Hi!
These last days I had noticed that the characters -letters- I typed on forums only appeared after a few seconds. Same deleting them with the backspace key. So I realized something was wrong.
I scanned with my Avira (paid), SAS (paid), MBAM (free), Hitman Pro (free), and Online Armor Cloudscan (free). None found malware. Then I scanned online -unsandboxed- with Panda's ActiveScan 2.0 (free) and it detected 14 Trojans in my Opera folders. I had it remove them, and now typing is fast again.
I have "Allow access to entire Opera profile folder" checked in Sandboxie. Might this have given the malware the opportunity to get in? And if so, what would be the disadvantage having that option disabled (unchecked).
Trojan Horses Due To My Sandboxie Settings?
Thanks for your response.
I don't know. All I know is that I used my IE9 browser, un-sandboxed on purpose so in case the scanner would find something, it would be able to remove it if it would be outside the sandbox (on my hard disk.)
Opera is my default, and I always run it sandboxed, including therefore its integrated mail program. And I don't remember if it was active at that moment or not while I was scanning with ActiveScan 2.0 in IE9, the only browser in which it works for me (not in Firefox either, my 3th browser.)
Luckily all the malware was removed.
But the thing I am wondering about is what will change in my Opera use if I disable the "Allow access to to entire Opera profile folder" setting in Sandboxie.
I don't know. All I know is that I used my IE9 browser, un-sandboxed on purpose so in case the scanner would find something, it would be able to remove it if it would be outside the sandbox (on my hard disk.)
Opera is my default, and I always run it sandboxed, including therefore its integrated mail program. And I don't remember if it was active at that moment or not while I was scanning with ActiveScan 2.0 in IE9, the only browser in which it works for me (not in Firefox either, my 3th browser.)
Luckily all the malware was removed.
But the thing I am wondering about is what will change in my Opera use if I disable the "Allow access to to entire Opera profile folder" setting in Sandboxie.
I guess you are right.
A few days ago ActiveScan had detected 15 Trojans in my Opera mail folders. I checked my mail folders, and they were all empty, or so I thought. Because I therefore also thought those were false positives, I did not let ActiveScan remove them. Instead I posted about this on the Panda forum. But someone replied that the detected malware had to be in my mail folders, so I checked again, and found months old spam with malware attachments in the spam folder I had forgotten all about. I had never opened any of the attachments. Instead I had the spam send on to SpamCop, reason I had not allowed Avira to remove them when I received them.
SpamCop alerted the ISP of the spammer, and it stopped.
But this slow typing issue appeared a day or so after I emptied that spam folder.
As I had deleted all the emails from my Opera mail, so the malware could hardly have been still in any email malware attachment, as all of those were deleted together with the emails when I emptied the spam folder.
So probably the malware could still have been there because it was in the mail program itself, and that was not removed by emptying the spam folder.
I don't know how to remove the sandbox folder content in this case with the Opera browser and its email program, if the malware is present in the browser/mail program itself.
In any case, before I had any slow typing problem- I first tried to do run the ActiveScan in my Opera browser, but that was not possible due to incompatibility. So I switched to Firefox, leaving Opera active and as usual sandboxed- but in Firefox the scan could also not be done. Then I switched to IE9 -Opera still active sandboxed- and now the scanner worked. It detected those 15 Trojans in my spam folder. I emptied that folder, and thought that was the end of it.
Then a day or so later the slow typing problem appeared, so I scanned again, this time with Opera inactive -and thus this time not sandboxed either- and ActiveScan found 14 Trojans in Opera's mail program, and this time I allowed ActiveScan to remove the malware.
Why the first time it found 15 and the second 14 I don't know, but I think it might have to do with me having deleted the spam before the second scan.
The thing was to have the scanner do its job while the browser was not sandboxed, as Sandboxie does not allow certain permanent changes to be made in programs while they are in the sandbox, in this case the infected browser.
I guess... I'm just speculating, only knowing the bare minimum needed for using a notebook.
A few days ago ActiveScan had detected 15 Trojans in my Opera mail folders. I checked my mail folders, and they were all empty, or so I thought. Because I therefore also thought those were false positives, I did not let ActiveScan remove them. Instead I posted about this on the Panda forum. But someone replied that the detected malware had to be in my mail folders, so I checked again, and found months old spam with malware attachments in the spam folder I had forgotten all about. I had never opened any of the attachments. Instead I had the spam send on to SpamCop, reason I had not allowed Avira to remove them when I received them.
SpamCop alerted the ISP of the spammer, and it stopped.
But this slow typing issue appeared a day or so after I emptied that spam folder.
As I had deleted all the emails from my Opera mail, so the malware could hardly have been still in any email malware attachment, as all of those were deleted together with the emails when I emptied the spam folder.
So probably the malware could still have been there because it was in the mail program itself, and that was not removed by emptying the spam folder.
I don't know how to remove the sandbox folder content in this case with the Opera browser and its email program, if the malware is present in the browser/mail program itself.
In any case, before I had any slow typing problem- I first tried to do run the ActiveScan in my Opera browser, but that was not possible due to incompatibility. So I switched to Firefox, leaving Opera active and as usual sandboxed- but in Firefox the scan could also not be done. Then I switched to IE9 -Opera still active sandboxed- and now the scanner worked. It detected those 15 Trojans in my spam folder. I emptied that folder, and thought that was the end of it.
Then a day or so later the slow typing problem appeared, so I scanned again, this time with Opera inactive -and thus this time not sandboxed either- and ActiveScan found 14 Trojans in Opera's mail program, and this time I allowed ActiveScan to remove the malware.
Why the first time it found 15 and the second 14 I don't know, but I think it might have to do with me having deleted the spam before the second scan.
The thing was to have the scanner do its job while the browser was not sandboxed, as Sandboxie does not allow certain permanent changes to be made in programs while they are in the sandbox, in this case the infected browser.
I guess... I'm just speculating, only knowing the bare minimum needed for using a notebook.
Thanks. That part I know though. It's that I thought the malware was somehow attached to the browser and/or its build in email program, and that it had worked itself in there when Opera was used one of the rare times I might have ran it un-sanboxed, and that this could not be deleted by emptying the sandbox.
I have scanned again this time with Immunet: it found 1 Trojan in the same location. So that brought the total to the original 15 again. I think I got these 14 (ActiveScan) and 1 (Immunet) back because I used a backup on which they already were. Now they're gone again, and I made a new system backup of that.
I have scanned again this time with Immunet: it found 1 Trojan in the same location. So that brought the total to the original 15 again. I think I got these 14 (ActiveScan) and 1 (Immunet) back because I used a backup on which they already were. Now they're gone again, and I made a new system backup of that.
Who is online
Users browsing this forum: No registered users and 1 guest
