Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 6235 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

detected, but not redetected, then detected again

sotto

When i start google drive, a virus is being detected.

log says returned SAV Interface error 0xa0040210: The file could not be accessed.

and virus could not be redetected.

But when i close and restart google drive again, it is detected again...with the same result

(When i scan my google drive folder, or my complete pc, no virus is found)

What do I do? could this be a false alert?

20131017 151149    Virus/spyware 'Mal/EncPk-OJ' has been detected in "C:\Users\MyUserName\AppData\Local\Temp\tmpfznrey\FILE:0003". Cleanup unavailable.
20131017 151149    The attempt to move the infected file "C:\Users\MyUserName\AppData\Local\Temp\tmpfznrey" failed. The user does not have the rights to perform the action on the infected file.
20131017 151149    On-access scanner has denied access to location "C:\Users\MyUserName\AppData\Local\Temp\tmpfznrey" for user SERVER\MyUserName
20131017 151148    Virus/spyware 'Mal/EncPk-OJ' has been detected in "C:\users\MyUserName\appdata\local\temp\tmpfznrey\FILE:0003".
20131017 151148    On-access scanner has denied access to location "C:\users\MyUserName\appdata\local\temp\tmpfznrey" for user SERVER\MyUserName
20131017 151150    File "C:\Users\MyUserName\AppData\Local\Temp\tmpm0quxk" belongs to virus/spyware 'Mal/EncPk-MK'.
20131017 151150    On-access scanner has denied access to location "C:\Users\MyUserName\AppData\Local\Temp\tmpm0quxk" for user SERVER\MyUserName
20131017 151155    Scanning "C:\Users\MyUserName\AppData\Local\Temp\tmpm0quxk" returned SAV Interface error 0xa0040210: The file could not be accessed.
20131017 151155    Item 'Mal/EncPk-MK' could not be redetected.

:44251


This thread was automatically locked due to age.
  • 0

    Hello sotto,

    I assume (please excuse me if I'm wrong - for one thing, you are posting to the Free tools board) you are not one of your site's Sophos administrators, they should provide support to end users.

    Anyway, these EncPk detections are generic and indicate an encrypting packer with a tarnished reputation. Looks like the file is intercepted while Google Drive tries to sync it (i.e. during the write). It is likely exclusively locked so the errors are not surprising. As the file could not be written (and therefore doesn't exist in the Google Drive folder) a scan won't find it. For the same reason Google Drive will try to sync it the next time it is started - only to fail again.

    Any idea which file is it - likely it has been stored from a different device.

    Christian   

    :44253
  • 0

    Thank you, this was indeed the case.  I removed the file from the online google drive folder, problem solved. 

    :44555