How to remove trojans, worms, viruses, and other malware with Sophos Anti-Virus

ID dell'articolo: 112129

Aggiornato: 19 dic 2011

The Sophos Malware Remediation Tool (SMaRT) provides a detailed step-through process for cleaning up malware infections on Windows 2000 and above. Details in the knowledgebase article 116418.

Note: the Security analyses pages provide detailed and specific information about malware and threats of all types.

1. Using the Console to remove malware

For details of how to remove malware over a network using Enterprise Console, Enterprise Manager, or Sophos Control Center, refer to your Console Help manual or on-line help.

2. Windows 2000+ with Sophos Anti-Virus version 9.x

To remove malware on the affected computer:

Go to Start | Programs | Sophos | Sophos Endpoint Security and Control and run the 'Sophos Endpoint Security and Control' program.
Click on 'Manage quarantine items'.
In the Quarantine Manager, click the 'Available actions' column header to sort the list of threats according to the action available.
For the following results in the Actions column:
1. Clean up
  - Select the items displaying this option and then click 'Perform action | Clean up'
2. Full scan required
  - Click on 'Home' and then 'Scan my Computer' to initiate a scan
  - Once the scan has complete, return to the Quarantine Manager and then clean up the detected items as per the results shown in the Actions column.
3. Partially removed. Reboot required to complete the cleanup
  - Select these items and then click 'Clear from List'
  - Click on 'Home' and then 'Scan my Computer' to initiate a scan
  - Once the scan has complete, return to the Quarantine Manager to deal with any remaining items.
  - If this appears a second time for the same items, please contact your IT administrator
4. Insufficient rights, please contact your administrator
  - Please contact your IT administrator to assist with cleanup
5. Delete, Move, Authorize
  - If you are shown these results, please check the type of detection and continue as appropriate
    - Detected as Sus or a suspicious item:
      Sophos Anti-Virus: managing the detection of suspicious files and behavior
    - Detected as HIPS
      Sophos Anti-Virus for Windows 2000+: deciding whether to allow or block a file
    - Detected as a Buffer Overflow
      Sophos Anti-Virus for Windows 2000+: deciding whether to allow or block a file
    - Detected as apart of Application Control
      Deciding which applications to authorize with Application Control
    - Any other detections, please contact your IT administrator
If you have cleaned up all of the items, but are finding that they are returning to your computer, please contact your IT administrator

3. Windows 95/98

Go to Start|Programs|Sophos Anti-Virus and run the Sophos Anti-Virus program.
Select the Immediate tab.
Go to Options|Configuration. Select the 'Disinfection' or the 'Action' tab, (according to what is displayed in your window) select 'Infected files', select 'Delete' then click 'OK'.
Click the green 'scan' arrow, or the 'GO' button (as appropriate) to run the scan.
Delete the files. Run another scan to check it has gone.
Go back to Options|Configuration. Select the 'Disinfection' or the 'Action' tab, then deselect 'Infected files' and 'Delete'. Click 'OK'.
Reboot and run a final scan to be certain it has gone.

4. Mac OS X computers

Open the Quarantine Manager.
Click the Action Available column heading to sort the list of threats according to the action available.
Select all the threats for which the action available is Clean up.
Click Clean Up Threat.
Note, You must authenticate by clicking the lock icon at the bottom of the Quarantine Manager window.
Any threats that are cleaned up are cleared from the list.
Click the Action Available column heading again to sort the list of threats.
If there are any threats for which the action available is Restart, restart your Mac to complete the cleanup.
Click the Action Available column heading again to sort the list of threats.
If there are any threats for which the action available is Scan local drives, run 'Scan local drives'.
Click the Action Available column heading again to sort the list of threats.
If there are any threats for which the action available is Clean up, go back to step 3.
If there are any threats for which the action available is 'Clean up manually', create a custom scan.
Select the areas where the remaining threats reside and add these to the Scan Items.
In the Options tab, select 'Delete threat' from the drop down menu.
Click Done.
Run the scan.

5. NetWare

Note: This will delete any documents infected with macro viruses. Deal with them first.

Run a scan to locate all malware files.
Select 'Delete' in the Removal mode option of the Immediate Mode menu.
Delete the malware files.

6. Linux

Use savscan with the -remove option
savscan -remove
Run a scan to check that malware infected files were deleted.

7. UNIX

Use SWEEP with the -remove option
sweep -remove
Run a scan to check that malware infected files were deleted.

8. OpenVMS

Delete the malware files by running VSWEEP from DCL using the command line qualifier '/REMOVEF'.
Note: '/REMOVEF' does not prompt for confirmation before deletion and should be used with caution.

For details on the use of these command line qualifiers and sample batch files using them, see the Sophos Anti-Virus for OpenVMS user manual.

Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Come avete valutato questo articolo?

Vi ha aiutato a risolvere il problema?

TrueFalse

Commenti

Aiutateci a migliorare questo articolo