Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6852 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos fails to delete JavaDI-CH

quieselkopf

Hello,

I have a virus detected by Sophos for quite some time now. It's the JavaDI-CH Trojan and it's located in a \\.\GLOBALROOT\Device\...\harddiskVolumeShadowCopy\..\ folder.

However Sophos can't delete or move the file and when trying to manually accessing the file I am told that the network path was not found.

My PC is part of the universitiy network and I am not quite sure what to do here.

Any tips? 

:15613


This thread was automatically locked due to age.
  • 0

    HI Quieselkopf

    There are some previous post regarding threats in globalroot.

    Please see below links:

    /search?q= 2596
    /search?q= 5483

    Depending on what os you are running and what the configurations are, will depend on the resolution.

    Is this detected at a specific time, are you running restoration programs like deep freeze on the machine will also influence what needs to be done.

    perhaps speak tto sophos to resolve this query quickly and in one go.

    :15617
  • 0

    Hi Quieselkopf,

    It is often easy enough to identify the true location on disk

    instead of;

    \\.\GLOBALROOT\Device\...\harddiskVolumeShadowCopy\..\ folder

    it will be

    C:\folder

    Having identified the location :

    Clear from list within the Quarantine Manager for the detection.

    Do a right click scan of the folder the file is in and redetection should occur with the true file path

    Action cleanup if available

    If clean up is not available then raise a ticket with Sophos Support.

    :15639
  • 0

    thank you, this actually worked:)

    :15759