Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2938 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removing Infected Files

Altren

Hi there,

Sophos has quarantined two items.  I can not delete or remove them and I would like to do so.  I can not find any real information on them.  Any ideas how I can permanently get rid of them?  The scan history was as follows:-

 "c:\windows\temp\sophos_autoupdate1.dir\1311853255\programfiles\sophos\sophosanti-virus\tamperprotectionmanagement.dll' infected with Mal/FakeAV-CN

and

 "c:\windows\temp\sophos_autoupdate1.dir\1311853255\classfilterdrivers\iA64\sdcfileter.sys" has been identified as suspicious Sus/UnkPack-C

Cheers

:17369


This thread was automatically locked due to age.
Parents
  • 0

    Hello Altren,

    zeroth - you should try to copy/paste from the anti-virus log (SAV.txt) instead of retyping the messages (at least it looks like you have done so).

    First of all please check the A-V log (SAV.txt) for other alerts and actions performed. As sophos_autoupdate1.dir is used by AutoUpdate (only) there shouldn't be any infected files inside it. False positives are very very unlikely with the files in there and alerts could indicate a PE infector or something similar.

    As you didn't mention SEC - are you on of your site's Sophos administrators? If not, you should contact them.

    Christian 

    :17373
Reply
  • 0

    Hello Altren,

    zeroth - you should try to copy/paste from the anti-virus log (SAV.txt) instead of retyping the messages (at least it looks like you have done so).

    First of all please check the A-V log (SAV.txt) for other alerts and actions performed. As sophos_autoupdate1.dir is used by AutoUpdate (only) there shouldn't be any infected files inside it. False positives are very very unlikely with the files in there and alerts could indicate a PE infector or something similar.

    As you didn't mention SEC - are you on of your site's Sophos administrators? If not, you should contact them.

    Christian 

    :17373
Children
No Data