Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 1949 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/JSRedir

mfaccone

On a new IMac.. and timeMachine backing up to an external drive...

I keep getting a trojan alert for ftscft.html. as a Troj/JSredir

It calls for manual deletion...

If I exit out of Sophos and wait a few min.  It mysteriously disappears from the quarentine manager.

Im thinking this is a false positive.. and should just ignore it..  or is something else going on here?

:1004495


This thread was automatically locked due to age.
Parents
  • 0

    Check your web browsers... you likely have a web page ftscft.html open inside an iframe in another web page, and it likely has a JavaScript Redirect tag on it, which is being detected.  This will be cached to disk, and the On-Access scanner is detecting the cached copy.  As the temporary cache is flushed, the file will vanish from quarantine (no exit needed).  As the file is re-loaded into the cache, the detection will come back.

    This detection is often associated with SEO poisoned pages, so would show up in poisoned image search results, for example.

    :1004513
Reply
  • 0

    Check your web browsers... you likely have a web page ftscft.html open inside an iframe in another web page, and it likely has a JavaScript Redirect tag on it, which is being detected.  This will be cached to disk, and the On-Access scanner is detecting the cached copy.  As the temporary cache is flushed, the file will vanish from quarantine (no exit needed).  As the file is re-loaded into the cache, the detection will come back.

    This detection is often associated with SEO poisoned pages, so would show up in poisoned image search results, for example.

    :1004513
Children
No Data