Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Doesn't clean Troj/Wimad-E

Have a mac, running OSX 10.7.4 and updated Anti-virus - open quarantine manager which has identified Troj/Wimad-E.

I click on clean up, authenticate and it starts the clean up - which runs and runs....  evenentually get a dialogue box - can't remove the threat.

Suggestions?

Thank you for your help.

:1008540


This thread was automatically locked due to age.
  • Troj/Wimad-E detects a malicious web redirect hidden inside windows media files downloaded mainly from torrent sites.  The file types are usually .asf or .wma, and the attack does not work on OS X (it's aimed at Windows users, and usually triggers an automatic download of scareware or malware).

    Since this is actually a malicious header injected into a video file, your best bet for removing it is either to delete the video file or convert it to another format.  You can also create a custom scan set to delete the file, but tossing it in the trash is just as easy.

    :1008560
  • how do I find the file.... sophos doesn't show the path or filename.

    :1008608
  • If there's no path listed in the quarantine manager, it might be in Time Machine, or might no longer exist.  I'd check your places where you grab wmv and asf files from bittorrent trackers, if you do that -- as this is likely where you'll find it.  Do you at least have a file name, or is it completely blank?

    If you have no information listed at all, I'd suggest removing the threat name from the Quarantine Manager and seeing if it comes back.  These files are not a threat to you (but would be to share with anyone running Windows).

    :1008618
  • there is no filename.  Thanks for the help though...

    :1008728