Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 6 subscribers
  • Views 23875 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to cleanup Troj/EncProc-U on iMac

unfit4duty

Sophos was unable to cleanup the above mentioned malware contained in a file named upd.DAT. It was first detected over a year ago but I have never been able to clean it up. Whenever I scan, it shows up again. Is there any action I can take to eliminate it?

:1020171


This thread was automatically locked due to age.
Parents
  • 0

    Hello unfit4duty,

    I can't find the folder or file by searching on either side

    if you did search for all kinds of hidden files/folders (note that you also have to uncheck Hide protected operating system files (Recommended)) then maybe it's really gone. The ish4435888 folder suggests that these files and folders belong to an "InstallCore enhanced" download of an otherwise freely available software (e.g. GIMP). It's classified as Adware and PUA (i.e. installed with the user's consent, subsequently a nuisance perhaps but not outright malicious) and thus AFAIK won't be detected by SVRT (but Troj/EncProc-U should be). 

    Perhaps Norton took care of it somewhen. Dunno how QM is supposed to behave here, usually it checks whether a threat is still present when you open it but I don't know the details of the logic. If you open QM, Clear the item from the list and run a custom scan on /Volumes/Bootcamp/users/ - does it recur? If not then it's no longer there.

    as it's in quarantine am I likely OK

    The quarantine is not more than a list of reported and not-yet-dealt-with detections, nothing is moved, or renamed, or otherwise made inaccessible. Only the enabled on-access scanner would provide protection.  

    Christian

    :1020227
Reply
  • 0

    Hello unfit4duty,

    I can't find the folder or file by searching on either side

    if you did search for all kinds of hidden files/folders (note that you also have to uncheck Hide protected operating system files (Recommended)) then maybe it's really gone. The ish4435888 folder suggests that these files and folders belong to an "InstallCore enhanced" download of an otherwise freely available software (e.g. GIMP). It's classified as Adware and PUA (i.e. installed with the user's consent, subsequently a nuisance perhaps but not outright malicious) and thus AFAIK won't be detected by SVRT (but Troj/EncProc-U should be). 

    Perhaps Norton took care of it somewhen. Dunno how QM is supposed to behave here, usually it checks whether a threat is still present when you open it but I don't know the details of the logic. If you open QM, Clear the item from the list and run a custom scan on /Volumes/Bootcamp/users/ - does it recur? If not then it's no longer there.

    as it's in quarantine am I likely OK

    The quarantine is not more than a list of reported and not-yet-dealt-with detections, nothing is moved, or renamed, or otherwise made inaccessible. Only the enabled on-access scanner would provide protection.  

    Christian

    :1020227
Children
No Data
Unfiltered HTML