Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 9984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos finding windows malware on mac

Marinko70

having eventually found some older hits around the similar topic wihch confirmed some things that happened to my mac here's a summary and some asks

sophos will find windows malware - typically in downloads folder. they can not infect your mac.

it seems that under normal circumstances sophos will delete them automatically and you don't even know it which is the the most appropriate action.

I had difficulties yesterday where sophos reported a trojan. I believed it was a real threat to my Mac - there's no way of me knowing that it was a windows trojan.

I used the 'clean-up' function in quaratine manager and sophos just went into a loop, my whole system became intermittantly unresponsive and other odd things - for those that had used windoes in the past this is a sure sign of a virus.

Having performed various actions - switching on hidden files as sophos was reporting that the trojan was in '.trashes' I deleted all such files that I don't need, I went to timemachine and deleted all files in downloads for all back-ups (as sophos was also pointing to that path.

After a number of reboots and sophos still reporting the problem and going into a loop every time I tried to use clean-up.

From my post on apple support community I was advised it was windows malware and that sophos was the likely culprit from slugging my mac. this came quickly which I'm glad of as I was about to erase my disk and rebuild the system.

I removed sophos from my mac and all OK.

I re-installed sophos and it could not find any malware.

it would help greatly if sophos could simply report that it's found windows malware.

one of the possible reasons for the loop is that my timemchine backup is on wireless storage. as sophos was also reporting malware in my backups, it may have been struggling to find the infected file. however this does not warrant sophos slugging my mac to the point of real concern that I was indeed infected by real malware. I am happy that sophos provides some protection but at the same time I don't want to lose 2-3 hours trying to address an issue that doesn't actually exist.  

:1012436


This thread was automatically locked due to age.
  • 0

    Hi marinko70,

    Thanks for the feedback. Re: your suggestion about identifying potentially malicious threats by platform, its more difficult than you might imagine because our SophosLabs team (those guys who research and respond 24x7 to threats) don't classify by platform. And given that many people use Windows VMs via Fusion or Parallels with shared drives, knowing about WIndows threats can be useful.

    I suggest given the version 9 preview a whirl, we've made some improvements in system performance when using a wireless Time Capsule type system.

    :1012442
  • 0

    Hello marinko70 and Bob Cook.

    Thanks for the forum thread!  

    I have Sophos Anti-Virus installed on my Mac and ran the scan succussfully. 

    However, I have a PC that is infected with the FBI virus. I've tried everything to get it to reboot and no dice. So, I'm going to attempt to remove the HD on the PC and hook it up to an IDE 'caddy' into the Mac. I want to run Sophos Anti-Virus on the infected PC drive.

    Is this a compatible setup (PC/caddy/Mac) and will Sophos run against that drive? If so, will it also detect the FBI virus on the infected PC drive and remove it? How dangerous is this for the Mac? I can't infect the Mac, so I want to be very cautious here. 

    Thanks for any guidance here!  

    Regards, 

    Philcali

    :1012560
  • 0

    Hi Philcali,

    However, I have a PC that is infected with the FBI virus. I've tried everything to get it to reboot and no dice. So, I'm going to attempt to remove the HD on the PC and hook it up to an IDE 'caddy' into the Mac. I want to run Sophos Anti-Virus on the infected PC drive.

    Is this a compatible setup (PC/caddy/Mac) and will Sophos run against that drive? If so, will it also detect the FBI virus on the infected PC drive and remove it? How dangerous is this for the Mac? I can't infect the Mac, so I want to be very cautious here. 

    This won't be dangerous to the Mac at all, however it likely won't be able to clean up any "complex" malicious code from your Windows drive that might be buried in the Windows registry or boot records. Our Mac product finds the original executables that could infect a Windows machine, but it doesn't have the capability to clean up.

    You can give our free Virus Removal Tool a spin. Its designed to run without a permanent installer (just download and run).

    :1012568
  • 0

    Bob, 

    Appreciate your quick response! 

    So the Anti-Virus might detect the virus on the PC but I'd need the Virus Removal Tool to remove it. Is the Removal Tool a standalone product? In other words, does the Virus Removal Tool work as a virus 'detector' AND 'eradicator'? Or must you use both software products to 'detect' and then 'eradicate?

    Thanks, and best regards.

    PhilCali 

    :1012576
  • 0

    Hello PhilCali (and Bob),

    SVRT does both scan and clean (except for some special cases)  if necessary with an additional reboot when components are locked (but as all AV products it can't restore destroyed information, for some settings this means it can only use the original and not revert to the previous state). 

    If you can't boot to Windows (I'm not sure I understand to get it to reboot correctly) it won't help you though. @Bob: it does install itself before running and it does not work in Safe Mode because of this - that's for the current 2.4 version (although the SVRT web page says 6.2). For more on SVRT or possible alternatives I'd suggest the Free Tools board on SophosTalk.

    Christian

    :1012586