On Sandboxie

[tcoffeep]

This thread is not pertaining solely to Sandboxie, but a number of things involving security. I was recently looking at my latest Defraggler list of what needed to be defraggled, when I noticed a program in C:\Windows\ that wasn't there before. In this case, it was C:\Windows\GPInstall.exe. Upon googling, I found out that it was a suspected adware program (although, signals were confused as other sites said otherwise.

Now, I've scanned it with MBAM, SUPERAntiSpyware, Avira, and it somehow made it's way past the active anti-* from F-Secure, so I'm wondering now if this is really the malicious adware I was reading about, or some other sort of program. I'm inclined to see what the executable accomplishes, but am worried that I risk breaching the security of my computer.

I tried running the program in Sandboxie (I've never used it, but I've heard people talk of it) and it responded with an error message.

What I'm asking is a series of questions here.

 

1 ) Does Sandboxie stop (?:executables|installation files) from (?:saving information|adjusting my computer's registry|*)?

2 ) Is this GPInstall.exe a risk? And how would I know if I'm putting something important into the recycle bin if I choose to do so?

3 ) Could I just be acting too paranoid?

[tcoffeep]

It seems, according to this link :

 

GP-Install is an installation builder that combines an easy-to-use and intuitive builder application with a compact and functional installer to allow you to package your application into a good-looking, professional, installation program. Whats more, it is also FREE.

NOTE: The site that the link links to is no longer active, although QSC is still in the business, but, apparently, not producing this program any longer. (it might be explainable in the sense that I have been playing around with a few freeware games of a little age. but still, better safe than sorry, am i right?)

 

 

So, perhaps, I was jumping the guns a little bit? -blush- heh.

 

I could still be right in my worries, as it does seem there was/is an adware program by the same name roaming around '03-'08 according to Norton's history, but, again, I could just be overly paranoid. (did I use overly in the correct way? apologies if i did not).

 

If anyone can help clear my mind of this, I would be most grateful.

[DennisD]

I've never heard of that before, but that doesn't mean it's bad. Navigate to that file, and upload it to the following online security sites.

 

Jotti:

 

Virus Total:

 

To answer your questions:

 

1: If you sandbox your browser, then nothing downloaded gets onto your PC to stay, unless you allow it to. If you run or open an exe file or whatever sandboxed, then all the installation files are sandboxed...Program files, reg files etc..

 

2: You can find that out by uploading the file to the above links.

 

3: Nope. You're never too paranoid about unknown files. You did right.

[tcoffeep]

Thanks. Both sites informed me that it wasn't anything to worry about. Over contemplation, it probably was a builder application due to the number of freeware games I've been trying. Thank you very much for your help. You helped clear my head, Dennis.

[tcoffeep]

I've never heard of that before, but that doesn't mean it's bad. Navigate to that file, and upload it to the following online security sites.

 

Jotti:

 

Virus Total:

 

To answer your questions:

 

1: If you sandbox your browser, then nothing downloaded gets onto your PC to stay, unless you allow it to. If you run or open an exe file or whatever sandboxed, then all the installation files are sandboxed...Program files, reg files etc..

 

2: You can find that out by uploading the file to the above links.

 

3: Nope. You're never too paranoid about unknown files. You did right.

 

 

Actually, a quick question involving these web-scanners.

 

Scan taken on 14 Oct 2008 04:17:44 (GMT)

 

POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

 

AntiVir -- Found TR/Crypt.CFI.Gen

F-Secure Anti-Virus -- Found nothing

 

The rest were "Nothing Found" and it was spammy, so it was removed.

 

File setup.exe received on 10.14.2008 06:22:45 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 3/36 (8.34%)

 

AntiVir 7.8.1.34 2008.10.13 TR/Crypt.CFI.Gen

F-Secure 8.0.14332.0 2008.10.14 Suspicious:W32/Dzan.c!Gemini

SecureWeb-Gateway 6.7.6 2008.10.14 Trojan.Crypt.CFI.Gen

 

The rest were "Nothing Found" and it was spammy, so it was removed.

 

What confuses me, is that one scan claims F-Secure found nothing, whilst on the other it is suspicious. Also, this program that I scanned was found in F-Secure's directory. -if I could paint an image of my eyes boggling out, i would do so-

 

What should I do? I mean, if I remove it, and it somehow damages the F-Secure security suite, I will run around in circles as though in flames, but if I do not delete it, I am risking my hide on a possible trojan (although, admittedly possible false-positive).

 

don't bother answering, actually, I'll follow the guide, and post up in the spywarehell forum once I've followed the guide. however, it would be helpful if you would point out if these might be false-positives as the scans generally only have 5-8% of the scanners catching something or finding the file suspicious.