 2010 3:36 pm

I'm brand new to this, so please excuse me if this is a completely stupid question.

I cannot figure out how to scan a file downloaded in Sandbox with my virus program(Avast)

I tried "run any program" to start Avast inside the Sandbox, but that just resulted in a locked up instance of Avast that will not Terminate.

Could someone please point me in the right direction.

Thanks,

pvrbulls
Top
Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:
Contact Buster

Post by Buster » Wed Feb 17, 2010 3:40 pm

Was Sandboxie still sandboxing processes when you ran the scan?
Top
bs1
Posts: 565
Joined: Fri May 16, 2008 12:32 pm

Re: how to scan a downloaded file while inside Sandbox

Post by bs1 » Wed Feb 17, 2010 4:39 pm

pvrbulls wrote:I'm brand new to this, so please excuse me if this is a completely stupid question.
I cannot figure out how to scan a file downloaded in Sandbox with my virus program(Avast)
I tried "run any program" to start Avast inside the Sandbox, but that just resulted in a locked up instance of Avast that will not Terminate.
Could someone please point me in the right direction.
Thanks,
pvrbulls
Hello pvr. Your resident anti-virus program sees inside the sandbox without you having to do anything special. If you downloaded a file into your sandbox, then Avast would have alerted you if it detected malware.

Occasionally, I may want to double-check or triple-check a sandboxed file before recovering it to my real system. If I want to rescan it with my resident anti-malware (Nod32), the steps I take are: I open Windows Explorer (not Internet Explorer), then C:\Sandbox > User name > DefaultBox (or whatever the name of that sandbox is) > locate the file > right click on the file and select scan with Nod32. If I want to upload that file to VirusTotal to have it scanned by dozens of anti-malware programs, then I access the VirusTotal web site, click Browse, and then locate the file as described above and click Upload.
Top
pvrbulls

Re: how to scan a downloaded file while inside Sandbox

Post by pvrbulls » Wed Feb 17, 2010 8:15 pm

bs1 wrote:
pvrbulls wrote:I'm brand new to this, so please excuse me if this is a completely stupid question.
I cannot figure out how to scan a file downloaded in Sandbox with my virus program(Avast)
I tried "run any program" to start Avast inside the Sandbox, but that just resulted in a locked up instance of Avast that will not Terminate.
Could someone please point me in the right direction.
Thanks,
pvrbulls
Hello pvr. Your resident anti-virus program sees inside the sandbox without you having to do anything special. If you downloaded a file into your sandbox, then Avast would have alerted you if it detected malware.

Occasionally, I may want to double-check or triple-check a sandboxed file before recovering it to my real system. If I want to rescan it with my resident anti-malware (Nod32), the steps I take are: I open Windows Explorer (not Internet Explorer), then C:\Sandbox > User name > DefaultBox (or whatever the name of that sandbox is) > locate the file > right click on the file and select scan with Nod32. If I want to upload that file to VirusTotal to have it scanned by dozens of anti-malware programs, then I access the VirusTotal web site, click Browse, and then locate the file as described above and click Upload.
Top
pvrbulls

Re: how to scan a downloaded file while inside Sandbox

Post by pvrbulls » Wed Feb 17, 2010 8:30 pm

Hello pvr. Your resident anti-virus program sees inside the sandbox without you having to do anything special. If you downloaded a file into your sandbox, then Avast would have alerted you if it detected malware.

Occasionally, I may want to double-check or triple-check a sandboxed file before recovering it to my real system. If I want to rescan it with my resident anti-malware (Nod32), the steps I take are: I open Windows Explorer (not Internet Explorer), then C:\Sandbox > User name > DefaultBox (or whatever the name of that sandbox is) > locate the file > right click on the file and select scan with Nod32. If I want to upload that file to VirusTotal to have it scanned by dozens of anti-malware programs, then I access the VirusTotal web site, click Browse, and then locate the file as described above and click Upload.
Sorry for the double post. I'll get this figured out eventually. javascript:emoticon(':roll:')

Good evening, bs1

Thanks for the excellent explanation. It works great. It's good to know that the anti-virus program sees inside the sandbox. But... I want to make especially certain on some files and this works great. I tried using Windows Explorer but did not think to find DefaultBox; I tried to go to the folder in my real system and, of course, it wasn't there; then I ran Windows Explorer from inside the sandbox, but then it didn't have the right-click option to scan the suspect file! That's when I "figured" that the anti-virus program must also need to be running within the sandbox; but that really didn't work! javascript:emoticon(':lol:')

Thanks again for the very helpful response.

pvrbulls
Top
pvrbulls

having trouble running Sandboxed

Post by pvrbulls » Thu Feb 18, 2010 2:34 am

I downloaded a file that is setting off my virus program so I wanted to see what happens when I run it in the Sandbox. Problem is that I get a Windows box that says "The process cannot access the file because it is being used by another process." I've closed everything except Sandboxie and Windows Explorer(opened by Sandboxie Control.) It's very late, soI am going to shut down for the night and try it first thing tomorrow.

Any other ideas?

Thanks,

pvrbulls
Top
dynarx
Posts: 174
Joined: Mon Apr 02, 2007 9:31 pm
Location: New South Wales, Australia

Post by dynarx » Thu Feb 18, 2010 7:59 pm

Your antivirus has probably blocked access to it. I daresay you may have to disable it's realtime protection and maybe even clean the sandbox and re-download a fresh 'unlocked' copy of the bug.

Another option is to download Unlocker http://ccollomb.free.fr/unlocker/ to find which process has a lock on the file.
Cheers,
D
Top
pvrbulls
Posts: 1
Joined: Fri Feb 19, 2010 1:57 pm

Post by pvrbulls » Fri Feb 19, 2010 2:13 pm

dynarx wrote:Your antivirus has probably blocked access to it. I daresay you may have to disable it's realtime protection and maybe even clean the sandbox and re-download a fresh 'unlocked' copy of the bug.

Another option is to download Unlocker http://ccollomb.free.fr/unlocker/ to find which process has a lock on the file.
Cheers,
D
That's right. However, it appears that Sandboxie is the "problem" because I have tired it an several files, having turned of my anti-virus program before unpacking the files, and get the same result: Windows(apparently) says the files is still in use by another process. Unlocker will not work under Win 7 x64, so I downloaded and installed LockHunter, which seems to be about the same thing, and it indicated that there is nothing locking or blocking the files. I haven't tried to run the files outside the sandbox because I really don't trust them..........that's the whole point, right? javascript:emoticon(':)')
Top
Post Reply

Return to “Anything Else”

Who is online

Users browsing this forum: No registered users and 0 guests