Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 3202 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I remove Troj/Iframe-HJ?

jk10003

I installed Sophos Anti-Virus 8.0.6C for Mac today.  It almost immediately found Troj/Iframe-HJ.  However, when I go to the Quarantine Manager, put in my admin password, and press Clean Up Threat, it says "Cleaning up threats..." but the task never finishes.  Is there another way, or another version, I should be using?  And can anyone tell me anything else about this threat?The Sophos website, http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Iframe-HJ/detailed-analysis.aspx  is kind of obscure.

Thanks.

JK

:1008452


This thread was automatically locked due to age.
Parents
  • 0

    Hello lk10003,

    first of all, Java and JavaScript are different things although they have a common denominator. JavaScript is interpreted by the browser (or a viewer, e.g. PDF). While applications usually allow to turn off JavaScript you can't turn it off globally and definitely not by disabling Java.

    Malicious JavaScript is mainly detected in web pages, usually in the browser's cache. As cache space is limited it's likely to get deleted somewhen in the future when new content is downloaded. Thus these items might disappear - of course the message about the detection will not be removed from the log (to keep such messages is what the log is for). Usually these items also need the browsing context in order to do their "work" and are often harmless by themselves.

    Using two AV products with a real-time (on-access) component together is generally not a good idea. One might block the others attempted action (e.g. disinfect or move) on a file, and as the two can't access (and assess) a file at the same time results are unpredictable. Looks like ClamXav "did" something with the script and at this time it has been scanned and detected by Sophos. Deletions are not intercepted so if a temporary is deleted everything in it also disappears.

    Christian

    :1008702
Reply
  • 0

    Hello lk10003,

    first of all, Java and JavaScript are different things although they have a common denominator. JavaScript is interpreted by the browser (or a viewer, e.g. PDF). While applications usually allow to turn off JavaScript you can't turn it off globally and definitely not by disabling Java.

    Malicious JavaScript is mainly detected in web pages, usually in the browser's cache. As cache space is limited it's likely to get deleted somewhen in the future when new content is downloaded. Thus these items might disappear - of course the message about the detection will not be removed from the log (to keep such messages is what the log is for). Usually these items also need the browsing context in order to do their "work" and are often harmless by themselves.

    Using two AV products with a real-time (on-access) component together is generally not a good idea. One might block the others attempted action (e.g. disinfect or move) on a file, and as the two can't access (and assess) a file at the same time results are unpredictable. Looks like ClamXav "did" something with the script and at this time it has been scanned and detected by Sophos. Deletions are not intercepted so if a temporary is deleted everything in it also disappears.

    Christian

    :1008702
Children
No Data