11-01-2011 04:31 PM
Have installed (and reinstalled) Sophos Ant-Virus. Shortly after installation it pops up a "Threat detected" window. The virus/malware is called Troj/JSRedir-BW. Open Quarantine Manager, click on the lock so I can make a change, and then I tell it to clean up threat. I put in appropriate system password and it starts to do its thing -- only to freeze for hours at the "Cleaning Up Threats" window with the blue barber-pole running endlessly. I've tried this three times -- force restarting after a couple hours each time. Even uninstalled and reinstalled Sophos. No luck. Also, when I start a Scan on the whole computer, it gets thru about 340,000 of 1.3M files and then just dies. An uninformative error message (something like "Sophos could not run local scan") comes up and that's it, no further info. While I'm thrilled it's free, and really like the interface, I'm a little underwhelmed by the performance here...
04-13-2012 02:48 PM
It's likely having issues because that particular threat shows up in cached web files... so between the time when the file entered Quarantine and when it actually attempts to remove the file, the file has already been deleted by the OS.
This looks like a bug to me. To fix on your side, you can just delete the file from quarantine, and if it doesn't come back, the problem file's gone.
04-14-2012 04:14 AM
I am having the same problem with a slightly different threat. Mine is Troj/ObfJS-BK. It does not seem to be going away as rescans still have the same result. From what I have found this is a recently added problem so perhaps there is something wrong with the cleanup engine for this threat. I am not sure if this matters but I can not find the path the software is showing for the threat. It shows /Users/peterstahl/Library/Containers/com.appl.../8
04-21-2012 02:08 PM
That looks like the path to an email attachment. The Containers folder tends to use a lot of aliases/symlinks to connect to the actual contents elsewhere on your computer, so I'd suggest clicking on the path name and viewing full details -- it likely has multiple paths listed to the detection. If you can't get rid of the "..." just select all the text, copy, and paste into a TextEdit window to see the entire path.