Sophos Anti-Virus for Mac Home Edition

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
MAOTY
Occasional Visitor
MAOTY
Posts: 2
Registered: ‎05-17-2011
0

Trojan in Swapfile???

Options

‎05-17-2011 10:14 AM

Last night I had this unexpected popup from Sophos indicating I had been hit by a Trojan and I should check the quarantine log. The quarantine log is empty. So I pulled up preferences and checked the Sophos log and found com.sophos.intercheck: 2011-05-16 20:05:55 -0400 Threat: 'Troj/Iframe-CG' detected in /private/var/vm/swapfile1 com.sophos.intercheck: Access to the file denied Umm, ok, how the heck did I get a trojan in a pagefile? The only way this makes sense is if I managed to load a page with this in it and it was pushed to VM but never to the disk. I'm also confused because I have the on-access scanner turned on. I guess option b is this is a false positive.
Report Inappropriate Content
Message 1 of 3 (589 Views)
 
Reply
MAOTY
Occasional Visitor
MAOTY
Posts: 2
Registered: ‎05-17-2011
0

Re: Trojan in Swapfile???

Options

‎05-20-2011 06:54 AM

Just trying to get this churned up again - I am trying to understand how this happens because it is a little alarming.

Report Inappropriate Content
Message 2 of 3 (509 Views)
 
Reply
LordGroundhog
Occasional Visitor
LordGroundhog
Posts: 1
Registered: ‎11-03-2010
0

Re: Trojan in Swapfile???

Options

‎06-04-2011 01:28 PM

I've just had this problem.  First some basics, I'm running OSX 10.5.8 on my 2007 MacBook, and my Sophos AV updates hourly.  

 

This afternoon as I accessed a web page, AV notified me of a threat in the cache, a threat called 'Mal/Iframe-V'.  Naturally I shut that page down, then I clicked my way through the clean-up sequence.  When it was done and the threat listing was removed from the Quarantine Manager, there was no pop-up window to tell me what had happened, so I looked at the log, and to my surprise I saw:  

 

"com.sophos.intercheck:         2011-06-04 14:28:40 +0100 Threat:    'Mal/Iframe-V' detected in /[my browser's cache folder]

 -- followed by -- 

com.sophos.intercheck:          Access to the file denied"

 

So my question is, does this mean that AV was unable to deal with this threat?  If it didn't access the file, how is it supposed to eliminate it?  What else do I have to do to get rid of this?  

Shalom
Lord Groundhog
Report Inappropriate Content
Message 3 of 3 (374 Views)
 
Reply