Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 1712 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What to do with virus's??

DJ

Hello, we are having a bit of issues with some virus's on some pcs. 
We have setup our policy as recomended by our sophos trainer so on detection of a virus sophos AV just blocks access and does not automatically delete the virus. (to allow false positives etc),

We now have around 50 pcs in the console with random virus's like below...

20/09/2010 05:03:55  Virus/spyware  Mal/Iframe-F                  C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WIFM3FC2\novelty[1].htm

and 

22/09/2010 11:00:37  Virus/spyware  Not cleanable  W32/VB-CVP                    C:\fun.xls.exe      

We need to delete these files from their machines now we have checked that they are not random false positives. Is there anyway to get sophos to delete them from the console? The only option I get is clean and acknowledge, clean fails and I dont just want to acknowledge it! . 

Hope that makes sense! 

Dave J

:5146


This thread was automatically locked due to age.
  • 0

    If cleanup fails and you don't get a corresponding (meaningful) error message in SEC check the client's anti-virus log (SAV.txt). The .htm-files, for example, might no longer exist at the time you request the cleanup. It also makes a difference whether you scan on write or not. 

    Please see also removing viruses over a network (as suggested in the analysis for W32/VB-CVP). Newer identities support the Full scan required indicator (together with the necessary cleanup actions) but I assume (just my personal assumption) that older ones with low prevalence are not updated.

    Christian

    :5148
  • 0

    This is the error I get when I try to clean the files up (the error comes up instantly so it looks like the server is not communicating with the client), ive also looked on the C:\ drive of the server and the virus is still there! 

    We are also scanning on read as was recommended by our trainer.

    Its pretty strange that there isnt just a delete file option in the console. 

    Thanks for your help

    Dave J

    :5149
  • 0

    Hello Dave,

    open the Errors tab as in this case it usually shows the reason why cleanup failed.

    Christian

    :5152
  • 0

    Just had a nosey and the error tab is completely blank :(

    When clicking clean though the meassage about being unable to clean comes up so quickly there is no way the messaging system could of sent a message round. :( 

    :5153
  • 0

    When clicking clean though the message about being unable to clean comes up so quickly ...

    Sorry that I've been that dense :smileymad: - of course no message has been sent. The items are listed as Not cleanable and therefore SEC gives you this pop up.

    Nevertheless what I said in my first reply still stands - you should run a full scan. This is necessary when a threat creates/drops other items which must also be removed or cleaned.

    Christian 

    :5159
  • 0

    i would suggest for you to scan using Sophos Bootable Anti-virus Disc

    :5160