Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't clean up Mal/Phish-A

Randolph
Sophos Anti-Virus is reporting the Mal/Phish-A threat on my Mac, but when I try to clean it up, or even to locate it, no location is given, and cleanup always fails. Any ideas? Sophos Anti-Virus for Macintosh Version 7.3.8 Threat detection engine: 3.28.1 Threat data: 4.74 Release date: February 6, 2012 Protects against 3316504 threats
:21681


This thread was automatically locked due to age.
  • 0
    Hello Randolph,

    guess you are running the Home Edition which has its own forum. Even if not you'll probably find some helpful information there: http://openforum.sophos.com/t5/forums/searchpage/tab/message?q=Mal%2Fphish-a#message-list

    Christian
    :21685
  • 0

    Actually, I'm a corporate user, and I've already looked at those comments. Problem is, with Sophos not identifying the location of the infected files, I can't do anything about the problem.

    :21689
  • 0

    Digging into the Sophos log, I find the following:

    com.sophos.intercheck: Encrypted file: /Registration List.xlsx
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: /MRJPlugin.jar
com.sophos.intercheck: Corrupt file: /MRJPlugin.jar
com.sophos.intercheck: Encrypted file: /Registration List.xlsx
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Encrypted file: /Registration List.xlsx
com.sophos.intercheck: Corrupt file: 
com.sophos.intercheck: Corrupt file: /MRJPlugin.jar

     The MRJPlugins are archived from 2002 and 2003 and no longer used--I don't think they're a threat. Besides, I've been running Sophos AV for over a year, and I've never had a whisper of a problem. Why now?

    Any advice on finding the problematic files and removing them would be helpful, as would an explanation of the Mal/Phish-A threat.

    :21691
  • 0

    I once got an alert in the quarantine manager and after some digging it turned out to be an spam email (in the spam folder) of Mac Mail.  It kept coming back when I accessed the email.

    You should clear the alert and rescan - no point spending a lot of time looking for something that isn't there.

    If the alert comes back and you cannot see the source I'd run the SDU log gathering tool (Mac version) on your computer and raise a ticket with Support.

    SDU: Sophos Diagnostic Utility (SDU): how to download and install

    Raise a ticket (ensure you include the SDU output): Support query form

    :21715