Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Think I picked up some kind of malware

13 Sep 2018   #11
Win7fuser

The one I am using to register is my Windows 7 Professional x64 one.
 
 

Quote   Quote: Originally Posted by Snick View Post
Kernel exploits easily by-pass Sandboxie!
Nic
....kernal exploits...? What's that? That might have been it a year or two ago for me when I tried to run something in sandboxie knowing that it could be malicious.... Sandboxie crashed and the program that was running in sandboxed mode escaped sandboxed mode and was running in the real environment, because it didn't close when sandboxie crashed....😕


My System SpecsSystem Spec
.
14 Sep 2018   #12
F22 Simpilot

Windows 7 Ultimate x64
 
 

Since that was a few years ago, and given the fact Sandboxie has had many updates since then, I'm willing to bet they have patched most kernel exploits. But new crap does come out and that's why it's important to stay abreast of any and all Sandboxie updates. Personally, I don't think Sandboxie is perfect software, but it's better than nothing. And now that I use it all the time with my browser, I really don't need to use NoScript since if anything rouge happens it will more than likely stay in the sanboxed environment.

I have tried Shadow Defender and it seems pretty decent. I purposely infected my test VM with loads of malware using Shadow Defender and once I rebooted everything was back to normal like nothing ever changed. This includes ransomware. I tried to run Shadow Defender on my host, but it absolutely mucked up my browser (Pale Moon) so I can't use it. This may be an OS issue and I'm going to tackle that one day here so I can use Shadow Defender. Shadow Defender does come with the caveats that you must create several folder exclusions otherwise nothing will stick, like your downloads folder or pictures/videos folder, My Documents, etc. Even the recycle Bin needs an exclusion. Of course with exclusions you lessen your overall security. So I had Faronics Anti-executable installed. I also tossed loads of malware at that and it past the test.

One has to wonder. I read many years ago about a virtualized rootkit called blue pill. I wonder if something like that can get past virtualization no a days? I know there are VMware vulnerabilities that get patched all the time. And of course Sandboxie gets patched, too.

Edit-

You asked about what a kernel exploit was. It is first necessary to know what a kernel is. Kernel (operating system) - Wikipedia

I once ran a piece of software that apparently prevented kernel-level keyloggers. It was software and an add-on that ran in your browser that scrambled your keyboard input so that keyloggers couldn't read it. Now a days Windows 10 has it's own built-in. LOL
My System SpecsSystem Spec
16 Sep 2018   #13
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, Kali, VMWare Workstation Player, OpenVPN
 
 

Exploits are still a vulnerability for Sandboxie. Yes, even the updated versions, but less so.
5 Ways Advanced Malware Evades the Sandbox | Secureworks
You can Google Kernel Exploits or Sandbox Exploits for more info.
As the good guys enable protection, the persistent bad guys find a work-around. Cat and Mouse continually.
Nic
My System SpecsSystem Spec
.

16 Sep 2018   #14
F22 Simpilot

Windows 7 Ultimate x64
 
 

That article was posted three years ago. Yes, it's a cat and mouse game. I'm sure Sandboxie by now has patched those exploits. I try and stay abreast of what the hacker crowd is up to through Twitter posts and what have you. It seems like a constant endeavor trying to keep things from being hacked or exploited. Like Spectre & meltdown for example, God only knows what other vulnerabilities there are.
My System SpecsSystem Spec
20 Sep 2018   #15
Win7fuser

The one I am using to register is my Windows 7 Professional x64 one.
 
 

Quote   Quote: Originally Posted by F22 Simpilot View Post
I really don't need to use NoScript since if anything rouge happens it will more than likely stay in the sanboxed environment.
If nothing else, could use it as an adblocker or a general "improve page loading times by reducing unnecessary scripts needed to be loaded at once on the page upon load"


Quote   Quote: Originally Posted by F22 Simpilot View Post
I know there are VMware vulnerabilities that get patched all the time. And of course Sandboxie gets patched, too.
...so then really the only safest bet is to have a separate testbed that's completely isolated from your other devices and networks and do your testings there....nothing can escape if the only entry and exit points are hardware locked....

Quote   Quote: Originally Posted by F22 Simpilot View Post
I once ran a piece of software that apparently prevented kernel-level keyloggers. It was software and an add-on that ran in your browser that scrambled your keyboard input so that keyloggers couldn't read it. Now a days Windows 10 has it's own built-in. LOL
Is this program called KeyScrambler? Or was it dewsoft antikeylogger? I think it was that, googling it no longer pulls up its page...I guess it was taken down because I no longer have the installer now that I've replaced it with KeyScrambler....silly me, should have kept an archival backup for historical purposes like this.....

Quote   Quote: Originally Posted by Snick View Post
Exploits are still a vulnerability for Sandboxie. Yes, even the updated versions, but less so.
5 Ways Advanced Malware Evades the Sandbox | Secureworks
You can Google Kernel Exploits or Sandbox Exploits for more info.
As the good guys enable protection, the persistent bad guys find a work-around. Cat and Mouse continually.
Nic
Yes...so it would appear so...interesting read too....

Quote   Quote: Originally Posted by F22 Simpilot View Post
It seems like a constant endeavor trying to keep things from being hacked or exploited. Like Spectre & meltdown for example, God only knows what other vulnerabilities there are.
I remember those, but I didn't they were that serious, were they? Has there been any actual reporting of malware using such an exploit?
My System SpecsSystem Spec
20 Sep 2018   #16
F22 Simpilot

Windows 7 Ultimate x64
 
 

I think it was in fact called KeyScrambler. Been years.

Spectre & Meltdown primarily affect cloud-based computing. For the average SOHO it's pretty much not a problem. I won't even update my BIOS with the patch since I know it will most likely reduce my CPU processing speed, albeit not too much, but the Sim is single threaded and I need all the speed I can muster. In addition to a BIOS update you also have to patch Windows.

God only knows what other CPU/hardware vulnerabilities are out there. Especially with IoT hardware where the manufacture could care less about its security. It was in fact IoT devices that helped to create once of the largest DDoS attacks ever created. I believe it was CloudFlare that mitigated it. Pretty damn impressive. It's why I use CloudFlare. For free you can't beat it. LOL

Here's a website that can be pretty interesting and down right scary at the same time. Shodan
My System SpecsSystem Spec
23 Sep 2018   #17
Win7fuser

The one I am using to register is my Windows 7 Professional x64 one.
 
 

Quote   Quote: Originally Posted by F22 Simpilot View Post
I think it was in fact called KeyScrambler. Been years.

Spectre & Meltdown primarily affect cloud-based computing. For the average SOHO it's pretty much not a problem. I won't even update my BIOS with the patch since I know it will most likely reduce my CPU processing speed, albeit not too much, but the Sim is single threaded and I need all the speed I can muster. In addition to a BIOS update you also have to patch Windows.
Well if you're running a simulation program, I guess it's fine if it's offline....don't there exist multithreaded simulation programs? You'd think now that there are multicore CPUs about, developers would be on the ball with their programs on multithreading.....

Quote   Quote: Originally Posted by F22 Simpilot View Post
God only knows what other CPU/hardware vulnerabilities are out there. Especially with IoT hardware where the manufacture could care less about its security. It was in fact IoT devices that helped to create once of the largest DDoS attacks ever created. I believe it was CloudFlare that mitigated it. Pretty damn impressive. It's why I use CloudFlare. For free you can't beat it. LOL
What's IoT? Never heard of them.....

Yeah I read an article sometime back there was a 500GB/s DDoS at one of the stations of some website I forgot....

I thought CloudFlare was paid, or anything decent is paid these days...?

Quote   Quote: Originally Posted by F22 Simpilot View Post
Here's a website that can be pretty interesting and down right scary at the same time. Shodan
What's this do? Oh ahh, it looks like a port sniffer kind of site.....where it sniffs out open ports and tells you about them, no? So if you can't see your own ports or devices, that means you're safe.
My System SpecsSystem Spec
24 Sep 2018   #18
F22 Simpilot

Windows 7 Ultimate x64
 
 

Microsoft that developed FS2004 and FSX which I play has abandoned the game. So we are stuck with what they created years ago and I've read that back then when M$ developed the Sim they thought CPU speed would increase expediently and thus kept the game a single threaded game not ever thinking that CPUs would come out that would have multiple cores. So in order to play FSX or FS2004 you need a CPU that has the highest single thread capability you can afford. To make matters worse it's only 32 bit. So it's often that if you have loads of scenery add-ons you'll run into an out of memory error. So to combat that you need to control what scenery loads per flight since FS will load ALL scenery regardless if you fly to or over it.

Pr3pard on the other hand is based on FSX's code and has been redone for 64 bit capability and somewhat takes advantage of more than one core. Only issue is that it's EULA states that it's for educational/student use only, but many don't listen to that and use P3D as a game. Which in large part it is.

IoT: Internet Of Things. These are devices like computer integrated refrigerators, thermometers, dryers, and probably even a damn toaster. All can be controlled form a phone, tablet or computer. You can buy this hardware at Amazon for example. You can tie it all to an Amazon Echo and say, "turn on the front room lights" and it will do that.

CloudFlare is both free and paid. Depending on your needs, and they offer paid for options like rate limiting which I pay for that helps prevent layer 7 DDoS attacks.

Read all about it: Shodan (website) - Wikipedia
My System SpecsSystem Spec
29 Sep 2018   #19
Win7fuser

The one I am using to register is my Windows 7 Professional x64 one.
 
 

Quote   Quote: Originally Posted by F22 Simpilot View Post
Microsoft that developed FS2004 and FSX which I play has abandoned the game. So we are stuck with what they created years ago and I've read that back then when M$ developed the Sim they thought CPU speed would increase expediently and thus kept the game a single threaded game not ever thinking that CPUs would come out that would have multiple cores. So in order to play FSX or FS2004 you need a CPU that has the highest single thread capability you can afford. To make matters worse it's only 32 bit. So it's often that if you have loads of scenery add-ons you'll run into an out of memory error. So to combat that you need to control what scenery loads per flight since FS will load ALL scenery regardless if you fly to or over it.

Pr3pard on the other hand is based on FSX's code and has been redone for 64 bit capability and somewhat takes advantage of more than one core. Only issue is that it's EULA states that it's for educational/student use only, but many don't listen to that and use P3D as a game. Which in large part it is.

IoT: Internet Of Things. These are devices like computer integrated refrigerators, thermometers, dryers, and probably even a damn toaster. All can be controlled form a phone, tablet or computer. You can buy this hardware at Amazon for example. You can tie it all to an Amazon Echo and say, "turn on the front room lights" and it will do that.

CloudFlare is both free and paid. Depending on your needs, and they offer paid for options like rate limiting which I pay for that helps prevent layer 7 DDoS attacks.

Read all about it: Shodan (website) - Wikipedia
Oh didn't know that, interesting....
My System SpecsSystem Spec
Reply

 Think I picked up some kind of malware




Thread Tools




Similar help and support threads
Thread Forum
Overclock not picked up by OS
I have overclocked my system from 3.33 to 4.10 and while this is picked up by the BIOS at boot and displayed as such Windows still says it is 3.33 and it will only run at 3.33 max. How do I get windows to pick up the 4.1 overclock?
PC Custom Builds and Overclocking
Finally picked my build parts
I am getting the asus motherboard as I like the brand and I KNOW its a reliable board for the price. I know the psu isn't a amazing brand BUT all the reviews are good. I honestly don't care for a case but its better then using my old one and its a 5 star egg and comes with a fan. The RAM im going...
PC Custom Builds and Overclocking
Western digital 1TB HD not being picked up as connected
I currently use an OCZ Vertex 2 3.5" 240GB E Series SSD as my boot drive and use a Western digital caviar green as a storage drive. The problem I have been experiencing is simple. Whenever the PC restarts or is turned on for the first time during the day, it quite often will not recognize the WD...
Hardware & Devices
DVD Drives not Being Picked Up
Hi all, My first post so please take it easy! Had cause to swap out two dud dvd drives, LG branded ones. Since installing the two replacements, also LG ones, all I am seeing listed under device manager is "CD ROM Drive". I used to be able to see the make/model etc of the drive before,...
Hardware & Devices
HDTV Picked up a VGA on HDMI
Hello, I have just installed Win7 64 and noticed that both my 17'' TFT monitor and Sony HDTV are picked up in device manager as "Generic PnP Monitor" http://i868.photobucket.com/albums/ab248/petersgc/GenericPnPMonitors.png This seems to effect the Nvidia control panel as it detected the...
Drivers


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:39.
Twitter Facebook Google+