Letting a sandboxed program uninstall, but not install

Hi, I’ve been having problems with a USB driver I installed. I’ve tried rolling it back, manually deleting the old install files, system restore, everything. I really don’t want to re-install windows again.

I’ve found a newer version of the driver (.exe), which also contains an uninstaller. I’ve checked it with Jotti and one of the scanners reported malware:

http://virusscan.jotti.org/en-gb/scanresult/0a25eb9900a11e739f7b25964df87af7820c6d01/86bd7159add61d4b91a5a76e126771bb6569c500

(I know it could be a false positive, but I always err on the side of caution. I remember stumbling upon a forum once before which had a load of hackers testing out their home-made viruses on these multi-engine sites like Jotti to see if they could escape detection, and then perfecting them until they were undetectable. So I don’t think the fact that most antiviruses don’t detect anything means that it isn’t infected)

Anyway, when I run the .exe in the sandbox, it says it can’t access the files to uninstall them (obviously, since it’s in the sandbox), but I don’t want to run the .exe outside of the sandbox just in case it does have a virus. So is there a way to allow it to uninstall the old driver (delete the files) while preventing it from installing the new driver (copying new files)???

This is driving me crazy, and I’d be eternally grateful to anyone who could help me with this. I’ve attached the .exe in a zip file in case you want to have a look at it yourself.

Removed the attachment just because we don’t allow possible malware to be posted in the public part of the board. We are cautious like you…:slight_smile:

Try submitting it to Virus Total as well and show us the result page. My best guess it is a false positive.

On the other hand. Can you elaborate on the exact nature of the problem you are experiencing with the USB driver? For what type of device is it? What chip is the device using (Intel, Realtak, Broadcom,etc…)?