I recently installed Sophos about two weeks ago. Today I get bunch of alerts about Troj/TdlMbr-D. Mainly in my email messages that I know are from reputable sources. Are these false positives and can anyone shed some light on this issue? I'm running a MBP with Mountain Lion.
com.sophos.intercheck: 2012-09-07 11:47:25 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/3/7/Messages/73911.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:47:26 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/3/7/Messages/73915.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:47:26 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/3/7/Messages/73957.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:48:26 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.dir
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:48:26 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.scale
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:48:41 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:49:35 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:49:51 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:50:32 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:50:42 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:51:05 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:51:12 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:51:15 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:51:41 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:51:48 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:52:55 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.dir
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:52:55 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.scale
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:52:55 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:53:18 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.dir
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:53:18 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.scale
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:57:53 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:58:07 -0400 Threat: 'Troj/TdlMbr-D' detected in /System/Library/PreferencePanes/SharingPref.prefPane/Contents/Info.plist
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:58:17 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Documents/Criterion Covers/Gotham/GothamRnd-Medium.otf
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:11 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@t-sciences.com@imap.gmail.com/INBOX.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74647.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:11 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/Spam.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74649.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:11 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@t-sciences.com@imap.gmail.com/[Gmail].mbox/Important.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74650.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:11 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@t-sciences.com@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74651.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:28 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@t-sciences.com@imap.gmail.com/INBOX.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74647.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:28 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/Spam.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74649.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:28 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@t-sciences.com@imap.gmail.com/[Gmail].mbox/Important.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74650.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:28 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@t-sciences.com@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74651.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:39 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/INBOX.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74665.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:39 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74684.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:40 -0400 Threat: 'Troj/TdlMbr-D' detected in /private/var/msgs/bounds
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:42 -0400 Threat: 'Troj/TdlMbr-D' detected in /private/var/run/diskarbitrationd.pid
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:42 -0400 Threat: 'Troj/TdlMbr-D' detected in /private/var/run/syslog.pid
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:43 -0400 Threat: 'Troj/TdlMbr-D' detected in /private/var/run/appfwd.pid
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:45 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/INBOX.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74665.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:59:45 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74684.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 12:00:09 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.dir
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 12:00:09 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Fonts/fonts.scale
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 12:00:10 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 12:01:45 -0400 Threat: 'Troj/TdlMbr-D' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 12:08:30 -0400 Threat: 'Troj/TdlMbr-D' detected in /Users/MY USERNAME/Library/Mail/V2/IMAP-MY EMAIL USERNAME@imap.gmail.com/[Gmail].mbox/All Mail.mbox/RANDOM SET OF ALPHANUMERICS/Data/4/7/Messages/74171.emlx
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: 2012-09-07 11:43:00 -0400 Threat: 'Troj/TdlMbr-D' detected in /usr/share/locale/la_LN.US-ASCII/LC_COLLATE
We've had a couple of reports of this on the forums; if you clear the quarantine and reboot your computer, are the files still detected?
There is no way Troj/TdlMbr-D could detect in most of those locations -- it's a Windows Master Boot Record infector. Likely Troj/TdlMbr-D was detected somewhere on your system, but those files are not the actual location.
same here! as of today 11-04-13 Quarantine Manager is reporting that my mac is riddled with Troj/TdlMbr-D
very odd as it hadn't yesterday. Computers been off all night, majority appear to be Apple Mail related... the more I click in Mail the more it reported!
e.g. /Users/havinabubble/Library/Mail/V2/Mailboxes/Deleted Messages (havinabubble).mbox/AE359E0F-4929-40A0-A6B1-5AF10974865A/Data
I tried removing manually some of the early ones, which where in VERY old files (not Apple Mail related)...Palm related! But then figured this must be a False/Positive.
followed the Clear and Reboot suggestion above...at first this didnt change, on startup it reported another 44 and displayed.
but just been to check and NOTHING, no mention of ANY in Quarantine Manager (I didnt clear the other 44 btw)
very odd :smileyfrustrated:
OS 10.8.3
SAV 8.0.12C
Lately, I've been getting an alert from SAV regarding a threat named Mal/PHPIfr-A, almost every time I try to publish a website using RapidWeaver. The path is always a temporary folder RapidWeaver uses for exporting the site prior to publishing, and it is a different temp folder each time.
Is this a false positive, or real? Does anyone else have the same problem?
