Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 1792 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Showed Up in Quarantine Manager, but Disappeared Before I Did Anything

Paradox11
I was browsing some websites when an alert from Sophos appeared saying that a threat had been detected. I opened the Quarantine Manager to clean up the threat, and I saw the listing for the threat in the QM, but then it disappeared from the list before I could do anything about it. All I caught about it was that the threat was listed as Virus/Spyware. I then ran a complete scan of all local drives (and cleared my browser's cache) and it came back saying no threats had been detected. Is it possible that the threat is still on my computer but found some way to hide itself? Or am I just being too paranoid?
:1003869


This thread was automatically locked due to age.
  • 0

    In this case, you're being too paranoid. :smileywink:  I've described the issue in detail in another thread on here.  The short of it is that the malware was detected in your browser cache, and when it was cleared, the threat went away (and therefore vanished from quarantine).

    :1003881
  • 0

    But I cleared the cache after the threat disappeared from the Quarantine Manager... Does the cache regularly empty by itself?

    :1003887
  • 0

    Yes.  OS X does dynamic caching and manages the caches itself.

    :1003889
  • 0

    I have the same issue. Virus shows up as Troj/Invo-zip and when I open the Quarantine Manager it disappears before I can do anything. I cleared my email cache and my browser cache. I still keep getting the message that there is this virus found. the Quarantine Manager does not show a location for the file. Mac OSX 10.5.

    :1003937
  • 0

    Troj/Invo-zip is a zip file attached to Zeus Bot laden emails (Windows-only).  So, if the file's not in your email cache and it disappears quickly, my guess is that you're using IMAP for email, and it's transient data coming from the server-side mail store.

    There's also a slight chance that it is detecting on temp files created during Zip compression/decompression, where the engine is detecting on a partial file -- and by the time the file is complete, it no longer looks like Invo-Zip.  Did you happen to be copying/creating a zip file at the time this detection went off?

    :1003939