Each time I download a video using realplayer, avast displays this message:
you are opening an application in the virtual environment of the avast sandbox to avoid any risk in your computer
C:\program files\ipod\bin\ipodservice.exe opened by C:\windows\system32\services.exe
It’s said to have been part of itunes, but itunes was uninstalled already a while back. I also don’t have an ipod. ipodservices.exe isn’t found in startup or in programs, so I have no idea what it is. Is it a virus or trojan? How do I get rid of it?
Does the C:\program files\ipod\bin\ipodservice.exe file and location exist check using windows explorer ?
I would say you also need to check your Real Player (I really hate this media player) and see what the file associations are for that video type, it may well be pointing at that location.
It is also possible that malware could be misusing services.exe to load a malicious file, which is why it is important to find if that file is present. If it is it needs analysed.
Though I don’t believe this will find much as the avast file system shield would alert if it was infected rather than have it opened by the sandbox, see ### below.
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.
However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.
Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean (virustotal check) and of course that you intentionally initiated the program.