Jump to content

sophos central detected ransomware


Hec
 Share

Recommended Posts

recently i have been trying to resolve issues with malwarebytes 3 the problem has gotten worse as i can no longer turn on web or exploit protection web protection is stuck in starting and exploit protection is outright disabled i cant turn it on i run malwarebytes premium, sophos endpoint/intercept x, and comodo firewall i checked my email and had an alert from sophos central saying:

This email alert was generated by Sophos Central. Do not reply to this email.

Sophos Central

 

Sophos Central Event Details for srgsrgsfd

What happened: We detected ransomware trying to encrypt files.

Where it happened: DESKTOP-V0AEIFA

User associated with device: DESKTOP-V0AEIFA\Hectorivanxbox

How severe it is: High

What Sophos has done so far: We have blocked the ransomware’s file-system access. If the computer is a Windows workstation, we clean up the ransomware automatically. If it’s a Windows server or Mac, you need to clean up manually.

What you need to do:

  • For Windows computers:
    1. If you still need to clean up: Move the computer temporarily to a network where it is not a risk to other computers. Go to the computer and run Sophos Clean (available in the Sophos directory).
    2. If automatic sample submission isn't enabled, send us a sample of the ransomware. We'll classify it and update our rules: if it's malicious, Sophos Central will block it in future.
    3. Go to Sophos Central, go to Alerts, and mark the alert as resolved.

  • For Macs:
    1. Move the computer temporarily to a network where it is not a risk to other computers. Go to the computer, look in the Quarantine Manager to locate the detected ransomware, and then remove it manually.
    2. Go to Sophos Central, go to Alerts, and mark the alert as resolved.

So i look through my files i see nothing encrypted the sophos virus removal tool no longer works i re installed it i ran a scan with hitman pro mbam comodo firewall and sophos nothing found, i did see several taskbar icons no longer appeared they just looked like a blank page a few seconds later im able to turn web protection on the protection events list an ip just 0.0.00 ect.. the second protection event lists utorrent's website everything seems fine now but i want to be sure nothing bad happens.

Link to post
Share on other sites

  • Root Admin

Hello @Hec

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.