a friend send-me a instant message with a link to a website and in that website have a download and in that download had a virus/worms/spyware whathever i executed it in avast IS sandbox and downloaded it and executed it by the browser in the sandbox the messenger started sending instant message for my friends then i received a message from windows defender that my computer was infected by a backdoor then i blocked the internet and restarted my computer
when i turned it on my computer it didn’t said nothing nothing about the virus the messenger, avast or windows defender said nothing about it.
i want to know if even in the sandbox my computer could be infected?
browser: mozila firefox 3.6
it was a backdoor the virus
do you still have the file you downloaded ?
no it was downloaded in the sandbox
i want to know if even in the sandbox my computer could be infected?
first, see in top right corner “MY MESSAGES”
Then check for malware with this
Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found
post the scan log here
there is no scan log the computer said nothing about it and i keep receiving the damm virus instant message and i have send the link you asked me
ok thanks.
This is the malware you downloaded
http://www.virustotal.com/file-scan/report.html?id=94bbcebf566a832c7d3421abe30ad0380430d4d10dfcccbac2c79cbfe37345ca-1316467838
not detected by avast…yet…i will upload it 
but it is detected by Malwarebytes as - Trojan.Agent
so download and run Malwarebytes
Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found
post the scan log here
Hi Pondus,
Well done, Pondus, you did a clever trace reconstruction there.
Hopefully avast will add detection for it soon.
Recent detections for this malware through Norman’s av listed here: http://v.virscan.org/W32/Obfuscated.JA.html
This malwareis a generic dropper trojan virus, that also will replicate itself to the C:_Restore folder, so system restore should be disabled before restarting the machine upon cleansing through MBAM,
polonus
and this is what ThreatExpert say about that file
ThreatExpert - PIC6757624499074533-JPG-www.facebook.com.exe
http://www.threatexpert.com/report.aspx?md5=a681a7c266701a940cfd64d24c5cb756
Hi Pondus,
From the ThreatExpert report you see that the backdoor mentioned is being started up via
"HKEY_CURRENT_USER\Software\twk70\”n” = “1″
Decription of such malware found here: http://lobika.wordpress.com/2011/01/27/w32-ckbface/
link author lobika on Jan 27 2011
translation: http://translate.google.nl/translate?hl=nl&ie=UTF8&prev=_t&sl=nl&tl=en&u=http://lobika.wordpress.com/2011/01/27/w32-ckbface/
pol