Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 8 subscribers
  • Views 12414 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos is warning for a Trojan Horse that is no longer on my system

Jack van Driel

Hi, 

A couple of days ago, Sophos warned me of threats in my data. I was testing with an Outlook mailfile of one of my friends. The Outlook database originated on a Windows machine and I tried to restore it in my OSX Outlook App. That proces went OK, but the threat warning seemed valid. I told Sophos to clean up the threat and I also deleted the mailfile from my Mac.
The problem now is, that Sophos keeps on warning me for one of the threats, even though the file is no longer on my system…
I thought I may have missed something, but looking at the log seems to support my assumption that I did remove the file.
The warning is very persistent and pops up a few minutes after I close the Quarantine Manager. Instructing the Quarantine Manager to remove the file, does not work since the file is no longer there…
This is the warning from the log:
com.sophos.intercheck: 2015-10-22 21:43:48 +0200 Threat: 'Troj/JSDldr-BW' detected in 
com.sophos.intercheck:                              Access to the file denied
com.sophos.intercheck: 
com.sophos.intercheck: 2015-10-22 21:44:55 +0200 Threat: 'Troj/JSDldr-BW' detected in 
com.sophos.intercheck:                              Access to the file denied
com.sophos.intercheck: 
(the original message pointed to the directory where Outlook stores its content on Mac, but the current one has no directory reference....)
I am running OSX 10.11.1 (production version)
Sophos: Home Edition version 9.4.0
Threat detection engine: 3.61.0 Threat data: 5.20
I did a complete re-install of Sophos, but the issue remains....
Hope anybody can help me out!
Jack


This thread was automatically locked due to age.
Parents
  • 0
    I have the same problem. I deleted a suspicious email from my Mail junk folder, without opening the .txt attachment. I then deleted the email from the trash folder. Sophos detected that Mail had saved copies of the attachment - as .doc files - in two folders in User/Library/Containers. It 'cleaned up' the files and they are definitely no longer in the folders that contained them. Never the less, Sophos keeps warning me it has detected the threat - Troj/DocDI-ALZ. It has just done that during its scheduled scan this morning. I have also cleared Mail's junk and trash folders and the suspicious email has not returned. The scan log is quite extensive and I am not sure were to look for the threat. Should I delete the folders that once contained the suspect files? Should I uninstall and reinstall Sophos? Any suggestions, serra?
Reply
  • 0
    I have the same problem. I deleted a suspicious email from my Mail junk folder, without opening the .txt attachment. I then deleted the email from the trash folder. Sophos detected that Mail had saved copies of the attachment - as .doc files - in two folders in User/Library/Containers. It 'cleaned up' the files and they are definitely no longer in the folders that contained them. Never the less, Sophos keeps warning me it has detected the threat - Troj/DocDI-ALZ. It has just done that during its scheduled scan this morning. I have also cleared Mail's junk and trash folders and the suspicious email has not returned. The scan log is quite extensive and I am not sure were to look for the threat. Should I delete the folders that once contained the suspect files? Should I uninstall and reinstall Sophos? Any suggestions, serra?
Children
No Data
Unfiltered HTML