Reply
Occasional Visitor
Randolph
Posts: 3
Registered: ‎Mon 06-Feb-2012
0

Can't clean up Mal/Phish-A

Sophos Anti-Virus is reporting the Mal/Phish-A threat on my Mac, but when I try to clean it up, or even to locate it, no location is given, and cleanup always fails. Any ideas? Sophos Anti-Virus for Macintosh Version 7.3.8 Threat detection engine: 3.28.1 Threat data: 4.74 Release date: February 6, 2012 Protects against 3316504 threats
Executive VIP
QC
Posts: 4,461
Registered: ‎Mon 23-Nov-2009
0

Re: Can't clean up Mal/Phish-A

Hello Randolph,

guess you are running the Home Edition which has its own forum. Even if not you'll probably find some helpful information there: http://openforum.sophos.com/t5/forums/searchpage/tab/message?q=Mal%2Fphish-a#message-list

Christian
Occasional Visitor
Randolph
Posts: 3
Registered: ‎Mon 06-Feb-2012
0

Re: Can't clean up Mal/Phish-A

[ Edited ]

Actually, I'm a corporate user, and I've already looked at those comments. Problem is, with Sophos not identifying the location of the infected files, I can't do anything about the problem.

Occasional Visitor
Randolph
Posts: 3
Registered: ‎Mon 06-Feb-2012
0

Re: Can't clean up Mal/Phish-A

Digging into the Sophos log, I find the following:

com.sophos.intercheck: Encrypted file: /Registration List.xlsx
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: /MRJPlugin.jar
com.sophos.intercheck: Corrupt file: /MRJPlugin.jar
com.sophos.intercheck: Encrypted file: /Registration List.xlsx
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Encrypted file: /Registration List.xlsx
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: /MRJPlugin.jar

 The MRJPlugins are archived from 2002 and 2003 and no longer used--I don't think they're a threat. Besides, I've been running Sophos AV for over a year, and I've never had a whisper of a problem. Why now?

 

Any advice on finding the problematic files and removing them would be helpful, as would an explanation of the Mal/Phish-A threat.

Moderator
ruckus
Posts: 318
Registered: ‎Mon 23-Nov-2009
0

Re: Can't clean up Mal/Phish-A

I once got an alert in the quarantine manager and after some digging it turned out to be an spam email (in the spam folder) of Mac Mail.  It kept coming back when I accessed the email.

 

You should clear the alert and rescan - no point spending a lot of time looking for something that isn't there.

 

If the alert comes back and you cannot see the source I'd run the SDU log gathering tool (Mac version) on your computer and raise a ticket with Support.

 

SDU: Sophos Diagnostic Utility (SDU): how to download and install

 

Raise a ticket (ensure you include the SDU output): Support query form

- - - - - - - - - - - -
Communities Moderator, SOPHOS
Knowledgebase  |  @SophosSupport  |  Video tutorials
If a post solves your question use the Accept as Solution button and award kudos.