Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 2872 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to remove osx/fakeav-dpu

MarkMacFadyen

Hello,

I just started using Sophos and like the product. It found a number of viruses on my computer, including:

OSX/FakeAV-DPU

Mal/VB-JM

W32/Hostinf-A

I tried having them automatically deleted upon detection, but this was not possible. I tried to manually clean with a custom scan, but this also failed. The action available is now "clean up manually", but I'm not sure how to do this. I tried searching for the filename specified to delete it, but my search doesn't turn anything up, even when I specify to also search for hidden files. Any help is greatly appreciated. I have made sure the drive has read/write access to all users.

Best Wishes,

Mark MacFadyen

Nova Scotia, Canada

:1002995


This thread was automatically locked due to age.
Parents
  • 0

    Check your Applications folder -- is there anything odd in there?

    MacProtector.mpkg is an installer package that contains an installer archive named archive.pax.gz -- and THIS contains the malware.  On some variants, the Fake AV software does a drive-by download that will automatically install the software into your Applications folder and delete the installer if you're logged in using an administrator account.  If you're logged in as a user only, it will prompt you for your admin password before this can take place.

    If you can't see anything in your downloads or applications folder, check the scan log to see where the malware was detected.  If it's not there anymore, you're likely fine.

    Then again, MacProtector/MacDefender is pretty blatant about when it exists, as it's sole purpose is to get you to enter your personal information to purchase a license for this fake AV software.

    :1009770
Reply
  • 0

    Check your Applications folder -- is there anything odd in there?

    MacProtector.mpkg is an installer package that contains an installer archive named archive.pax.gz -- and THIS contains the malware.  On some variants, the Fake AV software does a drive-by download that will automatically install the software into your Applications folder and delete the installer if you're logged in using an administrator account.  If you're logged in as a user only, it will prompt you for your admin password before this can take place.

    If you can't see anything in your downloads or applications folder, check the scan log to see where the malware was detected.  If it's not there anymore, you're likely fine.

    Then again, MacProtector/MacDefender is pretty blatant about when it exists, as it's sole purpose is to get you to enter your personal information to purchase a license for this fake AV software.

    :1009770
Children
No Data