Hotkeys

Oneder · Post by **Oneder** » Mon Dec 27, 2010 11:21 pm

Built in dedicated Hotkeys that can't be circumvented to the terminate command would be of help against some ransom/screenlockers type malware.

I know they are contained but hotkeys could save a reset.

Buster · Post by **Buster** » Tue Dec 28, 2010 3:00 am

I support this feature request.

ssj100 · Post by **ssj100** » Tue Dec 28, 2010 4:20 am

Sounds good to me too.

tzuk · Post by **tzuk** » Tue Dec 28, 2010 6:24 am

I explained the problem at the bottom of this post:

http://www.sandboxie.com/phpbb/viewtopic.php?t=9338

I've not fixed that yet, but what I described there is going to be the approach that I will take to deal with this issue.

Oneder · Post by **Oneder** » Wed Dec 29, 2010 12:21 am

Ok thanks tzuk.

For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open.

Thanks to majoMo wilders.

Code: Select all

::30=30 sec.
@echo off
:START
ping 127.0.0.1 -n 30 > nul
start "" "C:\Program Files\Sandboxie\Start.exe" /box:DefaultBox /terminate
GOTO START

soccerfan · Post by **soccerfan** » Wed Dec 29, 2010 8:44 am

Oneder wrote:For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open.[/code]

Thanks Oneder. In a followup post in that thread http://www.wilderssecurity.com/showpost ... ostcount=6 Franklin says:

I was using WinHotKey here but some of these new Ransom/Winlock/Screenlockers lock everything up where hotkeys just won't work whereas the batchfile, which has to be running before executing the malware, works a treat.

The batchflie must be already running before executing the malware.
This may be nice for those testing malware (not me!)

Oneder · Post by **Oneder** » Wed Dec 29, 2010 10:02 am

soccerfan wrote: The batchflie must be already running before executing the malware.
This may be nice for those testing malware (not me!)

Franklin and I are always testing malware so the batch works a treat in not having to reset with these screenlockers.

On my XP VM's where I'm not using SB I point the batch to RogueKiller.

Yes you can use Task scheduler to run a normal terminate bat but minimum wait to execute is a minute.

Buster · Post by **Buster** » Wed Dec 29, 2010 11:14 am

I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.

Oneder · Post by **Oneder** » Wed Dec 29, 2010 7:34 pm

Buster wrote:I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.

Sounds good buster, wouldn't mind a look at it if OK by you.

Buster · Post by **Buster** » Thu Dec 30, 2010 3:16 am

Oneder wrote:Sounds good buster, wouldn't mind a look at it if OK by you.

The program, named Extractor, is used to extract contents from all kind of packed files: archives, setups, embedded files, etc.

It supports: 7z, ZIP, GZIP, BZIP2, TAR, RAR, CAB, ISO, ARJ, LZH, CHM, Z, CPIO, RPM, DEB, NSIS, ACE, EML, Inno Setup, Microsoft SZDD, Microsoft TNEF, RTF, Gentee, Setup Factory, RapSFX, Thraex´s Astrum InstallWizard, SEA, Instyler, BInstall, Cexe, Quick Batch File Compiler, WScript, Smart Install Maker, Stubbie SFX Extractor, ARC, ZOO, SIS and virtually any executable compressed file format.

I can show you a screenshot of the project:

Extractor is an improved version of Universal Extractor: http://legroom.net/software/uniextract

In fact I started coding Extractor in 2007 because I was not satified with UE. Right now Extractor is the best program of its kind (there are not many of them

). It´s able to automatize many setups even. That means contents get extracted without any user intervention because the program automatically clicks on "Next" button.

Here you can see some statistics:

Oneder · Post by **Oneder** » Thu Dec 30, 2010 6:37 am

Excellent Buster. Will give it a whirl in a little while.

soccerfan · Post by **soccerfan** » Thu Dec 30, 2010 7:29 am

Buster wrote:Extractor is an improved version of Universal Extractor:...
In fact I started coding Extractor in 2007 because I was not satified with UE...

Wow. I have been using uniextract for quite a while but your Extractor even wraps it all in sandboxie.

Buster, do you have any plans of a public release (or a contributed utility)?

Buster · Post by **Buster** » Thu Dec 30, 2010 7:33 am

soccerfan wrote:Wow. I have been using uniextract for quite a while but your Extractor even wraps it all in sandboxie.

Well, Extractor uses a combination of 7Zip, Sandboxie and other custom extraction procedures.

As you can see in the statistics, 7Zip does the job most of the time and Sandboxie usually does the rest.

soccerfan wrote:Buster, do you have any plans of a public release (or a contributed utility)?

No, I don´t have plans of releasing this tool.

Sandboxie Support

Hotkeys

Hotkeys

Who is online