Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 1083 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojan in Swapfile???

MAOTY
Last night I had this unexpected popup from Sophos indicating I had been hit by a Trojan and I should check the quarantine log. The quarantine log is empty. So I pulled up preferences and checked the Sophos log and found com.sophos.intercheck: 2011-05-16 20:05:55 -0400 Threat: 'Troj/Iframe-CG' detected in /private/var/vm/swapfile1 com.sophos.intercheck: Access to the file denied Umm, ok, how the heck did I get a trojan in a pagefile? The only way this makes sense is if I managed to load a page with this in it and it was pushed to VM but never to the disk. I'm also confused because I have the on-access scanner turned on. I guess option b is this is a false positive.
:1002737


This thread was automatically locked due to age.
Parents
  • 0

    I've just had this problem.  First some basics, I'm running OSX 10.5.8 on my 2007 MacBook, and my Sophos AV updates hourly.  

    This afternoon as I accessed a web page, AV notified me of a threat in the cache, a threat called 'Mal/Iframe-V'.  Naturally I shut that page down, then I clicked my way through the clean-up sequence.  When it was done and the threat listing was removed from the Quarantine Manager, there was no pop-up window to tell me what had happened, so I looked at the log, and to my surprise I saw:  

    "com.sophos.intercheck:         2011-06-04 14:28:40 +0100 Threat:    'Mal/Iframe-V' detected in /[my browser's cache folder]

     -- followed by -- 

    com.sophos.intercheck:          Access to the file denied "

    So my question is, does this mean that AV was unable to deal with this threat?  If it didn't access the file, how is it supposed to eliminate it?  What else do I have to do to get rid of this?  

    :1002943
Reply
  • 0

    I've just had this problem.  First some basics, I'm running OSX 10.5.8 on my 2007 MacBook, and my Sophos AV updates hourly.  

    This afternoon as I accessed a web page, AV notified me of a threat in the cache, a threat called 'Mal/Iframe-V'.  Naturally I shut that page down, then I clicked my way through the clean-up sequence.  When it was done and the threat listing was removed from the Quarantine Manager, there was no pop-up window to tell me what had happened, so I looked at the log, and to my surprise I saw:  

    "com.sophos.intercheck:         2011-06-04 14:28:40 +0100 Threat:    'Mal/Iframe-V' detected in /[my browser's cache folder]

     -- followed by -- 

    com.sophos.intercheck:          Access to the file denied "

    So my question is, does this mean that AV was unable to deal with this threat?  If it didn't access the file, how is it supposed to eliminate it?  What else do I have to do to get rid of this?  

    :1002943
Children
No Data