This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/KovterLnk-A and Mal/KovterBat-A cannot be removed

Sophos Endpoint Security and Control 10.6 running on Windows 7 Professional x64 detected Mal/KovterLnk-A and Mal/KovterBat-A this morning and moved them to Quarantine.

The available actions say Clean Up then goes to Cleaning Up and instantly the viruses appear in the Quarantine again.

 

When I open the Details that take me to the file location the shortcuts are in a the Windows Startup folder and appear and re-appear while Sophos tries to Clean Up the threat.

It appears as if the virus/malware is re-installing itself as soon as Sophos cleans it up.

 

I've tried to select and Cleanup the files, but it says a Cleanup is already in process.



This thread was automatically locked due to age.
Parents
  • This is from the Anti-Virus Log of Endpoint Control

    ****************** Sophos Anti-Virus Log - 10/9/2016 3:54:52 PM **************

        ...
    20161009 155049 File "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" belongs to virus/spyware 'Mal/KovterLnk-A'.
    20161009 155049 On-access scanner has denied access to location "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" for user BCM-PC\BABerarducci
    20161009 155050 File "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\022c92f0.lnk" belongs to virus/spyware 'Mal/KovterLnk-A'.
    20161009 155050 File "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" belongs to virus/spyware 'Mal/KovterLnk-A'.
    20161009 155050 On-access scanner has denied access to location "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" for user BCM-PC\BABerarducci
          (5 items)

Reply
  • This is from the Anti-Virus Log of Endpoint Control

    ****************** Sophos Anti-Virus Log - 10/9/2016 3:54:52 PM **************

        ...
    20161009 155049 File "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" belongs to virus/spyware 'Mal/KovterLnk-A'.
    20161009 155049 On-access scanner has denied access to location "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" for user BCM-PC\BABerarducci
    20161009 155050 File "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\022c92f0.lnk" belongs to virus/spyware 'Mal/KovterLnk-A'.
    20161009 155050 File "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" belongs to virus/spyware 'Mal/KovterLnk-A'.
    20161009 155050 On-access scanner has denied access to location "C:\Users\BABerarducci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\15731b43.lnk" for user BCM-PC\BABerarducci
          (5 items)

Children
No Data