Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 40 replies
  • Subscribers 6 subscribers
  • Views 66689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Zbot - HAD

dakotaspurs

Hi everybody,

I am using Sophos Anti-Virus 8.0.20C on the Mac and I am having a very annoying alert recurring constantly throughtou the day.

I have an alert come up saying that it has detected the Troj/Zbot - HAD (sometimes the HAD is replaced with something else).  So I open up Quarantine Manager and Authenticate to be able to remove it, but as soon as I have authenticated, the threat in the window disappears without giving me a chance to clear it.

This has been going on for weeks and I have run the full scan of the machine a number of times, which comes up clean, but it keeps coming up.

Does anyone know why this is and how I can stop this happening?

UPDATE - I have since truned off the Scan inside archives and compressed files option in the preferences pain as suggetsed on another post but this hasn't solved the issue.

:1014787


This thread was automatically locked due to age.
  • 0

    Hi Ruckus,

    Did you get the log for the TM scan ok last night?

    :1015509
  • 0

    Yes.  Log shows it found nothing.

    So today with the TM volume connected do the pop-up threat alerts continue?

    :1015513
  • 0

    I think I have an issue with the TM hardware itself now, so running some tests on that first and going to repair it.  If that gets repaired we'll see if that makes a difference.

    :1015515
  • 0

    So here's the update.

    I ran Disk Utility and Disk Warrior on the Time Machine drive and neither could fix it.  I then ran it through Drive Genius 3 DrivePulse, which fixed the drive and ever since I have not had these errors coming up.

    Thank you for all of your help Ruckus, we got there in the end.

    :1015555
  • 0

    Hi.

    I read your post since I'm having the same problem on my MacBook Pro with Mavericks and Time Machine. Since a few months back I keep getting different alerts about a few (three or four) different trojans with similar names as yours. Cleaning out the threats using the Quarantine Manager in Sophos seem to work for the moment, but they keep popping up again after a while.

    I googled ProSoft Drive Genius 3 and found it for sale on the US Apple Store for close to $100! Are you telling me that the only way to get rid of these trojan-alerts is to purchase this software?

    By the way, have I understood these 'warnings' correct when I say that they have entered my computer through spam-mail attachments but that they haven't still been 'activated' since I haven't opened any of the attachments in these e-mails? They haven't already infected my computer, right?

    :1015573
  • 0

    Good morning Koamuseal,

    The issue you are having is slightly different to the one I was having.  With my issue, I had 2 threats being identified, but when I went in to Quarantine Manager there was no path identified so I could not find where to delete them.  Also, there was no log of them appearing in the Scan Log.

    After running some tests through Disk Utility on the Time Machine Drive, I found that it had errors which could not be repaired by the Mac Disk Utility or by the external Software DiskWarrior ... but Drive Pulse 3 did repair them and that has seemed to cure the issue with these warnings coming up.

    If you can see in Quarantine Manager, or in the scan log, a path to where the effected files are that keep appearing, then I would suggest you removed them manually by following the video tutorials that Ruckus posted earlier in this thread.  If the threats are on your Time Machine drive, and you can identify thatthey are, then you will need to remove them manually along with all other backups of that infected file, otherwise the On-Access Scanner will keep picking them up.

    You are right that these files may have come in via Spam-Email to start with, and if you didn't open the attachments then your machine shouldn't be infected.  However, Time Machine will still have backed them up when they were in your Mail application. This is what happened to me, but everytime Time Machine opened up to do an hourly back-up, the On-Access Scanner would see the file again and bring up another threat, even though it couldn't delete it.  That is why you need to follow the video tutorial and delete it manually.

    I hope that helps?

    :1015575
  • 0

    Sorry, forgot to add Koamuseal,

    Before you buy any external software you should run the Disk Utility Disk Repair function on your Time Machine drive and see if any errors come up.  If Disk Utility can't repair the drive, then you may need to buy some external software to cure it.  However, I need to stress, that the external software may not be able to repair all problems either ... it depeneds on how badly damaged the drive is.

    But to repair Mac Drives, you should always use check Disk Utility first.


    Simon

    :1015577
  • 0

    Ok, thanks for the quick reply.

    First I will try using the Disk Utility on my TM and see what will turn up. With a little luck that just might do the trick.

    Last fall, when I got my first trojan-warning, I actually tried to delete it manually. I went into TM and followed the steps from the posted video guide and deleted all TM backups of the file. I also went into Finder and located the file inside my Mail folder and deleted it manually. Unfortunately it didn't work for me and the alert came back after a few days (if I remember correctly). Since then I've started to get alerts for 2-3 more of these trojans from time to time, almost every day now.

    I've also done a search inside my Mail program as well as my webmail for the same account, but I cannot find any copies of these spam mails in any of my folders.

    :1015579
  • 0

    If you're still having issues then I would suggest you start a new post and put up screen shots of the scan log and threat warnings, you will be able to get more specific help then.

    Good luck

    :1015581
  • 0

    Did a full scan of my TM with Disk Utility last night, it found nothing.

    I will now start a new thread instead and include some screen shots and hope that I will be able to solve this mess eventually.

    :1015589