This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

netbiosd and Mal/ENCPK-LL

I am experiencing two unsual behaviors on my Mac related to Sophos has a pop-up that says it has detected "Mal/EncPK-LL" but when I go to Quarantine it is gone or a item is there but no location on the drive is indicated. I also have Little Snitch running and I get popups from it where "netbiosd" is trying to connect to some assortment of different IP addresses.

Scans from Sophos on my drives come up with nothing.

Thoughts?

Thx

This thread was automatically locked due to age.

0 Agile over 13 years ago

Mal/ENCPK-LL detects obfuscation software associated with Windows-based malware. The file will not run under OS X. It is likely being accessed from a remote windows share (netbios is Windows filesharing) or is being partially loaded into a cache/temp file.
Since netbiosd is the filesharing server, you can either turn off windows filesharing, or investigate which IP is attempting to connect to you via this service (netbiosd only connects in response to a remote request for connection).
Do you have an external firewall? The second issue sounds a lot like an external bot on a botnet is probing your fileshares looking for a way in... but it could be as innocuous as being on the same network as a Windows computer. If the IP addresses start with "10." or "192.168." then you're probably OK, as these are local network addresses. If they are in another range, you need to reconfigure your network firewall (and turn on your OS X firewall/turn off windows filesharing).
:1004517
Cancel
Vote Up 0 Vote Down

Cancel