Disinfecting macro viruses
1. Using Enterprise Console2. Sophos Anti-Virus for Windows, version 7
3. Macintosh OS X computers
4. NetWare computers
5. DOS computers (and in DOS mode in Windows 95/98/Me)
6. Linux computers
7. UNIX computers
8. OpenVMS computers
1. Using Enterprise Console
You can disinfect macro viruses over a network using Enterprise Console.
2. Sophos Anti-Virus for Windows, version 7
To disinfect macro viruses:
- Close down all programs.
- Go to Start|Programs|Sophos|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program.
- In the 'Available scans' list, select the scan for which you want to enable removal, or use 'Setup a new scan' to scan your local disks. (Do not select a scheduled scan, as you will not be able to run this manually.)
- Click Edit|Configure this Scan.
- Select the Cleanup tab and select 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.
- Click 'Save and Start' to save the scan, and run it immediately.
- At the end of the scan, click the link in 'Items passed to Quarantine' to open Quarantine manager.
- Select any items needing disinfection.
- From the 'Perform action' dropdown, select 'Cleanup'.
- Select 'Yes' or 'Yes to all' to disinfect files.
- Run another scan to ensure that the virus has been removed.
- Click Edit|Configure this Scan.
- Select the Cleanup tab and deselect 'Automatically clean up items that contain virus/spyware'. Click Apply|OK
3. Macintosh OS X computers
To disinfect macro viruses:
- Close down all programs.
- Run the Sophos Anti-Virus program.
- Go to 'Sophos Anti-Virus preferences'.
- Choose 'Disinfection' from the 'Immediate Mode' menu.
- Select 'Enable Disinfection'.
- Close 'Sophos Anti-Virus preferences'.
- Click the green 'Play' arrow button.
- Click 'OK' when asked if files should be disinfected.
- Run another scan to ensure that the virus has been removed.
- Go back to 'Disinfection' and deselect 'Enable Disinfection'.
4. NetWare computers
To disinfect macro viruses:
- Open the Sophos Anti-Virus for NetWare user interface.
- At the 'Main menu' select 'Immediate Mode' then 'Configuration'.
- In the 'Macro viruses' option select 'Disinfect'. In the 'Removal mode' option select 'No action'.
- Return to 'Immediate mode' and select 'Start'.
- Run repeated scans until no further viruses are reported.
- Go back to 'Immediate Mode', 'Configuration' and restore your previous options.
5. DOS computers (and in DOS mode in Windows 95/98/Me)
- At the DOS command prompt change to the directory where Sophos Anti-Virus is installed.
- Type the command
SWEEP *: -DID - Run another scan to ensure that the virus has been removed.
At the Windows NT/2000/XP/2003 command prompt you must specify the drive you are scanning, e.g. SWEEP C: -DID.
6. Linux computers
Files on your Linux server infected with macro viruses can usually be disinfected by running SWEEP with the -di command line option.
savscan -diRun another scan to ensure that the virus has been removed.
7. UNIX computers
Files on your UNIX server infected with macro viruses can usually be disinfected by running SWEEP with the -di command line option.
sweep -diRun another scan to ensure that the virus has been removed.
8 OpenVMS computers
- Run VSWEEP from DCL using the command line qualifier '/DI'.
- Run a second scan to ensure that any virus has been removed. You should get the message 'No viruses found'.
If a virus fragment is reported in a file please send us a sample for analysis. It could be a corrupted virus or a new variant. An exact match is needed for disinfection.
