Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 534 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

JS/WndRed-B

Bob-in-AZ

I've been getting dozens of messages today with the JS/WndRed-B virus/malware. Sophos detects this, but seems to have trouble getting rid of it. One of my notices complained of 66 instances that it found. When I try to "Delete" them all, I get a window full of messages saying that the delete failed. When I attempt to "clean" them, sometimes it seems to work, but sometimes it fails, too. When I tried to "move" it, that failed as well. Windows Defender doesn't detect it. How can I get rid of it?

Bob-in-AZ

:5086


This thread was automatically locked due to age.
Parents
  • 0

    Hello Bob-in-AZ,

    the description says that it is spread by email. It is probably detected when the mail client decodes it into a temp directory. The JS should be blocked and won't do any harm. As Sophos doesn't override locks it can fail to cleanup (which involves re-writing), delete or move a file. If the file is deleted when it is closed a later attempt to delete it of course fails.  

    Assuming it's in a mail item - as long as this exists you can get an alert when the item is accessed (depending on the mail client) so you have to get rid of the "vector". Run a full scan when the application is closed to remove any "leftovers".

    To clarify: an alert doesn't necessarily mean you have "contracted" something you have to get rid of. The messages might be annoying but consider a CD with an infected autorun - the malware will be blocked and reported but it can't be cleaned up, or (re-)moved. But you will probably want to make sure that this CD isn't used on an unprotected computer.

    HTH

    Christian

    :5091
Reply
  • 0

    Hello Bob-in-AZ,

    the description says that it is spread by email. It is probably detected when the mail client decodes it into a temp directory. The JS should be blocked and won't do any harm. As Sophos doesn't override locks it can fail to cleanup (which involves re-writing), delete or move a file. If the file is deleted when it is closed a later attempt to delete it of course fails.  

    Assuming it's in a mail item - as long as this exists you can get an alert when the item is accessed (depending on the mail client) so you have to get rid of the "vector". Run a full scan when the application is closed to remove any "leftovers".

    To clarify: an alert doesn't necessarily mean you have "contracted" something you have to get rid of. The messages might be annoying but consider a CD with an infected autorun - the malware will be blocked and reported but it can't be cleaned up, or (re-)moved. But you will probably want to make sure that this CD isn't used on an unprotected computer.

    HTH

    Christian

    :5091
Children
No Data
Unfiltered HTML