Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 1805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Bredo-ACC-Sophos warnings coming up 8-10 times a day!

jodyjoy

Since the past couple of weeks Sophis has popped up a warning about the Troj/Bredo-ACC virus and it is always in a different path/place. Since I have Sophos set to automatically clean up the threat, it disappears within a couple of seconds. I ran a complete scan of the HD and backup HD with nothing coming up. Yet this is continuing. The last position of the bit was in my Agile 1Password folder. I'm running OS 10.7.4 with the latest Sophos.

What in the world is this creepy trojan thing and why won't it go away?

:1010092


This thread was automatically locked due to age.
Parents
  • 0

    I'm finally back on the forums, and can put your mind at ease fairly quickly I hope...

    Bredo is an email-based malware attack targeting Windows machines via infected zipped executables.  So your initial theory is probably correct.

    That said, if you're seeing Bredo identities show up in non-mail folders, please note the file name and path -- my guess is that it's being detected in cache folders and temporary library locations, but without the paths, I couldn't say for sure.

    If you're using IMAP to connect to your mail server, it is possible that the same malware is being downloaded and detected again and again, resulting in a constant detect/clean cycle.

    Personally, I recommend not setting AV products to automatically delete -- quarantine and move is usually good enough, and quarantine in place is generally all you need to do.

    :1010248
Reply
  • 0

    I'm finally back on the forums, and can put your mind at ease fairly quickly I hope...

    Bredo is an email-based malware attack targeting Windows machines via infected zipped executables.  So your initial theory is probably correct.

    That said, if you're seeing Bredo identities show up in non-mail folders, please note the file name and path -- my guess is that it's being detected in cache folders and temporary library locations, but without the paths, I couldn't say for sure.

    If you're using IMAP to connect to your mail server, it is possible that the same malware is being downloaded and detected again and again, resulting in a constant detect/clean cycle.

    Personally, I recommend not setting AV products to automatically delete -- quarantine and move is usually good enough, and quarantine in place is generally all you need to do.

    :1010248
Children
No Data