??? Is there any reason for avast! to INSIST on running OTL in Sandbox with no other option?
And, given that it was running in Sandbox, it shouldn’t really mess with my system - should it?
It did though, and quite badly I think. Couldn’t even use System Restore except in Safe Mode.
Using the settings as specified in the tutorial http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/ it did run OK.
Following the instructions here - http://forum.avast.com/index.php?topic=53253.0 (except I forgot to use Quick Scan) produced some unspecified Error Message during scan, so I closed the app at that stage.
On the third run (in addition to geekstogo settings) I switched to All Users and changed File Age to 60 days. I’m guessing that’s the one which did the damage. Some ‘conflict’ with Spybot Teatimer, it seemed… Message boxes take a long time to show anything.
Latest avast! IS program and definitions update, running on Windows XP.
There are other options:
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.
However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.
Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.
So are you unable to use the dropdown list in my image and select Open normally ?
At the time of reporting, no there wasn’t any drop-down options available - which is what I meant by “insist”. I had seen it previously when opening one or two other programs more familiar to me, so expected it ought to be the case with OTL too, and I wouldn’t have reported if the options were there.
When I check today, however, the options ARE available. Windows still warning about no digital sig tho. So, I guess that’s one problem mysteriously vanished - for now.
There is still the other question of how it could mess with my system, especially when running in sandbox.
I wouldn’t think simply scanning should change anything anyway. But, then… Two out of the three scans I did encountered errors of some sort, so I aborted them (shut the app) at that point.
I doubt running it in the sandbox would actually harm your system. The problem is running in the sandbox means it won’t be able to analyse or do anything as it is working in a virtual environment. If it was even able to run and analyse, it couldn’t save a log as that too would be in the virtual environment. So when you closed it you would have exited the sandbox and no log, etc.
Well, it DID mess with my system - and quite badly, as I said.
I had nothing else running at the time; as per instructions.
After the third scan:
Memory is vague, but…
Couldn’t open Notepad - something about windows couldn’t find specified target; missing .dll in system32 (I think).
Couldn’t open Google Chrome - something about a “bad image” and “consult installation diskette”. Diskette? lol
Couldn’t use System Restore - it opened up ok but, failed to respond at the final step (of actually executing Restore)except in Safe Mode.
Incidentally, and in case it might be useful for future reference, the log produced in sandbox can be saved. Select All and then Copy. Open Notepad, Paste and Save as… with Unicode encoding.
I think I will get some new logs together, asap, and post in the appropriate thread.
Something is definitely wrong with this machine, and it ain’t getting any better… Could be going senile, or something’s broken somewhere and it is beyond me to fix.
There was some malware detected by SAS (scheduled scan), but it’s over 30 days since so I can’t tell what it was. avast! didn’t catch it anyways.
Hmm…
I uninstalled Spybot last night. Maybe that’s why OTL is working properly now.
The scan which seemed to do all the damage did produce some error message relating to Spybot Teatimer, iirc.
In the analysis mode all OTL does is read - nothing else, you may get spybot interfering as the registry keys are read but that would not be normal. The symptoms you describe could be due to a failed malware installation, where it managed to do some damage but not run
A full OTL scan should let me see where the problem lies
I agree. I mean, I know actually. It really “should” do nothing, and even more so do nothing from within Sandbox.
Apart from what OTL logs (which you have now ;D) might reveal, I remember now that Spybot itself was once, a long time ago, infected with something.
That was way back when what is now Windows Defender was in beta testing mode. More like GiantAntispyware, if memory serves, and way more useful than what MS finally did with it imo.
Anyway, I have no problem with running OTL since uninstalling Spybot.
Maybe should’ve undid spybot’s changes first, but… I’d had enough already at the time.