Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2936 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removing Infected Files

Altren

Hi there,

Sophos has quarantined two items.  I can not delete or remove them and I would like to do so.  I can not find any real information on them.  Any ideas how I can permanently get rid of them?  The scan history was as follows:-

 "c:\windows\temp\sophos_autoupdate1.dir\1311853255\programfiles\sophos\sophosanti-virus\tamperprotectionmanagement.dll' infected with Mal/FakeAV-CN

and

 "c:\windows\temp\sophos_autoupdate1.dir\1311853255\classfilterdrivers\iA64\sdcfileter.sys" has been identified as suspicious Sus/UnkPack-C

Cheers

:17369


This thread was automatically locked due to age.
  • 0

    Hello Altren,

    zeroth - you should try to copy/paste from the anti-virus log (SAV.txt) instead of retyping the messages (at least it looks like you have done so).

    First of all please check the A-V log (SAV.txt) for other alerts and actions performed. As sophos_autoupdate1.dir is used by AutoUpdate (only) there shouldn't be any infected files inside it. False positives are very very unlikely with the files in there and alerts could indicate a PE infector or something similar.

    As you didn't mention SEC - are you on of your site's Sophos administrators? If not, you should contact them.

    Christian 

    :17373
  • 0

    Thank you.

    Below is the log.  Everytime I run the scan these two pop up.  Basically all I'm really after is confirmation that all is ok as I have had troubles previously.  Just want to confirm it is still not infected and why I cant delete the Mal/FakeAV-CN.  I have run AntiMalware software but comes up with nothing so I'm just uncertain.

    Many thanks.

    Tim

    ****************** Sophos Anti-Virus Log - 4/10/2011 10:02:51 AM **************

        ...
    20111003 094502 Virus/spyware 'Mal/FakeAV-CN' has been detected in "C:\Windows\Temp\sophos_autoupdate1.dir\1311853255\program files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll".
    20111003 094513 File "C:\Windows\Temp\sophos_autoupdate1.dir\1311853255\ClassFilterDrivers\iA64\sdcfilter.sys" has been identified as suspicious file of type 'Sus/UnkPack-C'.
      If you are unsure whether the file can be authorized, please send a sample to Sophos.
        ...
          (3 items)

    :17435
  • 0

    Hello Tim,

    so this directory exists with those files (and others) in it and you do a right-click scan and then get the alerts? Is Sophos updating properly (I'd expect it to fail)? What happens if you request Update now?

    Christian

    :17437