Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 7485 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to remove a virus & Adware from machine

soumyajobali

Unable to remove a virus & Adware from machine.

There is virus and path details in Sophos endpoint console but when we login to the machine. we are unable to find the file.

Even after clearing the quarantine. Machine appears as a adware &Virus infected.

Please suggest.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Soumya,

    Can you please provide some more details.

    What is the name of the detection?

    What is the file name and file path that is being shown in the console?

    Thanks

  • 0 in reply to PeterM

    Please find details

    Adware alert
    C:\Windows\System32\Drivers\{e5189cab-3112-4bd9-9e32-85524e9e9322}Gw64.sys
    C:\Windows\System32\Drivers\{1f7001b5-3138-49aa-af1b-2761ce2486a5}Gw64.sys

    Scanning Errors: Adware or PUA 'Browse Fox' was not removed because of errors. [0xa0250012]


    Virusalert: C:\Users\..\Appdata\local\mbot_no_014010250\Download\wizzupdater.exe

  • 0 in reply to soumyajobali

    Hi Soumya,

    If you have checked those locations and the files are no longer there I suggest acknowledging the alerts in the console and any in the local quarantine and then run a scan of that machine again. It is possible the Adware has already been removed which is why there are now errors trying to remove it. After the scan completes if the detection's are still being reported attempt to use the cleanup option, you may need to reboot in order for this to work.

    Note: make sure you have hidden files visible.

    As 'Browse Fox' is a bit of adware which you can read about here: https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Browse%20Fox.aspx you might be able to go to your Control Panel > Programs and Features, and uninstall it.

    Can you confirm exactly what the wizzupdater.exe is getting detected as?

Reply
  • 0 in reply to soumyajobali

    Hi Soumya,

    If you have checked those locations and the files are no longer there I suggest acknowledging the alerts in the console and any in the local quarantine and then run a scan of that machine again. It is possible the Adware has already been removed which is why there are now errors trying to remove it. After the scan completes if the detection's are still being reported attempt to use the cleanup option, you may need to reboot in order for this to work.

    Note: make sure you have hidden files visible.

    As 'Browse Fox' is a bit of adware which you can read about here: https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Browse%20Fox.aspx you might be able to go to your Control Panel > Programs and Features, and uninstall it.

    Can you confirm exactly what the wizzupdater.exe is getting detected as?

Children
No Data