Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 4887 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wondering if I've been rootkitted

stiabhan

Hi,

I have used Sophos for Mac for ages and usually its been fine. About a week ago it stopped working. I'd do a scan - it would go half way through and the window just disappeared. A complete reinstall experienced the same and I re-ran a few times until it completed successfully.

com.sophos.autoupdate: Updating catalogue information at 15:15:26 20 June 2013
com.sophos.autoupdate: Catalogue updated at 15:15:28 20 June 2013
com.sophos.autoupdate: Download started at 15:15:28 20 June 2013
com.sophos.autoupdate: Download completed at 15:15:43 20 June 2013
com.sophos.autoupdate: Update started at 15:15:44 20 June 2013
com.sophos.intercheck: Sophos Anti-Virus
com.sophos.intercheck: Version 4.90, 13 June 2013
com.sophos.intercheck: Includes detection for 5196875 viruses, trojans and worms
com.sophos.intercheck: Copyright (c) 1989-2012 Sophos Ltd, www.sophos.com
com.sophos.intercheck:
com.sophos.intercheck: Using IDE files:
com.sophos.intercheck:
com.sophos.intercheck:     vb-gnu.ide
com.sophos.intercheck:     fake-gop.ide
com.sophos.intercheck:     medfos-p.ide
com.sophos.intercheck:     age-abnv.ide
com.sophos.intercheck:     thoper-a.ide
com.sophos.intercheck:     obfjs-eg.ide
com.sophos.intercheck:     simda-ai.ide
com.sophos.intercheck:     autoi-sy.ide
com.sophos.intercheck:     avatar-c.ide
com.sophos.intercheck:     zbot-exf.ide
com.sophos.intercheck:     dwnl-kul.ide
com.sophos.intercheck:     zbot-exi.ide
com.sophos.intercheck:     avkill-k.ide
com.sophos.intercheck:     darkko-a.ide
com.sophos.intercheck:     zbot-esr.ide
com.sophos.intercheck:     zacce-ku.ide
com.sophos.intercheck:     banc-bvi.ide
com.sophos.intercheck:     ranso-tf.ide
com.sophos.intercheck:     age-abpl.ide
com.sophos.intercheck:     autoi-tb.ide
com.sophos.intercheck:     zacce-kv.ide
com.sophos.intercheck:     luder-d.ide
com.sophos.intercheck:     rorpi-bm.ide
com.sophos.intercheck:     grafto-m.ide
com.sophos.intercheck:     age-abkp.ide
com.sophos.intercheck:     tracu-at.ide
com.sophos.intercheck:     msilin-y.ide
com.sophos.intercheck:     ranso-tg.ide
com.sophos.intercheck:     zacce-kx.ide
com.sophos.intercheck:     zbot-eya.ide
com.sophos.intercheck:     coinmi-a.ide
com.sophos.intercheck:     dwnl-ktf.ide
com.sophos.intercheck:     delfi-bj.ide
com.sophos.intercheck:     dwnl-ktr.ide
com.sophos.intercheck:     zbot-eyi.ide
com.sophos.intercheck:     zbot-eyo.ide
com.sophos.intercheck:     zbot-eyq.ide
com.sophos.intercheck:     vb-gnw.ide
com.sophos.intercheck:     zacce-kz.ide
com.sophos.intercheck:     inje-air.ide
com.sophos.intercheck:     zbot-eza.ide
com.sophos.intercheck:     ranso-tj.ide
com.sophos.intercheck:     burst-ax.ide
com.sophos.intercheck:     dwnl-kun.ide
com.sophos.intercheck:     msil-cb.ide
com.sophos.intercheck:     inje-ait.ide
com.sophos.intercheck:     revet-cr.ide
com.sophos.intercheck:     keylo-ot.ide
com.sophos.intercheck:     espion-f.ide
com.sophos.intercheck:     vbdro-ag.ide
com.sophos.intercheck:     age-abqa.ide
com.sophos.intercheck:     fake-gor.ide
com.sophos.intercheck:     zbot-fab.ide
com.sophos.intercheck:     buzus-ho.ide
com.sophos.intercheck:     zbot-fad.ide
com.sophos.intercheck:     delfi-bk.ide
com.sophos.intercheck:     medfo-dy.ide
com.sophos.intercheck:     medfos-r.ide
com.sophos.intercheck:     ranso-to.ide
com.sophos.intercheck:     farei-an.ide
com.sophos.intercheck:     scar-cd.ide
com.sophos.intercheck:     simda-al.ide
com.sophos.intercheck:     dorkb-gc.ide
com.sophos.intercheck:     ranso-tr.ide
com.sophos.intercheck:     vbinj-gt.ide
com.sophos.intercheck:     zbot-fai.ide
com.sophos.intercheck:     bdoo-bfa.ide
com.sophos.intercheck:     zbot-fap.ide
com.sophos.intercheck:     banbr-lh.ide
com.sophos.intercheck:     rarmal-g.ide
com.sophos.intercheck:     fake-gpr.ide
com.sophos.intercheck:     age-abkf.ide
com.sophos.intercheck:     ranso-tv.ide
com.sophos.intercheck:     bank-fuf.ide
com.sophos.intercheck:     krypt-aj.ide
com.sophos.intercheck:     zacce-lv.ide
com.sophos.intercheck:     fake-gps.ide
com.sophos.intercheck:     dload-il.ide
com.sophos.intercheck:     msil-cd.ide
com.sophos.intercheck:     vobfu-bz.ide
com.sophos.intercheck:     zbot-fav.ide
com.sophos.intercheck:     bred-ahb.ide
com.sophos.intercheck:     dorkb-gd.ide
com.sophos.intercheck:     java-nz.ide
com.sophos.intercheck:     ranso-ua.ide
com.sophos.intercheck:     auto-cba.ide
com.sophos.intercheck:     ranso-uc.ide
com.sophos.intercheck:     dapat-ai.ide
com.sophos.intercheck:     zbot-fbl.ide
com.sophos.intercheck:     vundo-aw.ide
com.sophos.intercheck:     mdro-fbo.ide
com.sophos.intercheck:     mdro-fbr.ide
com.sophos.intercheck:     zbot-fbw.ide
com.sophos.intercheck:     zbot-fbv.ide
com.sophos.intercheck:     bred-ahg.ide
com.sophos.intercheck:     age-absu.ide
com.sophos.intercheck:     bred-ahh.ide
com.sophos.intercheck:     age-abtb.ide
com.sophos.intercheck:     banc-bvk.ide
com.sophos.intercheck:     dloa-dsg.ide
com.sophos.intercheck:     dorkb-fy.ide
com.sophos.intercheck:     ranso-tn.ide
com.sophos.intercheck:     bubli-av.ide
com.sophos.intercheck:     age-abtj.ide
com.sophos.intercheck:     rtfdro-c.ide
com.sophos.intercheck:     dnsch-nj.ide
com.sophos.intercheck:     redir-w.ide
com.sophos.intercheck:     vb-goh.ide
com.sophos.intercheck:     age-abto.ide
com.sophos.intercheck:     zbot-fct.ide
com.sophos.intercheck:     zbot-fcx.ide
com.sophos.intercheck:     age-abtv.ide
com.sophos.intercheck:     mdro-fcc.ide
com.sophos.intercheck:     fake-gqk.ide
com.sophos.intercheck:     silly-kj.ide
com.sophos.intercheck:     msil-cf.ide
com.sophos.intercheck:     age-abqt.ide
com.sophos.intercheck:     jsred-lj.ide
com.sophos.intercheck:     sequid-a.ide
com.sophos.intercheck:     age-abun.ide
com.sophos.intercheck:     msil-dj.ide
com.sophos.intercheck:     zbot-fas.ide
com.sophos.intercheck:     zbot-fdg.ide
com.sophos.intercheck:     bred-aho.ide
com.sophos.intercheck:     bred-ahp.ide
com.sophos.intercheck:     age-abvk.ide
com.sophos.intercheck:     age-abvs.ide
com.sophos.intercheck:     tepfer-t.ide
com.sophos.intercheck:     ranso-uo.ide
com.sophos.intercheck:     zbot-fds.ide
com.sophos.intercheck:     dwnl-kuw.ide
com.sophos.intercheck:     ursnif-v.ide
com.sophos.intercheck:     matsn-af.ide
com.sophos.intercheck:     age-abwu.ide
com.sophos.intercheck:     fake-grl.ide
com.sophos.intercheck:     age-abxa.ide
com.sophos.intercheck:     zbot-ffp.ide
com.sophos.intercheck:     qakbo-aq.ide
com.sophos.intercheck:     dexfon-g.ide
com.sophos.intercheck:     fake-gph.ide
com.sophos.intercheck:     zbot-fgf.ide
com.sophos.intercheck:     pyisal-a.ide
com.sophos.intercheck:     mdro-fbv.ide
com.sophos.intercheck:     ranso-uu.ide
com.sophos.intercheck:     psw-jw.ide
com.sophos.intercheck:     beebo-an.ide
com.sophos.intercheck:     krypt-am.ide
com.sophos.intercheck:     zbot-fgw.ide
com.sophos.intercheck:     age-abxq.ide
com.sophos.intercheck:     javab-pi.ide
com.sophos.intercheck:     delf-foh.ide
com.sophos.intercheck:     pdf-g.ide
com.sophos.intercheck:     age-abxy.ide
com.sophos.intercheck:     krypt-an.ide
com.sophos.intercheck:     ifram-kd.ide
com.sophos.intercheck:     mdro-fcx.ide
com.sophos.intercheck:     ramni-dh.ide
com.sophos.intercheck:     phish-cu.ide
com.sophos.intercheck:     bred-ahq.ide
com.sophos.intercheck:     bdoo-bfb.ide
com.sophos.intercheck:     ranso-va.ide
com.sophos.intercheck:     bubli-ax.ide
com.sophos.intercheck:     autoi-sv.ide
com.sophos.intercheck:     dwnl-kwo.ide
com.sophos.intercheck:     revet-ct.ide
com.sophos.intercheck:     msil-dh.ide
com.sophos.intercheck:     ranso-vj.ide
com.sophos.intercheck:     fake-gqj.ide
com.sophos.intercheck:     bank-fup.ide
com.sophos.intercheck:     gyepis-a.ide
com.sophos.intercheck:     backd-iu.ide
com.sophos.intercheck:     zbot-fhl.ide
com.sophos.intercheck:     spy-aay.ide
com.sophos.intercheck:     zbot-fhm.ide
com.sophos.intercheck:     ngvck-w.ide
com.sophos.intercheck:     bdoo-bfc.ide
com.sophos.intercheck:     mdro-fco.ide
com.sophos.intercheck:     crack-aq.ide
com.sophos.intercheck:     zbot-fhz.ide
com.sophos.intercheck:     zbot-fia.ide
com.sophos.intercheck:     bred-ahs.ide
com.sophos.intercheck:     bubli-ay.ide
com.sophos.intercheck:     bank-fus.ide
com.sophos.intercheck:     bubli-az.ide
com.sophos.intercheck:     banc-bvr.ide
com.sophos.intercheck:     zacce-mg.ide
com.sophos.intercheck:     encp-akj.ide
com.sophos.intercheck:     delf-fol.ide
com.sophos.intercheck:     zacce-mx.ide
com.sophos.intercheck:     zbot-fii.ide
com.sophos.intercheck:     ranso-vo.ide
com.sophos.intercheck:     backd-ja.ide
com.sophos.intercheck:     age-acap.ide
com.sophos.intercheck:     bckd-rqe.ide
com.sophos.intercheck:     autoi-tq.ide
com.sophos.intercheck:     dapat-aj.ide
com.sophos.intercheck:     dwnl-kvh.ide
com.sophos.intercheck:     boda-c.ide
com.sophos.intercheck:     bubli-ba.ide
com.sophos.intercheck:     sillfd-b.ide
com.sophos.intercheck:     silly-kk.ide
com.sophos.intercheck:     ranso-vr.ide
com.sophos.intercheck:     age-abxu.ide
com.sophos.intercheck:     mdro-fdf.ide
com.sophos.intercheck:     backd-jb.ide
com.sophos.intercheck:     autoi-uc.ide
com.sophos.intercheck:     zbot-fit.ide
com.sophos.intercheck:     age-acbi.ide
com.sophos.intercheck:     simbot-j.ide
com.sophos.intercheck:     bred-ahu.ide
com.sophos.intercheck:     fake-gsa.ide
com.sophos.intercheck:     java-op.ide
com.sophos.intercheck:     age-acbm.ide
com.sophos.intercheck:     silbat-a.ide
com.sophos.intercheck:     age-acbq.ide
com.sophos.intercheck:     inje-aka.ide
com.sophos.intercheck:     zbot-fhj.ide
com.sophos.intercheck:     ranso-vx.ide
com.sophos.intercheck:     redyms-m.ide
com.sophos.intercheck:     ranso-vy.ide
com.sophos.intercheck:     mdro-fdk.ide
com.sophos.intercheck:     age-acca.ide
com.sophos.intercheck:     pws-jl.ide
com.sophos.intercheck:     travne-c.ide
com.sophos.intercheck:     zegos-cc.ide
com.sophos.intercheck:     age-acck.ide
com.sophos.intercheck:     bckd-rqb.ide
com.sophos.intercheck:     age-accq.ide
com.sophos.intercheck:     dorkb-hc.ide
com.sophos.intercheck:     age-abzi.ide
com.sophos.intercheck:     pws-cdj.ide
com.sophos.intercheck:     zbot-fel.ide
com.sophos.intercheck:     spy-aba.ide
com.sophos.intercheck:     age-abzm.ide
com.sophos.intercheck:     age-accs.ide
com.sophos.intercheck:     ranso-wb.ide
com.sophos.intercheck:     javaex-b.ide
com.sophos.intercheck:     vbs-bq.ide
com.sophos.intercheck:     qakbo-ar.ide
com.sophos.intercheck:     matsn-ae.ide
com.sophos.intercheck:     xserv-a.ide
com.sophos.intercheck:     age-acaq.ide
com.sophos.intercheck:     age-accy.ide
com.sophos.intercheck:     ranso-wg.ide
com.sophos.intercheck:     autoi-ug.ide
com.sophos.intercheck:     buzus-hp.ide
com.sophos.intercheck:     age-acdc.ide
com.sophos.intercheck:     miner-l.ide
com.sophos.intercheck:     ranso-wi.ide
com.sophos.intercheck:     zbot-fio.ide
com.sophos.intercheck:     zbot-fip.ide
com.sophos.intercheck:     zbot-fkx.ide
com.sophos.intercheck:     zbot-fkz.ide
com.sophos.intercheck:     zacce-nc.ide
com.sophos.intercheck:     qhost-be.ide
com.sophos.intercheck:     choose-a.ide
com.sophos.intercheck:     age-acdw.ide
com.sophos.intercheck:     dwnl-kxb.ide
com.sophos.intercheck:     zbot-flq.ide
com.sophos.intercheck:     age-aceb.ide
com.sophos.intercheck:     zbot-flr.ide
com.sophos.intercheck:     qakbo-au.ide
com.sophos.intercheck:     bank-fvg.ide
com.sophos.intercheck:     bootlo-a.ide
com.sophos.intercheck:     backd-ix.ide
com.sophos.intercheck:     ramni-do.ide
com.sophos.intercheck:     delf-fop.ide
com.sophos.intercheck:     zacce-ne.ide
com.sophos.intercheck:     ranso-vv.ide
com.sophos.intercheck:     zbot-flw.ide
com.sophos.intercheck:     age-acer.ide
com.sophos.intercheck:     age-aces.ide
com.sophos.intercheck:     rtfex-ay.ide
com.sophos.intercheck:     age-acey.ide
com.sophos.intercheck:     zbot-fml.ide
com.sophos.intercheck:     zbot-fkb.ide
com.sophos.intercheck:     vbs-br.ide
com.sophos.intercheck:     dwnl-kxg.ide
com.sophos.intercheck:     swfred-b.ide
com.sophos.intercheck:     zbot-fmw.ide
com.sophos.intercheck:     matsn-ai.ide
com.sophos.intercheck:     javab-px.ide
com.sophos.intercheck:     ponmoc-m.ide
com.sophos.intercheck:     zbot-fmy.ide
com.sophos.intercheck:     swfex-bw.ide
com.sophos.intercheck:     keylo-oy.ide
com.sophos.intercheck:     ranso-wx.ide
com.sophos.intercheck:     zacce-nl.ide
com.sophos.intercheck:     ranso-ba.ide
com.sophos.intercheck:     zacce-nm.ide
com.sophos.intercheck:     obfjs-ej.ide
com.sophos.intercheck:     banlo-os.ide
com.sophos.intercheck:     zacce-np.ide
com.sophos.intercheck:     zbot-fno.ide
com.sophos.intercheck:     ranso-wz.ide
com.sophos.intercheck:     zbot-fnp.ide
com.sophos.intercheck:     zbot-fky.ide
com.sophos.intercheck:     dofoi-ao.ide
com.sophos.intercheck:     ranso-xa.ide
com.sophos.intercheck:     revet-cv.ide
com.sophos.intercheck:     matsn-ak.ide
com.sophos.intercheck:     age-acge.ide
com.sophos.intercheck:     tepfer-x.ide
com.sophos.intercheck:     age-acgg.ide
com.sophos.intercheck:     age-acdk.ide
com.sophos.intercheck:     kazy-bf.ide
com.sophos.intercheck:     banbr-li.ide
com.sophos.intercheck:     klovbo-n.ide
com.sophos.intercheck:     farei-az.ide
com.sophos.intercheck:     mdro-fea.ide
com.sophos.intercheck:     keyboy-a.ide
com.sophos.intercheck:     barys-g.ide
com.sophos.intercheck:     bandel-a.ide
com.sophos.intercheck:     zbot-foh.ide
com.sophos.intercheck:     ranso-wp.ide
com.sophos.intercheck:     inje-akm.ide
com.sophos.intercheck:     aduska-c.ide
com.sophos.intercheck:     weels-bh.ide
com.sophos.intercheck:     vbna-bi.ide
com.sophos.intercheck:     age-achr.ide
com.sophos.intercheck:     mdro-fef.ide
com.sophos.intercheck:
com.sophos.autoupdate: Info:    Checked primary server at 15:17 on 20 June 2013
com.sophos.autoupdate:     Sophos Anti-Virus was updated
com.sophos.autoupdate:
com.sophos.intercheck: Info:    On-access scanner started at 15:17 on 20 June 2013
com.sophos.intercheck:

My problem: its not detecting some files it used to complain about (some historical malware samples which were PC specific). I copied the EICAR test file and ran again and it fails to find that - but again it is a PC specific file. Does Sophos for Mac Home Edition report on these examples? Just how confident can I be in the clean scan?

ATB


Stevie

:1012398


This thread was automatically locked due to age.
  • 0

    Hello Stevie,

    EICAR should trigger a detection regardless of the platform. Please check if the Preferences say that On-Access scanning is really on. There are some posts here about it getting disabled and/or refusing to get enabled. Anyway - a scheduled or Finder scan should detect it.

    Christian

    :1012404
  • 0

    Hi Christian!

    Many thanks for your prompt reply.

    Turns out I'd not copied the EICAR file to my Linux desktop by mistake - the second I copied it to the Mac the on-access scanner detected it so I am confident that things are running ok. I have experienced occasional fails of the AV scanner where it stops working and needs re-installs and that makes me very nervous. With your feedback and this simple test I am happy that things appear to be ok now.

    Kind regards

    Steve

    :1012430