OSX Trojan WPAKILL-A

Willc · ‎11-13-2011

I have OSx Lion installed and my Sophos antivirus is up to date. Sophos keeps detecting a trojan and after I open the quarantine manager and authenticate the Trojan entry disappers. The example above has happened more than 10 times in a row. Since this has initially happened I haven't installed any applications. It doesn't seem that the quarantine manager is able to quarantine the trojan . I will can not attach the error message. Any thoughts on remedy?

text from error:

Threat detected by Sophos Anit-Virus

'Virus/Spyware'Troj/WPAKill-A has been detected and

listed in Quarantine Manager.

Open Quarantine Manager Close

Willc · ‎11-13-2011

Sophos what's up! Any thoughts? Gram Cluley help me out!

Agile · ‎11-02-2010

There are a few other threads on here discussing similar issues... the problem is likely that the detection is in temporary cache files being loaded from a website... every time the code gets cached locally, the detection shows up. Every time the cache gets cleared, it vanishes again.

Are you finding the detection via an on-access scan or an on-demand scan?

Also, Troj/WPAKill-A isn't an OS X trojan; it's a Windows Trojan... it presents itself as a way to bypass Microsoft's WPA (Windows Product Activation) technology to enable people to run Windows 7 with blacklisted serial numbers.

As a result, it won't run on your Mac, and is likely in your web cache, not attached to an email or stored on your computer.

To repeat: the culprit is likely a browser tab.

-
Andrew
Threat Researcher
SophosLabs

For our other self-service and peer-to-peer online support systems:

English and localised knowledgebases.
Follow us on Twitter @SophosSupport.
The Sophos Support video library.

Sophos Anti-Virus for Mac Home Edition

OSX Trojan WPAKILL-A

Re: OSX Trojan WPAKILL-A

Re: OSX Trojan WPAKILL-A