This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan in Swapfile???

Last night I had this unexpected popup from Sophos indicating I had been hit by a Trojan and I should check the quarantine log. The quarantine log is empty. So I pulled up preferences and checked the Sophos log and found com.sophos.intercheck: 2011-05-16 20:05:55 -0400 Threat: 'Troj/Iframe-CG' detected in /private/var/vm/swapfile1 com.sophos.intercheck: Access to the file denied Umm, ok, how the heck did I get a trojan in a pagefile? The only way this makes sense is if I managed to load a page with this in it and it was pushed to VM but never to the disk. I'm also confused because I have the on-access scanner turned on. I guess option b is this is a false positive.

This thread was automatically locked due to age.

0 MAOTY over 14 years ago

Just trying to get this churned up again - I am trying to understand how this happens because it is a little alarming.
:1002761
Cancel
Vote Up 0 Vote Down

Cancel
0 LordGroundhog over 14 years ago

I've just had this problem. First some basics, I'm running OSX 10.5.8 on my 2007 MacBook, and my Sophos AV updates hourly.
This afternoon as I accessed a web page, AV notified me of a threat in the cache, a threat called 'Mal/Iframe-V'. Naturally I shut that page down, then I clicked my way through the clean-up sequence. When it was done and the threat listing was removed from the Quarantine Manager, there was no pop-up window to tell me what had happened, so I looked at the log, and to my surprise I saw:
"com.sophos.intercheck: 2011-06-04 14:28:40 +0100 Threat: 'Mal/Iframe-V' detected in /[my browser's cache folder]
-- followed by --
com.sophos.intercheck: Access to the file denied "
So my question is, does this mean that AV was unable to deal with this threat? If it didn't access the file, how is it supposed to eliminate it? What else do I have to do to get rid of this?
:1002943
Cancel
Vote Up 0 Vote Down

Cancel