Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 7838 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to clean/delete an uncleanable virus

macoy

Some of my computers here have some uncleanable viruses/spyware. I have already did the full system scan on the affected computer also, after the full system scan I already restarted the computer. (the computer is installed with endpoint security 9 and is managed by enterprise console 4). Also I already updated the endpoint security 9 to its latest version but still to no avail I still receive the virus alert from enterprise console.

Every time I try resolve the alerts and errors on that specific computer that is infected by a virus it always shows that the virus is uncleanable.

How can I clean/delete this virus (Virus/spyware 'Troj/Gida-A') using sophos?

:1711


This thread was automatically locked due to age.
Parents
  • 0

    I find this quite a common occurance with SAV. My resolution is to view the SAV log file held in (on win XP) C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs then from that, obtain the offending files and simply delete them if I deem them unecessary or submit them to Sophos if I feel it's a false positive.

    In general I can do the above remotely. Many times, if the bug has tripped and gets going, I simply map a network drive to the users pc then from a DOS command prompt, go in and rename the offending file (yep, you can do that from dos but not from windows). Get the user to reboot and away I go again this time deleting the renamed file. TDSS virus is probably the one that really causes problems more than most though, it implants as a system driver and may cause boot issues. A bit harder to sort. SAV cleanup doesn't work correctly for TDSS variants.

    It's not unusual to be faced with your situation. Just watch the logs and you'll see enough data to deal with problems manually. Sophos should really be a bit more on top of infections though. Cleanups should be much better IMHO.

    Here's a thought. Why don't Sophos put access to the SAV.txt log file in the EM Console. So we can just click to view.

    Matt

    :1723
Reply
  • 0

    I find this quite a common occurance with SAV. My resolution is to view the SAV log file held in (on win XP) C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs then from that, obtain the offending files and simply delete them if I deem them unecessary or submit them to Sophos if I feel it's a false positive.

    In general I can do the above remotely. Many times, if the bug has tripped and gets going, I simply map a network drive to the users pc then from a DOS command prompt, go in and rename the offending file (yep, you can do that from dos but not from windows). Get the user to reboot and away I go again this time deleting the renamed file. TDSS virus is probably the one that really causes problems more than most though, it implants as a system driver and may cause boot issues. A bit harder to sort. SAV cleanup doesn't work correctly for TDSS variants.

    It's not unusual to be faced with your situation. Just watch the logs and you'll see enough data to deal with problems manually. Sophos should really be a bit more on top of infections though. Cleanups should be much better IMHO.

    Here's a thought. Why don't Sophos put access to the SAV.txt log file in the EM Console. So we can just click to view.

    Matt

    :1723
Children
No Data
Unfiltered HTML