hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.Btw tested the said malware in a real Windows 8.1.1 system with Sbie 4.10 in default setting : no bypass , just explorer get frozen and need hard reboot. Sbie still protect the OS.
maybe.you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.
also you have to be sure you deleted the contents of the sandbox before reboot.
i sure can, there is nothing important in that pc, and i'd rather lose the os then runing vm, its killing my cooling sys on the laptop. the only problem is that im using remote desktop to conect to the machine, smart virus may copy itself to my laptop or networkYou could mistakenly run into some cryptolocker that could encrypt all of your data on all of your partitions. If you test malwares on the real machine just lock other partitions to be not accessible by OS, or if you don't mind formatting your HDD just don't keep important files on your computer.
Have a nice day, and be safe
"reboot? u can't reboot, only force shutdown"hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.
I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot
thx"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
no prob bro, it is always good to learn new things. feel free.I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1
I'll test it out later when I get my VM up and running again.
thx for the info, very helpful