This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple pdf files are getting converted into .exe extension format & sophos is not even able to detect or clean it.

Hi,

Currently we are facing one virus issue in our environment, like multiple pdf files are getting converted into .exe extension format & sophos is not even able to detect or clean it.

We had also submitted those suspicious .exe's to sophos against to the case# 6355140 & sophos replied that IDE files got released to detect & clean this infections but where as its not getting clean by sophos.
We cross verified with virustotal & analysis of virustotal says, among 53 endpoint security tools almost 43 endpoint security tools are able to detect & clean this infection but sophos neither cleans nor detects it

Need someones expert advice on this virus infection
We have Sophos agent on 10.6 version & console is on 5.3.0

Thanks



This thread was automatically locked due to age.
Parents
  • Hello Shilpa, 

    Apologies for the inconvenience. 

    The EXE files which you have sent should be detected as Troj/Injecto-IH. 

    Can you check if msil-hux.ide is present on the system?

    https://community.sophos.com/kb/en-us/121984

    If it is after an update, I advise you to restart the machine once and run a complete scan. If the problem persists after a reboot, please revert to the ticket with the SAV.txt you can find under %ProgramData/Sophos/Sophos Anti Virus/Logs/ and we'll investigate it further. 

    Additional Note - If Automatically Clean Up is checked AND IS POSSIBLE on the EXE files, then only you may get the PDFs back but if they have been infected beyond repair, Sophos will either Quarantine or Delete depending on your configuration. 

    Thank you,

    Vikas

Reply
  • Hello Shilpa, 

    Apologies for the inconvenience. 

    The EXE files which you have sent should be detected as Troj/Injecto-IH. 

    Can you check if msil-hux.ide is present on the system?

    https://community.sophos.com/kb/en-us/121984

    If it is after an update, I advise you to restart the machine once and run a complete scan. If the problem persists after a reboot, please revert to the ticket with the SAV.txt you can find under %ProgramData/Sophos/Sophos Anti Virus/Logs/ and we'll investigate it further. 

    Additional Note - If Automatically Clean Up is checked AND IS POSSIBLE on the EXE files, then only you may get the PDFs back but if they have been infected beyond repair, Sophos will either Quarantine or Delete depending on your configuration. 

    Thank you,

    Vikas

Children
  • Hello Vikas,

    MSIL-HUX.ide is present on the machine and files are now getting detected and moved to quarantine but not able to clean.
    We have again submit the sample to Sophos as per discussion with them.  Automatically Clean Up is checked up in Antivirus & HIPS Policy but clean option is not coming in quarantine to clean the infection. Only delete option is appearing and due to this all important data files (.pdf) is getting removed.