Jump to content

malware.sandbox file and registry key detected: are these false postivies


eliuri

Recommended Posts

Module: 0
(No malicious items detected)

Registry Key: 1
Malware.Sandbox.13, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Creative

Audio Engine Licensing Service, No Action By User, 13, 0, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Sandbox.13, C:\PROGRAM FILES (X86)\COMMON FILES\CREATIVE LABS

SHARED\SERVICE\CTAELICENSING.EXE, No Action By User, 13, 0,

1.0.35205, 13, dds, 01055877, C0EAD9F8AB83D41FF07303C75589C2B8,

C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

malwarebytes jan3 2021 3 am.txt

Link to post
Share on other sites

Thank you Tammy.

I quarantined both items-- that file and that registry key. I'm a bit hesitant to release those from quarantine to re-scan, as I'd have a hard time locating that registry key if restored.

Both items are prefaced by: Malware.Sandbox.13

What does that mean?

=============

Eliuri

Windows 7

Malwarebytes Premium 4.3.0

 

Link to post
Share on other sites

Hi Eliuri-

 

I just had one of my clients tell me about a nearly identical detection just last night.  A file (also in the "Common Files" folder) and its corresponding registry key (also in "CurrentControlSet/Services"):


Malware.Sandbox.13, C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE


Malware.Sandbox.13, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MDM


This detection came up last night during the scheduled daily scan, and interestingly this computer has been powered on but not actually in use since mid-December.  So I am pretty confident that it’s a false positive since nothing on this machine has changed in weeks.

Anyway, I hope that helps.  I noticed MWB hadn't responded to you in a few days, so I figured I'd share my findings with you.  And thought this might help anyone else searching the forums for "malware.sandbox" like I did to find this thread.

 

Link to post
Share on other sites

Hi Eliuri-

 

I just had one of my clients tell me about a nearly identical detection just last night.  A file (also in the "Common Files" folder) and its corresponding registry key (also in "CurrentControlSet/Services"):


Malware.Sandbox.13, C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE


Malware.Sandbox.13, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MDM


This detection came up last night during the scheduled daily scan, and interestingly this computer has been powered on but not actually in use since mid-December.  So I am pretty confident that it’s a false positive since nothing on this machine has changed in weeks.

Anyway, I hope that helps.  I noticed MWB hadn't responded to you in a few days, so I figured I'd share my findings with you.  And thought this might help anyone else searching the forums for "malware.sandbox" like I did to find this thread.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.