FALSE POSITIVE VIRUS ALERT FOR Virus.Worm.SuspectCRC!IK

malta · Post by **malta** » Fri Apr 01, 2011 7:55 am

Hello

I'm running the latest Sandbox version dated 24th March 2011.

I was running Firefox 4 in a sandbox when this morning I got a message by my resident a/v that Virus.Worm.SuspectCRC!1K was found
in
c:\apps\sandboxie\sbiesvc.exe
c:\windows\installer\sandboxieinstall64.exe/$INSTDIR\SbieDLL.dll
and in other files in the same last directory (*.dll, *.exe and Manifest1.txt).

Was wondering if I got my sandbox infected (probably).
My virus removed the files but I will need to reinstall sandboxie.

Anyone know anything more about this virus which I should know in terms of sandboxie especially?

malta · Post by **malta** » Fri Apr 01, 2011 8:08 am

Was wondering what this file was, manifest1.txt, it's in my sandboxie directory.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

Ruhe · Post by **Ruhe** » Fri Apr 01, 2011 9:22 am

malta wrote:I'm running the latest Sandbox version dated 24th March 2011.

A new (first) installation of Sandboxie or an update of a previous installed version?
If it was a new installation please post the hash (MD5 or SHA1) of your used Sandboxie installer (its name should be SandboxieInstall.exe)

In your case: The problem is not a sandbox but the installed Sandboxie files.

greasy · Post by **greasy** » Fri Apr 01, 2011 9:37 am

I am having basically the same problem except I have Emisisoft antimalware as my antivirus,it has put the suspect file in qurantine.Here are the results

Emsisoft Anti-Malware v. 5.1.0.10
(C) 2003-2011 Emsi Software GmbH - www.emsisoft.com

ID Object
0 C:\PROGRAM FILES\SANDBOXIE\START.EXE Virus.Worm.SuspectCRC!IK

greasy · Post by **greasy** » Fri Apr 01, 2011 9:59 am

Forgot to mention i am running Google Chrome

dave22 · Post by **dave22** » Fri Apr 01, 2011 11:04 am

These are s false alarms http://www.virustotal.com/file-scan/rep ... 1301669842

http://www.virustotal.com/file-scan/rep ... 1301670268
You should restore the files add them to your exceptions and send thenm to your AV company to be removed from their detections

greasy · Post by **greasy** » Fri Apr 01, 2011 4:30 pm

Emisisoft has already sent a reply but thanks.If you want the best in protection try Sandboxie WITH Emisisoft antimalware and you have the ultimate protection out there!!!!!!!!!!!!!!!

Boxed In · Post by **Boxed In** » Fri Apr 01, 2011 11:45 pm

(Latest Version 3.55.01)
Xp-sp-3, Online Armor 5.00.1050 RC

Just got this message trying to install the latest beta of SBIE:
Virus.Worm.Suspectcrc!IK wants to run, Signd by SANDBOXIE L.T.D.

Just when I though I got my system fine tuned. Yeah right, like that ever happens.

Buster · Post by **Buster** » Sat Apr 02, 2011 9:28 am

Submit the suspicious file to the av vendor and ask them to confirm if it´s a false positive or a true infection.

SnDPhoenix · Post by **SnDPhoenix** » Sat Apr 02, 2011 12:43 pm

Know whats weird? All of these false positive's are just recently showing up, in the last day or so, what do you want to bet it's because of the new experimental support in the new beta?
Apparently these AV's don't like that...

skokospa · Post by **skokospa** » Sat Apr 02, 2011 3:11 pm

emsisoft used IKARUS engine.....above should contact IKARUS I have done it....on my home computer is installed IKARUS virus.utilities and reported to two days Virus.Worm.Suspectcrc....today is no longer reporting....

Many thanks for the delivered file.

***** false-positive *****

The false positive was removed and should not occur any more after our next database update.

This is an automatic generated e-mail, please do not reply

> product: VU
> serialnumber: HF*******
> infotxt:
> password: virus!
> computername: *****
> vdbbuild: 78075
> t3version: 1001097
> productversion: 1000214
> guardxupversion: 1000099
>
> date/time: 01.04.2011 7:03:13
> filename: sandboxieinstall64-355-01.exe original path:
> f:\********\sandboxieinstall\
> filesize: 1045,57 KB
> virusname: Virus.Worm.SuspectCRC
> suggestion: Save & Delete
> signatureId: 1545904
> md5sum: 7dc2e5a87d61428ecd87feff836fd48a
>
>

tzuk · Post by **tzuk** » Sun Apr 03, 2011 6:35 am

Good news skokospa, thanks.

Lode · Post by **Lode** » Sun Apr 03, 2011 6:28 pm

I am using Emisoft AM free (I let the trial version expire) as a second opinion AV, and scanned with the sandbox empty. But still it flagged the following items as malware:

[2580] C:\Program Files\Sandboxie\SbieCtrl.exe Discovered: Virus.Worm.SuspectCRC!IK
[2596] C:\Program Files\Sandboxie\SbieSvc.exe Discovered: Virus.Worm.SuspectCRC!IK

I reported it to Emisoft as false positives.

Guest10 · Post by **Guest10** » Sun Apr 03, 2011 6:33 pm

http://sandboxie.com/phpbb/viewtopic.php?t=10208

Lode · Post by **Lode** » Sun Apr 03, 2011 6:39 pm

Thanks. With a few of us reporting it to the AV vendors this falsie should be gone soon.

Sandboxie Support

FALSE POSITIVE VIRUS ALERT FOR Virus.Worm.SuspectCRC!IK

FALSE POSITIVE VIRUS ALERT FOR Virus.Worm.SuspectCRC!IK

Re: Sandbox got infected by a virus?

virus in sandboxie

virus

Virus.Worm.Suspectcrc!IK

Emisoft AntiMalware reports Sandboxie as a Virus-Worm

Who is online