This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac/FakeAv

Sophos detected "a malware threat" called Mac/FakeAV and I quickly saw in quarantine manager but then went away quckly. When I opened the log, it said that it did not have permission to access the file. Do I have the Mac/Fake AV malware? (Did a full scan that turned up nothing).

Thanks!

This thread was automatically locked due to age.

0 sag7k9 over 13 years ago

Here's what it said:
Threat: 'Mal/FakeAvCn-C' detected in /private/tmp/ffaf1072.$$$
Access to the file denied
com.sophos.intercheck:
com.sophos.intercheck: Corrupt file: /private/tmp/ffd802c3.$$$
:1005193
Cancel
Vote Up 0 Vote Down

Cancel
0 Agile over 13 years ago

"Threat: 'Mal/FakeAvCn-C' detected in /private/tmp/ffaf1072.$$$"
-- threat Mal/FakeAvCn-C was detected in a temp file. Mal is the prefix used for generic malicious detections -- they're usually Windows-only. FakeAV usually means that it's related to fake AntiVirus software. Cn implies that it's a contextual naming violation -- the sample is likely a Windows FakeAV installer that contains an install path known to be used by FakeAV.
As such, it's not something to worry about too much. If it's vanished, that's because the temporary file (it was in the tmp folder) has been purged from your system.
The bigger question is what could have been dropping such a temporary file into /private/tmp/, as most stuff goes in ~/Library/Caches/ these days....
:1005195
Cancel
Vote Up 0 Vote Down

Cancel
0 sag7k9 over 13 years ago

Great, thank you so much for the information. I did empty my Google Chrome cache from the library, but per your info that probably didn't do anything to fix the issue - I'm just glad the temp files are purged and hopefully it was a non-issue to begin with.
Thanks again!
:1005201
Cancel
Vote Up 0 Vote Down

Cancel