Dont know what to do
Posted: Sat Oct 08, 2011 12:44 pm
Hi guys I'm very new in this. I realized that theres a DLL we can download before this will work, where is the dll to download? =o or am i missing out on something?
Support Forum for Sandboxie
https://forums.sandboxie.com/phpBB3/
https://forums.sandboxie.com/phpBB3/viewtopic.php?f=22&t=4885
Look at the file name and make a guess...MaAtKo wrote:Hi guys
i downloaded sbiextra v1.0.0.17, but there is a need of a password. How do I get that one? Thanks in advance.
I did install the VC runtimes and ran a repair just to be sure it installed correctly. The problem still exists so I'll post in the Problem Report board as you suggested. Thanks.wraithdu wrote:Have you installed the VC++ 2010 runtimes as the first post mentions? If so, you'll have to start a bug report thread as to why Sandboxie is not seeing that installation for injected DLLs.
It´s not possible to do it from inside. You must run something like HideDriver in real system and hide the processes you want from there.dontbotherme wrote:the tasklist command can't be blocked , if the program use pipe to get the result , it can also get the process list , how to prevent it ?
wraithdu, I don't know if you're still following this thread, but if you do please have a look at this:wraithdu wrote: sbiextra v1.0.0.17
(md5: 4b1705e8cb98ffddb970b8426bfdc772)
Code: Select all
$ wget http://zer0dev.com/dld/download.php?id=5
--2012-02-29 21:36:58-- http://zer0dev.com/dld/download.php?id=5
Resolving zer0dev.com... 69.163.150.234
Connecting to zer0dev.com|69.163.150.234|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: ../files/Sandboxie/sbiextra_1.0.0.17_pass=zer0dev.zip [following]
--2012-02-29 21:36:58-- http://zer0dev.com/files/Sandboxie/sbiextra_1.0.0.17_pass=zer0dev.zip
Reusing existing connection to zer0dev.com:80.
HTTP request sent, awaiting response... 200 OK
Length: 628764 (614K) [application/zip]
Saving to: `sbiextra_1.0.0.17_pass=zer0dev.zip'
100%[======================================>] 628,764 94.5K/s in 7.1s
2012-02-29 21:37:05 (87.1 KB/s) - `sbiextra_1.0.0.17_pass=zer0dev.zip' saved [628764/628764]
$ md5sum sbiextra_1.0.0.17_pass\=zer0dev.zip
6fb1279b90af37b9bbd4cd926b73e3c9 sbiextra_1.0.0.17_pass=zer0dev.zip
$ sha1sum sbiextra_1.0.0.17_pass\=zer0dev.zip
a40f18ba914e9aa55f36e4c0858c39fe3e5fcd12 sbiextra_1.0.0.17_pass=zer0dev.zip
I'm not sure why you expect malware in any of your your sandboxes but if you get any in a sandbox which injects sbiextra.dll then it should not be able to access the memory of any other process outside its own sandbox - that includes the host processes. So if you limit file access in that malware-prone sandbox so that it can't access your "sensitive" stuff you should be fine without running them in a separate sandbox - unless you want it that way.HolySimpsons wrote: I might delete all sensitive data outside sandboxes and transfer it in a save sandbox. After that the malware from another sandbox wouldn't have any chance to steal any of those sensitive data, right?
Hmmmm... what do you think about this? After extracting the password-protected .zip archive:nevermind wrote:Now if only wraithdu could comment on the different md5sum above...
Code: Select all
Antivirus Result Update
Comodo UnclassifiedMalware 20110929
eTrust-Vet Win32/YahLover.HidI_I 20110930
McAfee Artemis!EB96CBE7887D 20110930
McAfee-GW-Edition Artemis!EB96CBE7887D 20110930
Code: Select all
$ md5sum sbiextra_1.0.0.17.zip
4b1705e8cb98ffddb970b8426bfdc772 *sbiextra_1.0.0.17.zip