Troj/JSRedir

Check your web browsers... you likely have a web page ftscft.html open inside an iframe in another web page, and it likely has a JavaScript Redirect tag on it, which is being detected.  This will be cached to disk, and the On-Access scanner is detecting the cached copy.  As the temporary cache is flushed, the file will vanish from quarantine (no exit needed).  As the file is re-loaded into the cache, the detection will come back.

This detection is often associated with SEO poisoned pages, so would show up in poisoned image search results, for example.

Ok.. but why does it only show up on a time machine backup?  Shouldn't it also be on my hard drive?  

And it shows up in different directories on the backup... never same place.... and never more than once.  I would figure that it would also show up in several time machine backup times as well.

I am assuming its harmless and should be ignored..   I have run a test... taking the time machine backup that found it and restoring that backup on my machine.. ran the scanner... and it didnt show up except on the time machine backup.

That's an interesting one... what kind of file was it that was being detected?  HTML?

it was an HTML file... ftscft.html

And did you verify that the file still existed locally when the scan was complete?  This definitely sounds like cache files being deleted by the system and sometimes cached by TimeMachine.

In any case, it's likely not an FP, but also not anything to worry about too much, as it isn't actively doing anything malicious on your system.

I located the file and had to delete the whole backup folder for that day... we'll see if that works