Sophos Anti-Virus for Mac Home Edition

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
judgew7
Occasional Contributor
judgew7
Posts: 4
Registered: ‎07-30-2012
0
Accepted Solution

Doesn't clean Troj/Wimad-E

Options

‎07-30-2012 05:36 AM

Have a mac, running OSX 10.7.4 and updated Anti-virus - open quarantine manager which has identified Troj/Wimad-E.

I click on clean up, authenticate and it starts the clean up - which runs and runs....  evenentually get a dialogue box - can't remove the threat.

 

Suggestions?

Thank you for your help.

Report Inappropriate Content
Message 1 of 5 (375 Views)
 
Reply
Employee Agile
Employee
Agile
Posts: 1,191
Registered: ‎11-02-2010
0

Re: Doesn't clean Troj/Wimad-E

Options

‎07-30-2012 10:55 AM

Troj/Wimad-E detects a malicious web redirect hidden inside windows media files downloaded mainly from torrent sites.  The file types are usually .asf or .wma, and the attack does not work on OS X (it's aimed at Windows users, and usually triggers an automatic download of scareware or malware).

 

Since this is actually a malicious header injected into a video file, your best bet for removing it is either to delete the video file or convert it to another format.  You can also create a custom scan set to delete the file, but tossing it in the trash is just as easy.

-
Andrew
Threat Researcher
SophosLabs

For our other self-service and peer-to-peer online support systems:

Report Inappropriate Content
Message 2 of 5 (362 Views)
 
Reply
judgew7
Occasional Contributor
judgew7
Posts: 4
Registered: ‎07-30-2012
0

Re: Doesn't clean Troj/Wimad-E

Options

‎07-30-2012 02:18 PM

how do I find the file.... sophos doesn't show the path or filename.

Report Inappropriate Content
Message 3 of 5 (356 Views)
 
Reply
Employee Agile
Employee
Agile
Posts: 1,191
Registered: ‎11-02-2010
0

Re: Doesn't clean Troj/Wimad-E

Options

‎07-30-2012 04:11 PM

If there's no path listed in the quarantine manager, it might be in Time Machine, or might no longer exist.  I'd check your places where you grab wmv and asf files from bittorrent trackers, if you do that -- as this is likely where you'll find it.  Do you at least have a file name, or is it completely blank?

 

If you have no information listed at all, I'd suggest removing the threat name from the Quarantine Manager and seeing if it comes back.  These files are not a threat to you (but would be to share with anyone running Windows).

-
Andrew
Threat Researcher
SophosLabs

For our other self-service and peer-to-peer online support systems:

Report Inappropriate Content
Message 4 of 5 (352 Views)
 
Reply
judgew7
Occasional Contributor
judgew7
Posts: 4
Registered: ‎07-30-2012
0

Re: Doesn't clean Troj/Wimad-E

Options

‎08-01-2012 07:36 AM

there is no filename.  Thanks for the help though...

Report Inappropriate Content
Message 5 of 5 (326 Views)
 
Reply