Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 5659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't Open Sophos Interface

dahines16

I am currentyl having a sorts of trouble on my laptop.  When trying to open up the sophos interface, it says savmain.exe is corrupted along with many other files.  Before everything started going downhill, there was a Trojan the scan picked up, but then it would no longer scanned.  Sophos is operating, but will not allow me to actually open up the program.  It also sometimes pops up that malware is present.  I really need help with this.

Thanks

:3082


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    From your description, specifically the part about savmain.exe being corrupt it could be that you have a file infector, basically a virus that keeps infecting other files on the machine.  This might explain the symptom, although this may not be the case but without knowing all the malware on the machine it's a possible. That being said you might need access to another computer to guarantee success but you could try without first.

    I would firstly try the following:

    1. Restart the machine in safe mode with command prompt if possible (Keep tapping F8 as the machine starts up and it should present you with the option). If this is not working for you, you can try in normal Windows mode but Safe mode would be, well safer.

    2. Open a command prompt (Start - Run and type cmd.exe) if not already open in safe mode with command prompt.

    3. In the command prompt window, navigate to the Sophos installation directory. To do so type:

    CD C\Program files\Sophos\Sophos Anti-virus\

    Or wherever it is installed.

    4. Once in the correct directory type:

    SAV32CLI -DI -P=C:\LOGFILE.TXT

    as detailed in the article:
    http://www.sophos.com/support/disinfection/pedis.html

    Hopefully SAV32CLI (and any dlls it loads) are not also corrupt and this will work.  It's for this reason I say you may need access to another machine to ensure that you are using known "good" files.  As you may need to download SAV32CLI on a clean machine from: http://www.sophos.com/tools/sav32sfx.exe and unpack this to read only media to ensure it doesn't also get infected when run on the machine.

    5. Once the scan has completed, this will hopefully identify what malware is on the machine.

    As the scan has been run with the -DI command line parameter it will have already attempted to disinfect anything it can disinfect, the idea being that at the end of this first scan, everything that is cleanable has been and you are just left with the malware files themselves which can then be deleted by running the scan with the -REMOVE parameter.  Please take caution that this will do just that.

    I hope this helps get you started and at least identify the scope of the problem.

    Regards,

    Jak

    :3085
Reply
  • 0

    Hi,

    From your description, specifically the part about savmain.exe being corrupt it could be that you have a file infector, basically a virus that keeps infecting other files on the machine.  This might explain the symptom, although this may not be the case but without knowing all the malware on the machine it's a possible. That being said you might need access to another computer to guarantee success but you could try without first.

    I would firstly try the following:

    1. Restart the machine in safe mode with command prompt if possible (Keep tapping F8 as the machine starts up and it should present you with the option). If this is not working for you, you can try in normal Windows mode but Safe mode would be, well safer.

    2. Open a command prompt (Start - Run and type cmd.exe) if not already open in safe mode with command prompt.

    3. In the command prompt window, navigate to the Sophos installation directory. To do so type:

    CD C\Program files\Sophos\Sophos Anti-virus\

    Or wherever it is installed.

    4. Once in the correct directory type:

    SAV32CLI -DI -P=C:\LOGFILE.TXT

    as detailed in the article:
    http://www.sophos.com/support/disinfection/pedis.html

    Hopefully SAV32CLI (and any dlls it loads) are not also corrupt and this will work.  It's for this reason I say you may need access to another machine to ensure that you are using known "good" files.  As you may need to download SAV32CLI on a clean machine from: http://www.sophos.com/tools/sav32sfx.exe and unpack this to read only media to ensure it doesn't also get infected when run on the machine.

    5. Once the scan has completed, this will hopefully identify what malware is on the machine.

    As the scan has been run with the -DI command line parameter it will have already attempted to disinfect anything it can disinfect, the idea being that at the end of this first scan, everything that is cleanable has been and you are just left with the malware files themselves which can then be deleted by running the scan with the -REMOVE parameter.  Please take caution that this will do just that.

    I hope this helps get you started and at least identify the scope of the problem.

    Regards,

    Jak

    :3085
Children
No Data
Unfiltered HTML