Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 594 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

help, please............

ianlayzell

Hi, please help. Recently bought a Apple Mac and recently choose to download off Apple's Shop your Sophos Anti Virus for Mac. I have run the scan which searches all files and folders. On the second run of the scan it has picked up the following: OSX/FakeAV-DUP.

It then states underneath, Action Available : the threat cannot be cleaned up. Please click the threat name above for manual clean up instructions. I clicked the name but still not sure how to manually clean it up. It states on your site that this threat "leaves non infected files on computer". It fools people into thinking they have a problem and try's to get bank details from the person by pretending to be a clean up service of some sort. As my scanning has picked this up twice I am worried that I do need to get rid/ remove this threat but am unsure how. Is the fact that the scan picks it up not really a problem. I haven't had any pop ups or worrying things show up on my screen. Please help as I would be extremely grateful.  Thanks

:1002841


This thread was automatically locked due to age.
Parents
  • 0

    Please see this thread for creating a manual scan to remove a threat: http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Help-with-Creating-a-Custom-Scan-to-remove-a-Threat/m-p/1625/

    If you're not being plagued by pop-ups of obscene content and prompts to pay for MacProtect to remove the "malware", the detection is likely on a file that has been downloaded but not run.  Instead of creating a manual scan, you can just delete the drive-by download file from your download folder (likely called Downloads in your home folder, unless you'ce changed it to your desktop folder or somewhere else).  I presume you meant OSX/FakeAV-DPU (we have no detection named OSX/FakeAV-DUP at this time), which is normally detected on a file called "clean.mpkg.zip ".  If you find any file you don't recognize in your downloads folder ending with mpkg.zip or pkg.zip, it's likely to be FakeAV and should be thrown in the trash.  The same goes for any .mpkg or .pkg files that you don't recognize -- these are installer bundles, and in this case install a fake Antivirus product if you let them.

    :1002917
Reply
  • 0

    Please see this thread for creating a manual scan to remove a threat: http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Help-with-Creating-a-Custom-Scan-to-remove-a-Threat/m-p/1625/

    If you're not being plagued by pop-ups of obscene content and prompts to pay for MacProtect to remove the "malware", the detection is likely on a file that has been downloaded but not run.  Instead of creating a manual scan, you can just delete the drive-by download file from your download folder (likely called Downloads in your home folder, unless you'ce changed it to your desktop folder or somewhere else).  I presume you meant OSX/FakeAV-DPU (we have no detection named OSX/FakeAV-DUP at this time), which is normally detected on a file called "clean.mpkg.zip ".  If you find any file you don't recognize in your downloads folder ending with mpkg.zip or pkg.zip, it's likely to be FakeAV and should be thrown in the trash.  The same goes for any .mpkg or .pkg files that you don't recognize -- these are installer bundles, and in this case install a fake Antivirus product if you let them.

    :1002917
Children
No Data