Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 9 subscribers
  • Views 16387 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos warning of a threat that's already removed and giving "access to the file denied" message

Randyw

I'm still getting a warning "Threat detected by Sophos Anti-Virus" and listed in Quarantine Manager. However, I cleaned the trojan horse and removed it from the quarantine manager. Despite the persistent warning that keeps popping up indicating that the threat is detected and listed in the QM, there are no threats actually listed in the QM any longer.

The SAV log indicates:

2015-12-04 09:01:00 -0800 Threat: 'Troj/Mdrop-HAC' detected in
com.sophos.intercheck:                              Access to the file denied

If I scroll back a little, I can actually find this file reference:


2015-12-03 23:20:42 -0800 Threat: 'Troj/Mdrop-HAC' detected in /Users/[username]/Library/Mail/V3/A6856A78-0FAF-42FC-AD38-D84A1DFE2B91/Junk.mbox/41B8180D-8615-4868-911A-886DD6149359/Data/4/Attachments/4936/2/bill1201.doc
com.sophos.intercheck:                              Access to the file denied


I've read these two threads already and followed the same efforts to no avail:
community.sophos.com/.../10663

community.sophos.com/.../6852

I've done these things as well:
Emptied out the junk email folder and deleted the trash.
Done searches for a file called "bill1201.doc" as indicated in the log file and found no files or email attachments with that name.
Restarted my MPB running El Cap as well.

Thought about uninstalling and then reinstalling, but one person said he tried that and it didn't solve the problem.


Also, I tried to view the videos on this page but they would not play and instead say "This video is currently being prepared" - but never plays.

Help would be appreciated.



This thread was automatically locked due to age.
  • 0
    I have a similar problem with the free version. Every time I start my Mac, it tells me that SpiGot or some other Generic PUA has been detected but it does not say where and I have no idea where it may have come from as I have not downloaded any software or installed any updates recently.
  • 0 in reply to GregSmith
    Do you get the reoccurring SAV threat warnings? They keep coming up indicating "'Virus/Spyware' Troj/Mdrop-HAC has been detected and listed in Quarantine Manager." The QM briefly shows a link to learn more about Troj/Mdrop-HAC but then quickly disappears after about 2 seconds and nothing is listed in the QM.
  • 0

    Here's the reoccurring  message that pops up showing the threat when none is listed.

  • 0
    Since my original post, I've uninstalled/reinstalled the product. Still get the threat warning.

    I've also looked in the path referenced in the log but found nothing: /Users/[username]/Library/Mail/V3/A6856A78-0FAF-42FC-AD38-D84A1DFE2B91/Junk.mbox/41B8180D-8615-4868-911A-886DD6149359/Data/4/Attachments/4936/2/bill1201.doc

    I may have to just resort to uninstalling and going with another product...
  • 0 in reply to Randyw
    I replied to a similar thread the other day. My guess (which is really a guess!) is that your email account is synchronized to a Microsoft Exchange server or an IMAP server. Deleting the local copy will work, but your Mail client will re-download the file again from the email server. You should try to find the email in your Junk folder and delete it - this removes it from the server as well as your local machine. Hope that helps.

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Unfiltered HTML