Jump to content

Torsearch.exe possible FP or I'm screwed?

Recommended Posts

Hi, I was scanning my external HD yesterday from within sandboxie and I received a result from "additional items" at the end of the scan in c:\program files\torsearch\torsearch.exe”. I have the Tor bundle installed but I couldn't find that folder or any "torsearch.exe" file anywhere.

I scanned with mbam outside of sandboxie and it returned nothing

I scanned on my admin account in sandboxie and it returned nothing

I scanned on my admin account and got nothing

It would only return this torsearch.exe when used on the user account scanning with Mbam within a sandbox of the program Sandboxie. But there was absolutely no \torsearch folder there when checking with a sandboxed explorer.exe

All sandboxes were empty, cleaned and scrubbed.

The Tor program folder is blocked file access for the sandbox I was using to scan, however its location

is %Program Files%\Tor and this "Item" that the final "Additional Items" check that mbam did was

“c:\program files\torsearch\torsearch.exe” (all in lower case, is that normal?) So technically its a completely different folder.

Do I have a rootkit that was revealed by some sandboxie function or is Mbam picking up something about TOR, maybe cause the sandbox didn't have access to the TOR folder???? But displaying a different folder (item)

I cannot replicate the problem today, it won't happen now for some reason.

I used Hitman pro, Mbar.exe, AswMBR, mbr.exe all came back clean then I used gmer, catchme.exe, radix, vba32, rootrepeal I didn't see anything (I'm not trained however). So quite frankly I'm lost!

Tell me more about the "additional items" scan at the end. This "item" was not as it seems picked with on the

first round of scans (I wasn't scanning my c drive anyway, however later on testing it was picked up on quick scan of c - same time at the end "additional items")

When I had the log file it didn't show much on that a file was infected, but not how it found this file such as

hidden etc.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.