Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 40 replies
  • Subscribers 6 subscribers
  • Views 66700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Zbot - HAD

dakotaspurs

Hi everybody,

I am using Sophos Anti-Virus 8.0.20C on the Mac and I am having a very annoying alert recurring constantly throughtou the day.

I have an alert come up saying that it has detected the Troj/Zbot - HAD (sometimes the HAD is replaced with something else).  So I open up Quarantine Manager and Authenticate to be able to remove it, but as soon as I have authenticated, the threat in the window disappears without giving me a chance to clear it.

This has been going on for weeks and I have run the full scan of the machine a number of times, which comes up clean, but it keeps coming up.

Does anyone know why this is and how I can stop this happening?

UPDATE - I have since truned off the Scan inside archives and compressed files option in the preferences pain as suggetsed on another post but this hasn't solved the issue.

:1014787


This thread was automatically locked due to age.
Parents
  • 0

    Good morning Koamuseal,

    The issue you are having is slightly different to the one I was having.  With my issue, I had 2 threats being identified, but when I went in to Quarantine Manager there was no path identified so I could not find where to delete them.  Also, there was no log of them appearing in the Scan Log.

    After running some tests through Disk Utility on the Time Machine Drive, I found that it had errors which could not be repaired by the Mac Disk Utility or by the external Software DiskWarrior ... but Drive Pulse 3 did repair them and that has seemed to cure the issue with these warnings coming up.

    If you can see in Quarantine Manager, or in the scan log, a path to where the effected files are that keep appearing, then I would suggest you removed them manually by following the video tutorials that Ruckus posted earlier in this thread.  If the threats are on your Time Machine drive, and you can identify thatthey are, then you will need to remove them manually along with all other backups of that infected file, otherwise the On-Access Scanner will keep picking them up.

    You are right that these files may have come in via Spam-Email to start with, and if you didn't open the attachments then your machine shouldn't be infected.  However, Time Machine will still have backed them up when they were in your Mail application. This is what happened to me, but everytime Time Machine opened up to do an hourly back-up, the On-Access Scanner would see the file again and bring up another threat, even though it couldn't delete it.  That is why you need to follow the video tutorial and delete it manually.

    I hope that helps?

    :1015575
Reply
  • 0

    Good morning Koamuseal,

    The issue you are having is slightly different to the one I was having.  With my issue, I had 2 threats being identified, but when I went in to Quarantine Manager there was no path identified so I could not find where to delete them.  Also, there was no log of them appearing in the Scan Log.

    After running some tests through Disk Utility on the Time Machine Drive, I found that it had errors which could not be repaired by the Mac Disk Utility or by the external Software DiskWarrior ... but Drive Pulse 3 did repair them and that has seemed to cure the issue with these warnings coming up.

    If you can see in Quarantine Manager, or in the scan log, a path to where the effected files are that keep appearing, then I would suggest you removed them manually by following the video tutorials that Ruckus posted earlier in this thread.  If the threats are on your Time Machine drive, and you can identify thatthey are, then you will need to remove them manually along with all other backups of that infected file, otherwise the On-Access Scanner will keep picking them up.

    You are right that these files may have come in via Spam-Email to start with, and if you didn't open the attachments then your machine shouldn't be infected.  However, Time Machine will still have backed them up when they were in your Mail application. This is what happened to me, but everytime Time Machine opened up to do an hourly back-up, the On-Access Scanner would see the file again and bring up another threat, even though it couldn't delete it.  That is why you need to follow the video tutorial and delete it manually.

    I hope that helps?

    :1015575
Children
No Data