Register    Login    Search    FAQ     Articles & downloads     Donate

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Strange virus?
 Post Posted: Thu Sep 15, 2016 8:46 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 9:16 am
Posts: 182
Location: Lambertville, NJ
Win 7


This morning while doing my usual visit to two of my bookmarks I viewed a drastic change
in their appearance along with a pop up warning from Malwarebytes that s3.amazonaws.com
was present. I Googled and found instructions how to get rid of it. But I didn't have time to
do it so I shut down. About 10 hours later (tonight) I started up again and visited the sites and
they were back to normal and no Mbyte warnings. When I do the internet thing, I'm always in
a virtual environment and also in a sandbox except when doing updates and the like.
I'm thinking what happened was that I didn't have an infection but that the web site did.
Am I correct?


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Thu Sep 15, 2016 9:40 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 975
Smitty, if you were in a virtual environment and a sandbox you might have had a virus but as soon as you shut down, all malware are wiped out. I would still do a scan of my entire system with both your anti-virus and Malwarebytes but the infection, if there really ever was one, is almost certainly gone. I have never heard of a piece of malware able to survive a virtual environment or sandbox shutdown, let alone both.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Fri Sep 16, 2016 9:04 am 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 9:16 am
Posts: 182
Location: Lambertville, NJ
Scans show I'm clean and nothing has been quarantined.
Everything is still OK this morning.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Fri Sep 16, 2016 1:52 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 975
Ok. Smitty you may already know this but I want to state this for everyone else, who also may already know this. VM and Sandboxes DO NOT protect you from malware while you are surfing by themselves, you need other security programs such as anti-Virus and anti-Malware. VM and Sandboxes just make sure that the bad guys are trapped in those environments and cannot infect the rest of your system where they would find a very comfortable place to live. Once you delete the VM or Sandbox the trapped malware is also deleted.

What does this mean? If you do banking and use credit cards online, ALWAYS delete the sandbox first and start over. Even the creator of Sandboxie, one of my security gurus states this:
http://www.sandboxie.com/index.php?Dete ... ers#defend

Yes, Sandboxing, et. al., will protect your system but NOT THAT PARTICULAR SURFING SESSION if you have become infected at a particular website or email. If you go to a banking site or use your credit card you may now have a keystroke logger on your system, well, inside the sandboxed area. So as the creator of Sandboxie states, before going to a banking site ALWAYS delete the sandbox and start over. ASSUMING that the rest of your system is clean and free of these parasites, you are good to go. I even delete my sandbox after I have done banking, not sure why, it just feels good.

Yes this takes more time and patience, all this deleting. I have an excellent macro program called MacroExpress that lets me do this, the deleting and going back online, in just two key strokes, one in each direction.
Like I said, most of you probably already know all this but it never hurts to hear it again.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Fri Sep 16, 2016 9:13 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 9:16 am
Posts: 182
Location: Lambertville, NJ
I hate to admit it, but I didn't know that. Makes sense.
I'm glad I started this topic.
It's extremely rare for me to use my credit card on line... Most merchants
take PayPal.
From now on, any time I use a log on/password that I need to
keep top secret, I'll be deleting the contents of Sandboxie.
Thanks for that eye opener!


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Sat Sep 17, 2016 12:07 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Couple of things.

1. When Mbam Premium gives that alert on any site, you don't need to worry about being infected. That alert says that Mbam blocked access to that site. You are protected.

2. In that amazon case it was a false positive, and it was quickly fixed

3. On banking sites you always have to be alert. All your personal software guards your computer. On important thing to have in your browser is something that protects you from redirects. No AV does that. What that does is keep the site that has been itself infected from sending you to a fake look alike.

Another thing re banking is you should check your bank account from more than one browser. There has been some malware that infects your machine and monitors when you log into the bank account. It makes the account like the bad guy wants. Another machine not infected will show the truth.

Pete


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Sat Sep 17, 2016 6:56 am 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 975
Peter2150 wrote:
Couple of things.

...

Another thing re banking is you should check your bank account from more than one browser. There has been some malware that infects your machine and monitors when you log into the bank account. It makes the account like the bad guy wants. Another machine not infected will show the truth.

Pete

But Peter, wouldn't shutting down your sandbox each time before, and in my case both before and after, you go to a banking site protect you from that?
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Sat Sep 17, 2016 8:30 am 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Acadia wrote:
Peter2150 wrote:
Couple of things.

...

Another thing re banking is you should check your bank account from more than one browser. There has been some malware that infects your machine and monitors when you log into the bank account. It makes the account like the bad guy wants. Another machine not infected will show the truth.

Pete

But Peter, wouldn't shutting down your sandbox each time before, and in my case both before and after, you go to a banking site protect you from that?
Acadia



Absolutely. But what percentage of folks here run SBIE, no less among the general public.


Top 
 Profile  
Reply with quote  
 Post subject: Re: Strange virus?
 Post Posted: Sat Sep 17, 2016 9:02 am 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 975
I want to add something to my lengthy post above where I state "So as the creator of Sandboxie states, before going to a banking site ALWAYS delete the sandbox and start over." To that I would like to add, and then go straight to your banking site WITHOUT GOING ANYWHERE ELSE first.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 9 posts ] 

Board index » Technical Forums » Security


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Similar topics


Jump to:  

cron