Something you should know; Averted a serious infection

[mchain]

Hi,

Recently (Tuesday AM) I went to a site, popoholic.com, one of those sites, yeah, just for kicks via a link in SportsIllustrated.com, Extra Mustard.

Reason I did that was because of misplaced trust in the blog author (tho this severe incident was not his fault, nor the web site owner's either). I now know better.

Thanks to Sandboxie v. 3.74 and Avast! Free antivirus, I escaped with no harm or any malware on my system. I did see the malware attack come in a rapid streaming attack, and Avast! struggled to keep up with the network blocks as it was coming in. In the end, there were 576 blocks made in less than the twenty seconds that it took for me to close the browser and disconnect from the internet. Most people would likely have just simply pulled the power cord, but I chose not to do that.

What happened:

• Avast! alerted continously for twenty seconds or more.
  The browser window became a translucent semi-opaque white
  Browser became unresponsive and took several tries to close.

In twenty-five years, I have never seen anything like this.

Here is what I would have gotten infected with:

http://www.malwarehelp.org/win-7-securi ... moval.html
http://www.sophos.com/en-us/threat-cent ... for-B.aspx
http://www.ehow.com/how_5074980_remove- ... icker.html

Among other things, I would now have a rogue fake a/v on my desktop, as well as two other things, each possibly demanding I pay to remove infections found on my system.

Thank you tzuk. You have literally saved my behind and Sandboxie will definitely get all the credit.

I have checked for any remaining resident rogue processes or services, and cannot find any anywhere. System is completely clean.

Why this happened: popoholic is on the internet website registry as being a problematic site as far as hosting malware. Most of the time it is clean, sometimes it is not. The malware hosted on popoholic was transient, active only for about four hours. A later check with urlquery.net showed it to be completely clean. As for being trustworthy, no. As for being safe to visit, I now know the answer is no, as malware can be hosted one moment, and then disappear the next.

www.urlquery.net

[Lumberjack]

Hi,

Recently (Tuesday AM) I went to a site, popoholic.com, one of those sites, yeah, just for kicks via a link in SportsIllustrated.com, Extra Mustard.

Reason I did that was because of misplaced trust in the blog author (tho this severe incident was not his fault, nor the web site owner's either). I now know better.

Thanks to Sandboxie v. 3.74 and Avast! Free antivirus, I escaped with no harm or any malware on my system. I did see the malware attack come in a rapid streaming attack, and Avast! struggled to keep up with the network blocks as it was coming in. In the end, there were 576 blocks made in less than the twenty seconds that it took for me to close the browser and disconnect from the internet. Most people would likely have just simply pulled the power cord, but I chose not to do that.

What happened:

• Avast! alerted continously for twenty seconds or more.
  The browser window became a translucent semi-opaque white
  Browser became unresponsive and took several tries to close.

In twenty-five years, I have never seen anything like this.

Here is what I would have gotten infected with:

http://www.malwarehelp.org/win-7-securi ... moval.html
http://www.sophos.com/en-us/threat-cent ... for-B.aspx
http://www.ehow.com/how_5074980_remove- ... icker.html

Among other things, I would now have a rogue fake a/v on my desktop, as well as two other things, each possibly demanding I pay to remove infections found on my system.

Thank you tzuk. You have literally saved my behind and Sandboxie will definitely get all the credit.

I have checked for any remaining resident rogue processes or services, and cannot find any anywhere. System is completely clean.

Why this happened: popoholic is on the internet website registry as being a problematic site as far as hosting malware. Most of the time it is clean, sometimes it is not. The malware hosted on popoholic was transient, active only for about four hours. A later check with urlquery.net showed it to be completely clean. As for being trustworthy, no. As for being safe to visit, I now know the answer is no, as malware can be hosted one moment, and then disappear the next.

www.urlquery.net

I truly don't understand how and in what way your Sandboxie blocked all of these attacks since according to your post it was actually Avast that was successfuly blocking 576 attacks?
Of course, tightly and properly configured Sandboxie easily blocks all of these attacks no matter how many attacks there are.

[PanamaVet2]

Lumberjack said:
<<<
I truly don't understand how and in what way your Sandboxie blocked all of these attacks since according to your post it was actually Avast that was successfuly blocking 576 attacks?
Of course, tightly and properly configured Sandboxie easily blocks all of these attacks no matter how many attacks there are.
>>>

When you visit a web site or run a program sandboxed, Sandboxie makes copies on your machine of the objects the being accessed whether they be files, registry entries, etc. When a rogue program attacks your machine it is really attacking the copies of the objects, not the original ones.

When your antivirus detects the attack against the copies it reports it.

Sandboxie prevented the attack against the real files. Your antivirus is protecting the copies which is still a good thing.

It is a good idea to automatically delete the contents of a Sandbox.

[lylejk]

Yeah; got hit by a driveby at mediamilitia a few years back (yes; it's a legitimate site that hosts some very cool clip-art). Any site can be proned to getting infected and spreading it out unfortunately. SBIE keeps that from causing your actually system problems. Easy enough to just delete the SB session which I do frequently. tzuk still deserve beyond kudos for his gem. I still use XP in a VM and it won't be long before Microsoft will no long support XP periods so I will even more depend on SB to protect my VM in the near future.