Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 3645 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I have just installed Sophos : A virus was detected !!!!

JojoFrench

Hello !

I've just heard about Sophos AntiVirus a few hours ago.

So I decided to install it. It runs very smoothly.

I've ran a full scan right now, and Sophos has detected a virus !!! I'm very surprised about that !!

The name of the threat is : Mal/JavaHoxo-A in the file : /Users/Jojo/Library/Caches/Java/cache/6.0/41/ff74ae9-7d783ce1 [EIRC.class]

Mac... Viruses... What ? :smileysurprised:

:1000077


This thread was automatically locked due to age.
  • 0

    Hello JojoFrench,

    if you read the analysis for Mal/JavaHoxo-A you'll see that it affects Windows (only). Now you could argue why Sophos for Mac bothers with this threat. Fact is that the majority of malware is for Windows given its market share. To scan only for threats affecting the platform the AV is running on would complicate matters (you'd have to store the information along with the IDEs/signatures, you have to update it when new OS versions are available and so on). Do not confuse this with the objects scanned as this is usually OS specific. More and more the threats lurk in cross-platform objects (HTML, PDF, Java to name a few) and are of course detected even if they don't "match" the OS. 

    And if it is detected - why shouldn't Sophos alert you as you might otherwise unwittingly pass it on (please see also Aarons post and blog).

    Christian

    :1000137
  • 0

    Yes, you're right, I've found out that this virus was "Designed for Windows" only.

    :1000189
  • 0

    My first experience with Sophos antivirus.
    First, it scanned all my files (not like ClamXav or iAntiVirus). Second, it found (the other programs did not) three Torjans and two spyware/malware "things". I can't call them programs because they are listed as documents. The interesting thing is that they all resided in a Java 6.0 cache folder (subfolders 28 and 31) in the user/library/caches. This Java update was recently installed through software update on an Intel MacBook Pro running 10.6.4. The program had a rather counter-intuitive way to get rid of these cache files. The next scan did not detect any "threats". True, they are all listed as Windows Trojans/malware. But still, does Java really install malware or is it just something that Sophos engine took for such?

    :1000243
  • 0

    Hello ljubimov,

    a user's Cache folders contain Java "stuff" which has been downloaded and (normally) executed - could have been a simple applet on a webpage or a more complex application. Most of the time the files come "in pairs" - same name one with extension .idx the other (which is an archive) without. It's not Java installing malware (i.e. the distribution itself is clean) but as Java is used to (download and) run applications it's no surprise that some of them are malicious. Often they are still targeted at specific platforms (as the ones you had) but the threat is real.

    The program had a rather counter-intuitive way to get rid of these cache files.

    Could you be more specific? What did you expect, what was your experience and how can it be improved?

    Christian

    :1000271
  • 0

    I have no idea how "clean up manually" the 26 viruses suspected. I don't understand what set up a custom scan means ho how to do it.

    :1001409
  • 0

    I am on a MacBook and have just downloaded Sophos because I started getting random new windows popping you while I'm working on the computer, showing male-on-male porn and quite heavy S&M sites. This just started this morning, suddenly.

    I downloaded Sophos and the 9 problems Sophos has detected all need to cleaned up manually. I have followed links to the Help page and followed instructions, as I understood them, to copy and paste the Filenames into the from the Quarantine Manager window into the window that allows me to create a 'custom scan'. The final instructions you provide are to change the Options dropdown to "Delete threat", then click Done and then "Run scan". Done the first two. But how do I run the Custom scan? Only thing I could see that might do that was to click the arrow icon in the"Scan local drives" box at the top. And all that did was again scan the local drives. The arrow icons next to each of the custom-scan items are not clickable. What am I doing wrong, please? Thanks

    :1002723
  • 0

    Hello millman282 ,

    to copy and paste the Filenames into the from the Quarantine Manager window into the window that allows me to create a 'custom scan'

    If the arrow is not clickable then Scan items is empty. I'm not aware that you can copy the pathnames to either the Custom scans pane or to Scan items in an already defined scan. merril444 wrote a much acclaimed step-by-step guide. Please note that you don't have to specify the exact path to each item, like in the post selecting Caches will scan everything under Caches and remove all threats contained therein.

    HTH

    Christian

    :1002729