Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 9419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac/FakeAv

sag7k9

Sophos detected "a malware threat" called Mac/FakeAV and I quickly saw in quarantine manager but then went away quckly.  When I opened the log, it said that it did not have permission to access the file.  Do I have the Mac/Fake AV malware? (Did a full scan that turned up nothing).

Thanks!

:1005191


This thread was automatically locked due to age.
Parents
  • 0

    "Threat: 'Mal/FakeAvCn-C' detected in /private/tmp/ffaf1072.$$$"

    -- threat Mal/FakeAvCn-C was detected in a temp file.  Mal is the prefix used for generic malicious detections -- they're usually Windows-only.  FakeAV usually means that it's related to fake AntiVirus software.  Cn implies that it's a contextual naming violation -- the sample is likely a Windows FakeAV installer that contains an install path known to be used by FakeAV.

    As such, it's not something to worry about too much.  If it's vanished, that's because the temporary file (it was in the tmp folder) has been purged from your system.

    The bigger question is what could have been dropping such a temporary file into /private/tmp/, as most stuff goes in ~/Library/Caches/ these days....

    :1005195
Reply
  • 0

    "Threat: 'Mal/FakeAvCn-C' detected in /private/tmp/ffaf1072.$$$"

    -- threat Mal/FakeAvCn-C was detected in a temp file.  Mal is the prefix used for generic malicious detections -- they're usually Windows-only.  FakeAV usually means that it's related to fake AntiVirus software.  Cn implies that it's a contextual naming violation -- the sample is likely a Windows FakeAV installer that contains an install path known to be used by FakeAV.

    As such, it's not something to worry about too much.  If it's vanished, that's because the temporary file (it was in the tmp folder) has been purged from your system.

    The bigger question is what could have been dropping such a temporary file into /private/tmp/, as most stuff goes in ~/Library/Caches/ these days....

    :1005195
Children
No Data