Jump to content
DoyleFrank

FP in Kaspersky Sandbox?

Recommended Posts

Hi,

After fresh installing my PC, the only thing I did was adding Noscript, Adblock and Downloadhelper to Firefox. MB found Trojan.ZBot in Kaspersky's Sandbox Folder. Wasnt possible to attach the supposed file - .autoreg. Never had any Problems with MB and Kaspersky's Sandbox or AddOns. Is it a false positive? Thanks for your help!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Datenbank Version: 5565

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

21.01.2011 17:03:44

mbam-log-2011-01-21 (17-03-39).txt

Art des Suchlaufs: Vollst

Share this post


Link to post
Share on other sites

Yes, Malwarebytes is started outside the sandbox with admin rights. The Firefox-AddOns were installed on another restricted account, while running inside the sandbox. All the Add-On content is saved inside the Kaspersky Sandbox.

Share this post


Link to post
Share on other sites

This has to be Kaspersky blocking the file from being scanned. Did you have any exceptions added in kaspersky or mbam before that maybe you forgot to put back in after the fresh install.

With the amount of people that use no script and in a normal windows enviroment i can't duplicate it then it has to be something with kaspersky and the way it protects the files inside the sandbox. You might be better off with support in The general forum with this.

These files that you are scanning are virtualized because of the sandbox so they probably arent really accessible in a normal sense.

Share this post


Link to post
Share on other sites

Thank you very much for your response. Youre probably right, it has to be something with Kaspersky's sandbox. Its intreresting though, that MB itentifies this problem as Trojan.Zbot.

Share this post


Link to post
Share on other sites

When i get caught up i will see if i can duplicate this with the kaspersky trial. Being it's a sandbox its probably safe to add that path to the ignore list.

Can you tell me what version of kaspersky and noscript so i can duplicate this.. Any other info that i would need also.

Share this post


Link to post
Share on other sites

Can't reproduce it here, either.

System specs are below, KIS is current build (11.0.2.556 (a.b.c), FF 3.6.13, NoScript 2.0.9.6.

I don't use Safe Run for routine browsing, and I do clear the Safe Run folder quite often (usually at the end of every session).

Regards,

daledoc1

Share this post


Link to post
Share on other sites

Greetings DoyleFrank :blink:

Please follow the instructions posted here so that I can find out exactly what definition is detecting this as that will help us to replicate the problem and get it resolved.

Thanks ;)

Share this post


Link to post
Share on other sites

I did a fresh install 2 days ago, and didnt add Noscript to Firefox. When adding Noscript, ill do it outside the sandbox this time.

Share this post


Link to post
Share on other sites

We may have found the issue.

Can you please update to 5637 or on when its released.. Reinstall noscript and let me know if its still detected

Share this post


Link to post
Share on other sites

I did the same as last time, added Noscript while running Firefox in KAV's Sandbox - the log is clean this time, nothing was found!

Share this post


Link to post
Share on other sites

Thanks for reporting and sticking with us.. This wasn't a general run of the mill false positive so took the collective minds to figure out especially since we couldnt duplicate it on this end

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.