This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HELP. Virus can only be removed "manually"?? (Troj/TDL3Mem-A)

Hey,

My university provides Sophos antivirus for all faculty and students, and it has been working great for as long as I can remember. I was recently doing a regular computer scan and quarantined "Troj/TDL3Mem-A," which is apparently a browser corrupting virus. I've been trying everything to remove and just have not been able to. Sophos keeps telling me that it can only be manually removed, which I can't figure out how to do.

Has anyone here dealt with this virus before and might know of a solution?????

Thanks so much.

This thread was automatically locked due to age.

Parents

0 A_K over 15 years ago

Hi mdporter,
Sophos also has a tool that will remove the product and is avaliable through the Technical Support team. As for where these viruses come from, trojans like this are literally all over the web on legitimate websites that have been infected so that when a machine visits the site the machine downloads and installs the Trojan straight onto the machine. Knowing the scale of the number of sites infected is a huge undertaking and something no security company can claim to know or protect against as it is very easy to infect a site and even easier to create a new site and infect it.
As for protecting yourself fully from this threat please make sure web protection is on as this will block websites that are known to contain malware and also please fully enable HIPS as this is the most complete method of avoiding the trojan from installing if you do get onto an infected website.
For more information on HIPS please view the following pages.
Sophos Anti-Virus for Windows 2000+: Host Intrusion Prevention System (HIPS) overview
http://www.sophos.com/support/knowledgebase/article/25044.html
Sophos Anti-virus for Windows 2000+: HIPS runtime behavior Frequently Asked Questions
http://www.sophos.com/support/knowledgebase/article/48765.html
Sophos Anti-Virus: managing the detection of suspicious files and behavior
http://www.sophos.com/support/knowledgebase/article/23949.html
Good article on general settings.
Anti-Virus and HIPS settings: guide to on-access settings
http://www.sophos.com/support/knowledgebase/article/63923.html
AK
:4670
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 A_K over 15 years ago

Hi mdporter,
Sophos also has a tool that will remove the product and is avaliable through the Technical Support team. As for where these viruses come from, trojans like this are literally all over the web on legitimate websites that have been infected so that when a machine visits the site the machine downloads and installs the Trojan straight onto the machine. Knowing the scale of the number of sites infected is a huge undertaking and something no security company can claim to know or protect against as it is very easy to infect a site and even easier to create a new site and infect it.
As for protecting yourself fully from this threat please make sure web protection is on as this will block websites that are known to contain malware and also please fully enable HIPS as this is the most complete method of avoiding the trojan from installing if you do get onto an infected website.
For more information on HIPS please view the following pages.
Sophos Anti-Virus for Windows 2000+: Host Intrusion Prevention System (HIPS) overview
http://www.sophos.com/support/knowledgebase/article/25044.html
Sophos Anti-virus for Windows 2000+: HIPS runtime behavior Frequently Asked Questions
http://www.sophos.com/support/knowledgebase/article/48765.html
Sophos Anti-Virus: managing the detection of suspicious files and behavior
http://www.sophos.com/support/knowledgebase/article/23949.html
Good article on general settings.
Anti-Virus and HIPS settings: guide to on-access settings
http://www.sophos.com/support/knowledgebase/article/63923.html
AK
:4670
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data