Jump to content

personwithahead

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I was scanning my external HD yesterday from within sandboxie and I received a result from "additional items" at the end of the scan in c:\program files\torsearch\torsearch.exe”. I have the Tor bundle installed but I couldn't find that folder or any "torsearch.exe" file anywhere. I scanned with mbam outside of sandboxie and it returned nothing I scanned on my admin account in sandboxie and it returned nothing I scanned on my admin account and got nothing It would only return this torsearch.exe when used on the user account scanning with Mbam within a sandbox of the program Sandboxie. But there was absolutely no \torsearch folder there when checking with a sandboxed explorer.exe All sandboxes were empty, cleaned and scrubbed. The Tor program folder is blocked file access for the sandbox I was using to scan, however its location is %Program Files%\Tor and this "Item" that the final "Additional Items" check that mbam did was “c:\program files\torsearch\torsearch.exe” (all in lower case, is that normal?) So technically its a completely different folder. Do I have a rootkit that was revealed by some sandboxie function or is Mbam picking up something about TOR, maybe cause the sandbox didn't have access to the TOR folder???? But displaying a different folder (item) I cannot replicate the problem today, it won't happen now for some reason. I used Hitman pro, Mbar.exe, AswMBR, mbr.exe all came back clean then I used gmer, catchme.exe, radix, vba32, rootrepeal I didn't see anything (I'm not trained however). So quite frankly I'm lost! Tell me more about the "additional items" scan at the end. This "item" was not as it seems picked with on the first round of scans (I wasn't scanning my c drive anyway, however later on testing it was picked up on quick scan of c - same time at the end "additional items") When I had the log file it didn't show much on that a file was infected, but not how it found this file such as hidden etc. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.