Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 6437 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Badsrc-M, quarantine manager and clear from list

Dereck

Hi

This is the first time I´ve encountered a malware with my Mac.

While surfing with Firefox Sophos announced that it had detected Troj/Badsrc-M in Firefox cache file and moved it to quarantine.

I opened Quarantine manager and clicked Troj/Badsrc-M and then Clean up threat. Threat was cleaned. But after few seconds Sophos warned again about the threat and took it to Quarantine. I went to Quarantine manager but  I mistakenly clicked Clear from the list instead of Clean up threat.

My questions are:

1. Does it mean that when I mistakenly clicked Clear from the list instead of Clean up threat Sophos doesn´t detect Troj/Badsrc-M anymore? Will Scan local drives find Troj/Badsrc-M?

2. I understand that the found malware is for Windows (http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Badsrc-M.aspx), so it doesn´t affect Mac and there is nothing to worry about? Am I right?

:1006241


This thread was automatically locked due to age.
Parents
  • 0

    Hello Dereck,

    items in the cache might be re-downloaded when the browser is still open (v.v. they could be deleted before you take action and might disappear).

    Although the term is "moved" items are not actually moved to a quarantine location but stay where they are (unless you configured move upon detection - this is admittedly a little bit confusing). Anyway clearing an item from the list does not affect subsequent detection if the very item, further copies of it or threats of this type - you just can't act upon it using QM until it is again touched and detected. Of course both on-access and on-demand scans will detect it again - clearing from the QM list is in no way an exclusion.

    The Affected Operating Systems should IMO be taken with a grain of salt - Sophos correct me if I'm wrong - as the code is often an intermediary downloading additional stuff which has been found to target only a specific OS and this behaviour could change. Anyway, as it is detected and blocked you are protected as long as on-access is active. Keep in mind that the threat has usually to be loaded by a browser as part of a web page and most of the time can't run "by itself". 

    Christian 

     

    :1006249
Reply
  • 0

    Hello Dereck,

    items in the cache might be re-downloaded when the browser is still open (v.v. they could be deleted before you take action and might disappear).

    Although the term is "moved" items are not actually moved to a quarantine location but stay where they are (unless you configured move upon detection - this is admittedly a little bit confusing). Anyway clearing an item from the list does not affect subsequent detection if the very item, further copies of it or threats of this type - you just can't act upon it using QM until it is again touched and detected. Of course both on-access and on-demand scans will detect it again - clearing from the QM list is in no way an exclusion.

    The Affected Operating Systems should IMO be taken with a grain of salt - Sophos correct me if I'm wrong - as the code is often an intermediary downloading additional stuff which has been found to target only a specific OS and this behaviour could change. Anyway, as it is detected and blocked you are protected as long as on-access is active. Keep in mind that the threat has usually to be loaded by a browser as part of a web page and most of the time can't run "by itself". 

    Christian 

     

    :1006249
Children
No Data