Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1139 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simplest way to remove Mal/FakeDouf-B

bossfo
Simplest way to remove Mal/FakeDouf-B

 

11-10-2012 12:14 PM

I have 8 incidents of Mal/FakeDouf-B with different file names and all need to be cleaned up manually.

When i click on the threat to get details on how to do this it takes me to a page, http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~FakeDouf-B.aspx  where it states "Affected Operating Systems: Windows"

I am using Mac OSX 10.7.5 and wanted to know if this threat affects me? and if so, the easiest way to get rid of it?  and even where I got it, so I can try and avoid these sites.

Thanks

JB

:1010758


This thread was automatically locked due to age.
  • 0

    Mal/FakeDouf-B is a rootkit-like trojan for Windows that uses anti-detection techniques to attempt to avoid AV scanners.  On OS X, if you've got the filename, you can just delete the file, either by setting up a custom scan set to delete, or by locating the files in the Finder and throwing them in the trash.  Cleanup fails because it is expecting to be embedded into the Windows OS and cleanup involves attempts to extract it from the OS.  Since all these cleanup steps will fail on OS X, cleanup itself is failing.

    However, if this is being detected on a Windows partition, you should clean it up from within the Windows OS, as just removing the executable file won't undo all the changes it has made to the operating system.

    :1010766
  • 0

    Andrew

    Thanks for responding.  I do not use Windows at all on my machine, so I am hoping that the info you provided in your first paragraph will help. 

    Any suggestions on how to avoid this going forward?

    Best

    JB

    :1010772
  • 0
    bossfo wrote:

    Andrew

    Thanks for responding.  I do not use Windows at all on my machine, so I am hoping that the info you provided in your first paragraph will help. 

    Any suggestions on how to avoid this going forward?

    Best

    JB

    If you're not using Windows, it's perfectly safe to just delete.  How you do this depends to some degree on where you're finding it (in an email, in your browser cache, in your downloads folder, in a a backup archive, etc.).  It's always going to be an unwanted file you can just get rid of, however.  If sophos gets in your way of doing this, you can temporarily disable on-access scanning to effect the removal.

    See http://www.sophos.com/en-us/support/knowledgebase/118117.aspx for more details.

    :1010786