Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 1241 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 hour long threat cleaning???

StRoibard

This morning, Sophos popped open a window (capture below) with a message that a threat had been detected (Troj~ObfJS-BK). I went to the Sophos site and followed directions (on page http://www.sophos.com/en-us/support/knowledgebase/118117.aspx) for removing the threat. I followed the instructions for cleaning a Mac exactly. 

After over two hours, the sub-window inside the Quarantine Manager window was STILL going (horizontal barber pole running). I force quit the program (only way I could stop it), reopened Sophos, and followed the same steps as before, hoping the program had just gotten hung up before… well, two hours later and the cleaning is again, STILL going.

is this to be expected? is this a normal time to remove this threat? should I do something differently?

:1010656


This thread was automatically locked due to age.
Parents
  • 0

    Don't worry... Troj/ObfJS-BK is a malicious javascript injected into web pages, which silently redirects visitors to the webpage to a Blackhole exploit site.  As such, the file was probably detected in your browser cache, which was cleared before cleanup completed, causing an error in the cleanup.  If you look in the quarantine again, you'll likely find that the threat has vanished.

    However, Blackhole, while mainly targeting Windows machines, can be (and has been) used by malware authors to drop malware for OS X as well.  Because of this, I'd highly recommend you check to see if any dodgy plist files are in your /Library/LaunchAgents, /Library/LaunchDaemons/ etc. folders, or unexpected login items are associated with your user account.  You may also want to check for unusual network activity (I know, easier said than done).

    The main thing you can do to protect yourself in the future is to run your browser with JavaScript in a limited mode -- Firefox with NoScript, for example.

    :1010684
Reply
  • 0

    Don't worry... Troj/ObfJS-BK is a malicious javascript injected into web pages, which silently redirects visitors to the webpage to a Blackhole exploit site.  As such, the file was probably detected in your browser cache, which was cleared before cleanup completed, causing an error in the cleanup.  If you look in the quarantine again, you'll likely find that the threat has vanished.

    However, Blackhole, while mainly targeting Windows machines, can be (and has been) used by malware authors to drop malware for OS X as well.  Because of this, I'd highly recommend you check to see if any dodgy plist files are in your /Library/LaunchAgents, /Library/LaunchDaemons/ etc. folders, or unexpected login items are associated with your user account.  You may also want to check for unusual network activity (I know, easier said than done).

    The main thing you can do to protect yourself in the future is to run your browser with JavaScript in a limited mode -- Firefox with NoScript, for example.

    :1010684
Children
No Data