Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 6 subscribers
  • Views 3062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS Mobile Detection found " Andr/Svpeng-H " SOPHOS Mobile Unable to delete ****.apk from / on External Storage SD Card on Samsung Galaxy Tab S2 9.7

Nick Fetty

Not a permission problem as SOPHOS Mobile has all permissions approved.

SOPHOS Mobile Detection found " Andr/Svpeng-H " during a regular scan.

This was detected on a daily scan, this is also the second time it has happened : First Time it was detected it would not delete the .apk file either so I { thought that } manual deletion would work.  Used Xplore File Manager and deleted it but between the first detection and second is fuzzy information wise as I thought this threat was gone. Did I delete it the first time? I'm unsure, I went through the motions to delete but still unsure if file deleted from Tablet.  So that's all I'm gonna say about 1st time SOPHOS Mobile detected it and focus on this latest detection.

After it was detected I went to the SOPHOS Mobile Notification to SOPHOS Mobile Scanner to selecting the details of the detected **.apk and then to touch delete button & here is what happened

Displayed a Android Toast Message ( cannot be screen captured ) with the following displayed " Could not delete file 'storage/**/Download/**.apk' " 

My Device is running Android 7.0 and is up to date according to Samsung

My Device is a Samsung Galaxy Tab S2 9.7 [ SM-T810 ] 

All Apps updated via Google Play Store, do not use 3rd party Stores.

Any Unusual Activity, except this file showing up out of nowhere,?  What is Unusual these days anyway?

File Location /storage/****-****/Download/****.apk  [ Please Note : asterisks used in place of actual alphanumeric characters ].

 

So finally what I wanted is information :

Is this indicative of a larger problem?  

Why SOPHOS cannot delete from External SD card?

Can SOPHOS Mobile actually remove this ( we will find out as I'm going to attempt to move it to the internal storage to see what gets got by whomever ).

If you want there is a copy of file.apk its uploaded on Virus Total here : www.virustotal.com/

23 engines detected this file including Sophos AV as same " Andr/Svpebg-H " 
SHA-256 d41cb73d2bb0b4e41ae6e9d661561069fe80e28dd88ed838763b18d1beb94b4f

TLDR Android .apk shows up in storage/***ExternalSDcard***/Downloads/***MaliciousFile***.apk

SOPHOS Mobile detects this as " Andr/Svpeng-H " but cannot delete / remove it from External Sd card.

Unknown Incoming Vector, I suspect a drive-by as I do frequent some shady ass sites, so in meantime I did get other devices checked for Maliciousness [ They good ]



This thread was automatically locked due to age.
Unfiltered HTML