This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem after infection withTrojan Dridex-AD and Agent-APAH

In a moment of poor concentration last Friday, I foolishly clicked on an email link, which seems to have installed a couple of Trojans called Dridex-AD and Agent-APAH. Both these were put into quarantine by Endpoint Protection when I updated the software this morning, so I clicked on clean-up to get rid of them. The quarantine management screen now shows nothing in quarantine, and yet the little toolbar icon keeps telling me their is a threat detected for Agent-APAH. I follow the quarantine link, but still nothing in quarantine. The Trojans have stopped IE and Google Chrome from running, except when I follow the link on the Endpoint protection program, that takes me to the Sophos web page, Internet Explorer opens and works fine. When I try to load Internet Explorer from my usual link, it says Internet Explorer has stopped working, then it tries to find out why, then it closes down. All very odd. Can anyone help?

This thread was automatically locked due to age.

0 QC over 9 years ago

Hello LisaPenton,

do the icon alerts appear at regular intervals (say, 5 minutes)? Please check the AV and HIPS log for periodic detections followed by cleaned up. This would indicate that "something" is still running. I've seen this with recent "campaigns" and apparently cleanup of the initial threat can't get rid of this scheduled thingy unless you reboot. If the problem persists contact your company's/university's IT (unless you are your site's Sophos Administrator in which case please say so).

Christian
Cancel
Vote Up 0 Vote Down

Cancel