This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/DocDl-DGO How to manually remove with Free MAC version 9.4.2?

Got this malware yesterday. Sophos site says they have protection for this as of yesterday May 24 but didn't work for me.

My quaranteen manager says to manually remove. There are no instructions how, tech support will not address this. How to do this with Free Mac Edition 9.4.2

I need help because I keep getting more emails with this zip file attached and the list is growing.



This thread was automatically locked due to age.
Parents
  • Hi Douglas,

    The Troj/DocDl* detection is for a Document Downloader (DocDl) it will most likely be a Microsoft Word or Excel file that contains a macro. If you opened this (on a Windows machine) and ran the macros it would attempt to connect to a malicious server and download the malware payload.

    Are you able to show any screenshots or error messages you are seeing? 

    Does it give you the location of where this file is? if it is on an email I suggest deleting the email right away.

  • I deleted the emails I could find. The Sophos Quarantine manager has 3 file locations listed but will not clean up. It says manual clean up required. There is no picture of a lock on my quarantine manager as all the Sophos screen shots suggest and there is no instruction how to manually clean up with the Free MAC home edition 9.4.2. 

    I am afraid to clear the list in the manager because I do not know if the files still exist. I did not open them.

  • Hi Douglas,

    Clearing the list is fine as all this does is remove the alert from your quarantine, it isn't what actually stops the files from being run. If they still exist on the machine they would be detected again if they attempted to do anything.

    I suggest you reboot your machine and see if they get cleaned during the reboot, I would be surprised if they did to be honest though as I suspect they might have already been removed, which is why the cleanup is failing. 

    If they are still listed in the quarantine after a reboot, clear them from the list a do a full scan and see if they are detected again. If not then they are gone. If they are detected again please can you let me know.

  • Hi Peter, I too have the identical problem with   Troj/DocDI-DBF

    I do the manual clean but it remains from the file path scanned for manual removal.

    I then followed your suggestion, deleted and rescanned the entire MAC.

    It came back again, though I have to say that originally there were 3 Troj/ somethings and 2 of them were cleared by your method. This one remains.

    Any ideas please?

    Thank you

  • Hi Rod,

    Can you collect the Sophos Diagnostic Utility logs using the instructions at the bottom of this article: https://www.sophos.com/support/knowledgebase/33533.aspx#macgeneral 

    If you send them into support@sophos.com and let me know the case number I will take a look for you.

  • Thanks Peter, could you please check the  http://sophtrac/Default.aspx?articleid=33533#macgeneral as the links doesn't seem to work.

    Thanks

    Rod

  • Sorry I have corrected the above link now and made myself a coffee :-)

Reply Children
No Data