Free Tools

Discussions Path empty - cleaning fails

Free Tools requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 7 replies
Subscribers 6 subscribers
Views 2597 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Path empty - cleaning fails

alainp over 13 years ago

On the quarantain window, I get an empty path for an infected file. Even after I authenticate as admin. (see http://dl.dropbox.com/u/323146/sophos.jpg )

I try to access the journal, but the menu is grayed....

Cleaning the menace fails : the window hangs...

This menace shows up every day and I don't know how to get rid of it... please help.

This thread was automatically locked due to age.

Parents

0 Agile over 13 years ago

This doesn't really address your issue, but it provides some context:
JS/Sinowal-V is a malicious javascript embedded in web pages, and is commonly found on fraud/phishing pages and SEO poison pages. It attempts to load malware onto your computer via a hidden iFrame injected via the script into the web page, that points to the actual malicious site.
The place where I've seen the behaviour you're experiencing is when Safari caches the malicious file, on-access detects it, safari clears it from the cache, and then re-loads it. The detection now still exists, but the original path name of the first cache file no longer points to a file on the system. The back end SHOULD still list the new path, but I too have seen instances where it is blank instead.
Hopefully this is enough of a bug description for the developer folk to track down; I suspect that it's still not enough to recreate the issue however.
On the plus side, purging your web cache should clear all copies of this malware. If the item still exists in Quarantine after that, please remove it from the list and then run a custom scan over your ~/Library/Caches folder.
:1005123
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Agile over 13 years ago

This doesn't really address your issue, but it provides some context:
JS/Sinowal-V is a malicious javascript embedded in web pages, and is commonly found on fraud/phishing pages and SEO poison pages. It attempts to load malware onto your computer via a hidden iFrame injected via the script into the web page, that points to the actual malicious site.
The place where I've seen the behaviour you're experiencing is when Safari caches the malicious file, on-access detects it, safari clears it from the cache, and then re-loads it. The detection now still exists, but the original path name of the first cache file no longer points to a file on the system. The back end SHOULD still list the new path, but I too have seen instances where it is blank instead.
Hopefully this is enough of a bug description for the developer folk to track down; I suspect that it's still not enough to recreate the issue however.
On the plus side, purging your web cache should clear all copies of this malware. If the item still exists in Quarantine after that, please remove it from the list and then run a custom scan over your ~/Library/Caches folder.
:1005123
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data