wildman424

High priority!! Running Malwarebytes in a sandbox

6 posts in this topic

hey guys I need to get Malwarebytes to run inside my Sandboxie sandbox I have two samples of koobface in there I pulled of Facebook and I need to get a Malwarebytes scan of them with Malwarebytes in developer mode I'm positive these samples are koobface I have the Virus Total reports & I'm going to forward them to your research team but I need the proper logs any ideals ??

Share this post


Link to post
Share on other sites

Unless Malware prevents it our program should run in Sandboxie as well.

Quick Scan and Full Scan Logs

* Windows 2000 & Windows XP:

C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

* Windows Vista & Win7:

C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

File Protection and IP Protection Logs

* Windows 2000 & Windows XP:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

* Windows Vista & Win7:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Share this post


Link to post
Share on other sites

Got it Malwarebytes was running outside the sandbox & would scan the files that were inside the sandbox but wouldn't start under the supervision of Sandboxie it kept getting runtime errors '0' & '440': for the automation error so I couldn't run a custom scan from the context menu inside a sanboxed instance of Windows Explorer

I found the solution in the Q&A area Section A-15

I had to register some of Malwarebytes files that where to run from inside the sandbox, inside the sandboxed mirror Malwarebytes Program directory

made the regsvr32 batch file for the files

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

copied that code pasted it to a notepad and saved it as fix mbam.bat ran it and when completed successfully wala

I still couldent get a dveloper mode log of them but I got Malwarebytes to scan the files from the context menu

there where 2 files scanned both of them are a variant of koobface Malwarebytes detects one of them already submitted them for testing :)

Update - Malwarebytes running great under Sandboxie now :) I'm no longer having any problems using the context menu scan option & can run it in in regular & developer mode with no problems ;):D

edit for update 9/6

Share this post


Link to post
Share on other sites

Hello, i am an user of Sandboxie, and I was wondering, why, or what are the reasons for running MBAM sandboxed ?

I thought any scanning malware within a sandbox, was done from outside the box, usually by right clicking the box at C\sandbox.

I hope you don't mind me asking. Thanks

Share this post


Link to post
Share on other sites
Hello, i am an user of Sandboxie, and I was wondering, why, or what are the reasons for running MBAM sandboxed ?

I thought any scanning malware within a sandbox, was done from outside the box, usually by right clicking the box at C\sandbox.

I hope you don't mind me asking. Thanks

why, or what are the reasons for running MBAM sandboxed ?

:) :) same reason you run anything in a sandbox "what happens in the sandbox stays in the sandbox" testing malware samples can be dangerous I wasn't too sure how they would act when ("I stated poking and prodding at them" :) ) trying to analyze and scan them, I had a sandboxed window open and was trying to scan the samples with Malwarebytes context menu scan ,as you know when a sandboxed process spawns another process that process also starts in the sandbox,when it didn't work I tried to run Malwarebytes in the sandbox which also failed from there my curiosity and (maybe a little OCD) took over of why it failed and why it didn't work and I just had to figure it out or it would have drove me nuts :) that's what this topic was about

I thought any scanning malware within a sandbox, was done from outside the box, usually by right clicking the box at C\sandbox.

true the scanner can run outside the sandbox and detect the files & it seems it can run fine inside a sandbox and still detect the files

I hope you don't mind me asking.

no problem if you have a question always ask someone will have an answer :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.