Feed
 

Trojan Horse / viruses

Avatar David Chaplin
I have been alerted by my Sophos software that it has detected the following threat :- "Troj/DocD/-cu". It now sits in quarantine; I have tried to "clean" but appears unsuccessful by Quarantine Manager.

I have Googled it but no information is forthcoming. I am completing a full scan via Sophos (still in hand) but am wondering if this is one of those guises to persuade you to purchase a version of Sophos instead of the freebie or a real Trojan.

Anyone experienced this issue?

David Chaplin

Re: Trojan Horse / viruses

Avatar Mick Burrell
My guess would be a Windows Trojan. See this:

Sophos Link

Or this where they specifically say that it's Windows that's affected (although I can't see a direct reference to the Trojan you give - this came up on my Google search)

Another Sophos Link

Re: Trojan Horse / viruses

Avatar David Chaplin
Afternoon MIck,

Many thanks for your reply & have tried both of the Sophos links with no success; as you suspected this appears to be a Windows threat & I couldn't open the Virus Tool Remover anyway. However, I did note there was was slight difference in the Trojan reference you found - yours ended in "-co" whereas I recorded ending in "-cu".

The Sophos scan I had been conducting (not completed after about 12 hours) appeared to seize, so I closed down the iMac & restarted to find there is now no trace of this Trojan reference number, only the window in Scan Manager stating "i threat had been identified" but no further information is forthcoming.

Perhaps I should just forget it and get on with all things Christmas! The iMac working OK.

Thanks again, & Happy Christmas to you. David.

Re: Trojan Horse / viruses

Avatar Euan Williams
Hi David. The Sophos Virus remover tool only operates under MS Windows (Sophos state this clearly). Threat removal under OS X is done within the Quarantine manager.

Very basically put, AV software "recognises" the signature of a particular malware and then refers to its database of what snippets of code to remove. This is a very fast-reaction industry and databases are constantly being revised. Malware coders try to alter their code so that, at least for a brief while, the code is out in the wild and unrecognised. Wikipaedia offers more information.
 
Feed