Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/JavaDldr-B trojan

countryman

A scan of my computer threw up this and placed it in Quarantine manager and I duly cleaned it up.  However on checking what this trojan did, I see that it is a PC trojan.  So I have a couple of questions.

1) Why did Sophos pick this up? 

2) By cleaning up have I now removed a file that is needed to run my Mac...when I need not have cleaned it up ?

This Mac has never had windows running on it.

TIA

:1004299


This thread was automatically locked due to age.
Parents
  • 0

    Hello countryman,

    1) Simply put: threat detection is "platform-agnostic", only the on-access scanner considers the platform it's running on, other scans include (all) executables for all supported platforms. In addition a Java .class is an executable for the Mac as Java is cross-platform - that this particular item is (currently) not a threat for your Mac is not taken into account. Apart from the fact that you probably don't want to pass it on to a Windows user, detection might not be based on Windows specific properties of the file. 

    2) If I understand you correctly you are worried about a file vital for you Mac being infected with a Windows-only threat and subsequent cleanup will render your Mac useless? Assuming that "something" has replaced this file you've already got a problem as it no longer will work anyway. If OTOH the file has only been modified it's very likely that cleanup will be able to revert the changes so no hram done. If in doubt (especially if delete is offered as only option) please ask first.

    HTH

    Christian   

    :1004301
Reply
  • 0

    Hello countryman,

    1) Simply put: threat detection is "platform-agnostic", only the on-access scanner considers the platform it's running on, other scans include (all) executables for all supported platforms. In addition a Java .class is an executable for the Mac as Java is cross-platform - that this particular item is (currently) not a threat for your Mac is not taken into account. Apart from the fact that you probably don't want to pass it on to a Windows user, detection might not be based on Windows specific properties of the file. 

    2) If I understand you correctly you are worried about a file vital for you Mac being infected with a Windows-only threat and subsequent cleanup will render your Mac useless? Assuming that "something" has replaced this file you've already got a problem as it no longer will work anyway. If OTOH the file has only been modified it's very likely that cleanup will be able to revert the changes so no hram done. If in doubt (especially if delete is offered as only option) please ask first.

    HTH

    Christian   

    :1004301
Children
No Data