I think I'm infected..?

Today, I downloaded some .exe - And I could not trust it so I right clicked, and then clicked “Run in Comodo Sandbox.”

A warning came up:
“Windows will shut down in lesss than a minute”

I was scared to see the message, and I tried to the close the program but no luck and it restarted my PC.

Before it was restarted, I saw that 1Item is running in the sandbox, that was the .exe I think.

But, now it have restarted and I don’t see any wierd processes or something, but I deleted the file.

Am I infected, or did Comodo Sandbox save me?

Do a scan with MBAM to determine if there’s any dropped files.

Nothing, it didnt find anything.

Would’nt Comodo stop the Dropfiles?

If it was sandboxed as Restricted or lower, no. Only Untrusted and Blocked options are preventing dropping files.

That seems kinda… dangerous. What if I set my settings to Block?

Dropped files aren’t loaded in memory, so they’re not dangerous. :wink:

If it is set to Blocked than aplication isn’t allowed to run at all.

Did the window have a title?
A file ran in the sandbox shouldn’t be able to execute a shutdown or cause the system to need to shutdown.
Do you see anything suspicious in the Defence+ events?

I would do a scan with Malwarebytes and then Hitman Pro just for a little peace of mind. :slight_smile:


Please don’t double post. This question is also discussed in your other topic.

Thats one reason why i have untrusted as my setting.

:imoangel: (CNY)

Noo. He clicked on “Run in Comodo Sandbox” thats means that file got virtualized, so there is no danger. All is right, after restart virus gone.

That .exe was pornoplayer.exe or flash update.exe or other fake adobe hlash player? When answer is yes - then it could be variant of Trojan Ransom - read more here - https://forums.comodo.com/defense-sandbox-help-cis/just-some-questions-for-53-t68412.0.html

Notice that the automatic sandboxing does not virtualise file system and registry keys. That is only available in the manual sandboxing.