Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 2206 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

difficulty in manually removing virus

emol

sophos detected this threat today: Mal/frame-AA - i am supposed to manually remove it but when I open the quarantine manager and attempt to manually remove it, the option 'clean up threat' stays grey - can anyone advise? should i go to the virus, whose location is identified by quarantine manager and just delete it? will that work? thanks in anticipation - i have an apple macbook, osx 10.6.8.

best regards

Ed Moloney

:1003905


This thread was automatically locked due to age.
  • 0

    Mal/Iframe-AA detects malicious javascript added into existing javascript sections on webservers.  As such, you are most likely detecting this in your browser cache, unless your computer is also a compromised web server.  The best solution is just to clear your browser cache and watch the quarantine item vanish.  If it doesn't, then removing by hand should work just fine -- but if you ARE running a compromised web server, you should remove the malicious code from your web pages and then patch against the exploit that was used to drop it there in the first place.  This will require auditing your server logs.

    :1003911
  • 0

    DIFFICULTY IN MANUALLY REMOVING VIRUS:    I have an apple mac and after few hours scanning the local drives with sophos a threat was detected Mal/ChepVil-A         Named UPS_Document.exe... I tried to clean it up from quarantine manager but it wouldn't and said had to be done manually by clicking on Action tab in browser. Sadly there wasn't an action tab so i need some help in order to manually remove this threat from my computer. Any help woold be most welcome. Many thanks Simon Robinson.

    :1003917
  • 0
    simonjr4 wrote:

    DIFFICULTY IN MANUALLY REMOVING VIRUS:    I have an apple mac and after few hours scanning the local drives with sophos a threat was detected Mal/ChepVil-A         Named UPS_Document.exe... I tried to clean it up from quarantine manager but it wouldn't and said had to be done manually by clicking on Action tab in browser. Sadly there wasn't an action tab so i need some help in order to manually remove this threat from my computer. Any help woold be most welcome. Many thanks Simon Robinson.

    That's a Windows Bredo bot mass-mail malware; as such, all you have to do is delete the email in your inbox/spam folder referring to your UPS invoice that has that executable attached.  No further cleanup needed.  This will not infect a Mac.

    :1003919
  • 0

    Many thanks to Andrew. Your reply was very helpful and reassuring. Regards Simon.

    :1003925
  • 0

    where is the action tab?? 

    :1004681
  • 0

    I think he meant in the Sophos Anti-Virus program, not the browser.

    I also think he was talking about the Options tab accessed by editing a manual scan or selecting On-access Scanning from the Preferences dialog.  The action is selected via the select list positioned beside the text "When a threat is found:".

    I could be wrong, however.

    :1004683