FALSE POSITIVE VIRUS ALERT FOR Virus.Worm.SuspectCRC!IK
Moderator: Barb@Invincea
FALSE POSITIVE VIRUS ALERT FOR Virus.Worm.SuspectCRC!IK
Hello
I'm running the latest Sandbox version dated 24th March 2011.
I was running Firefox 4 in a sandbox when this morning I got a message by my resident a/v that Virus.Worm.SuspectCRC!1K was found
in
c:\apps\sandboxie\sbiesvc.exe
c:\windows\installer\sandboxieinstall64.exe/$INSTDIR\SbieDLL.dll
and in other files in the same last directory (*.dll, *.exe and Manifest1.txt).
Was wondering if I got my sandbox infected (probably).
My virus removed the files but I will need to reinstall sandboxie.
Anyone know anything more about this virus which I should know in terms of sandboxie especially?
I'm running the latest Sandbox version dated 24th March 2011.
I was running Firefox 4 in a sandbox when this morning I got a message by my resident a/v that Virus.Worm.SuspectCRC!1K was found
in
c:\apps\sandboxie\sbiesvc.exe
c:\windows\installer\sandboxieinstall64.exe/$INSTDIR\SbieDLL.dll
and in other files in the same last directory (*.dll, *.exe and Manifest1.txt).
Was wondering if I got my sandbox infected (probably).
My virus removed the files but I will need to reinstall sandboxie.
Anyone know anything more about this virus which I should know in terms of sandboxie especially?
Was wondering what this file was, manifest1.txt, it's in my sandboxie directory.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Re: Sandbox got infected by a virus?
A new (first) installation of Sandboxie or an update of a previous installed version?malta wrote:I'm running the latest Sandbox version dated 24th March 2011.
If it was a new installation please post the hash (MD5 or SHA1) of your used Sandboxie installer (its name should be SandboxieInstall.exe)
In your case: The problem is not a sandbox but the installed Sandboxie files.
virus in sandboxie
I am having basically the same problem except I have Emisisoft antimalware as my antivirus,it has put the suspect file in qurantine.Here are the results
Emsisoft Anti-Malware v. 5.1.0.10
(C) 2003-2011 Emsi Software GmbH - www.emsisoft.com
ID Object
0 C:\PROGRAM FILES\SANDBOXIE\START.EXE Virus.Worm.SuspectCRC!IK
Emsisoft Anti-Malware v. 5.1.0.10
(C) 2003-2011 Emsi Software GmbH - www.emsisoft.com
ID Object
0 C:\PROGRAM FILES\SANDBOXIE\START.EXE Virus.Worm.SuspectCRC!IK
These are s false alarms http://www.virustotal.com/file-scan/rep ... 1301669842
http://www.virustotal.com/file-scan/rep ... 1301670268
You should restore the files add them to your exceptions and send thenm to your AV company to be removed from their detections
http://www.virustotal.com/file-scan/rep ... 1301670268
You should restore the files add them to your exceptions and send thenm to your AV company to be removed from their detections
Virus.Worm.Suspectcrc!IK
(Latest Version 3.55.01)
Xp-sp-3, Online Armor 5.00.1050 RC
Just got this message trying to install the latest beta of SBIE:
Virus.Worm.Suspectcrc!IK wants to run, Signd by SANDBOXIE L.T.D.
Just when I though I got my system fine tuned. Yeah right, like that ever happens.
Xp-sp-3, Online Armor 5.00.1050 RC
Just got this message trying to install the latest beta of SBIE:
Virus.Worm.Suspectcrc!IK wants to run, Signd by SANDBOXIE L.T.D.
Just when I though I got my system fine tuned. Yeah right, like that ever happens.
-
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
emsisoft used IKARUS engine.....above should contact IKARUS I have done it....on my home computer is installed IKARUS virus.utilities and reported to two days Virus.Worm.Suspectcrc....today is no longer reporting....
Many thanks for the delivered file.
***** false-positive *****
The false positive was removed and should not occur any more after our next database update.
This is an automatic generated e-mail, please do not reply
> product: VU
> serialnumber: HF*******
> infotxt:
> password: virus!
> computername: *****
> vdbbuild: 78075
> t3version: 1001097
> productversion: 1000214
> guardxupversion: 1000099
>
> date/time: 01.04.2011 7:03:13
> filename: sandboxieinstall64-355-01.exe original path:
> f:\********\sandboxieinstall\
> filesize: 1045,57 KB
> virusname: Virus.Worm.SuspectCRC
> suggestion: Save & Delete
> signatureId: 1545904
> md5sum: 7dc2e5a87d61428ecd87feff836fd48a
>
>
Many thanks for the delivered file.
***** false-positive *****
The false positive was removed and should not occur any more after our next database update.
This is an automatic generated e-mail, please do not reply
> product: VU
> serialnumber: HF*******
> infotxt:
> password: virus!
> computername: *****
> vdbbuild: 78075
> t3version: 1001097
> productversion: 1000214
> guardxupversion: 1000099
>
> date/time: 01.04.2011 7:03:13
> filename: sandboxieinstall64-355-01.exe original path:
> f:\********\sandboxieinstall\
> filesize: 1045,57 KB
> virusname: Virus.Worm.SuspectCRC
> suggestion: Save & Delete
> signatureId: 1545904
> md5sum: 7dc2e5a87d61428ecd87feff836fd48a
>
>
Emisoft AntiMalware reports Sandboxie as a Virus-Worm
I am using Emisoft AM free (I let the trial version expire) as a second opinion AV, and scanned with the sandbox empty. But still it flagged the following items as malware:
[2580] C:\Program Files\Sandboxie\SbieCtrl.exe Discovered: Virus.Worm.SuspectCRC!IK
[2596] C:\Program Files\Sandboxie\SbieSvc.exe Discovered: Virus.Worm.SuspectCRC!IK
I reported it to Emisoft as false positives.
[2580] C:\Program Files\Sandboxie\SbieCtrl.exe Discovered: Virus.Worm.SuspectCRC!IK
[2596] C:\Program Files\Sandboxie\SbieSvc.exe Discovered: Virus.Worm.SuspectCRC!IK
I reported it to Emisoft as false positives.
Last edited by Lode on Sun Apr 03, 2011 7:12 pm, edited 3 times in total.
Who is online
Users browsing this forum: No registered users and 1 guest