This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Buzus-AI prevent it forever?

Hello,

I'm having some issues with Troj/Buzus-AI virus. Sophos Endpoint Security detect it, stop, and clean..But after while the PC is again with alert, and again this virus is Troj/Buzus-AI. And so on... In Status page I'm seeing Detected, Cleaned, Detected, and Cleaned.

Have you anybody idea how to stop this? - How to prevent pc's from future infecting with this virus?

Regards,

P.S. We are using Sophos Enterprise Console v. 3.1 and Endpoint Security currently 7.6.15 VDL 4.49E

:831


This thread was automatically locked due to age.
Parents
  • I'm not an expert in recurring infections (and especially not Troj/Buzus-AI) but I think I can at least comment on prevent it forever. You have to discern between detection and infection. You wouldn't want to prevent detection of course - but obviously the question is: why is this beast detected over and over again?

    First question: Where is it found? (you wont always see the location in the console - check the local sav.txt)

    Second question: How does it get there?

    Third question: What can be done that it does not?

    Have you followed the articles (Remove Trojans general article or over a network)? This might detect some additional items. If the client is "clean" at this point you should be able to detect the source if the attempted infection. At our site most of the time it's removable media, websites and open shares (turning on scan on write and web scanning might help you to catch it at an early moment). Depending on your findings there are different ways of action.

    HTH

    Christian

    :846
Reply
  • I'm not an expert in recurring infections (and especially not Troj/Buzus-AI) but I think I can at least comment on prevent it forever. You have to discern between detection and infection. You wouldn't want to prevent detection of course - but obviously the question is: why is this beast detected over and over again?

    First question: Where is it found? (you wont always see the location in the console - check the local sav.txt)

    Second question: How does it get there?

    Third question: What can be done that it does not?

    Have you followed the articles (Remove Trojans general article or over a network)? This might detect some additional items. If the client is "clean" at this point you should be able to detect the source if the attempted infection. At our site most of the time it's removable media, websites and open shares (turning on scan on write and web scanning might help you to catch it at an early moment). Depending on your findings there are different ways of action.

    HTH

    Christian

    :846
Children
No Data