Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 1792 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Showed Up in Quarantine Manager, but Disappeared Before I Did Anything

Paradox11
I was browsing some websites when an alert from Sophos appeared saying that a threat had been detected. I opened the Quarantine Manager to clean up the threat, and I saw the listing for the threat in the QM, but then it disappeared from the list before I could do anything about it. All I caught about it was that the threat was listed as Virus/Spyware. I then ran a complete scan of all local drives (and cleared my browser's cache) and it came back saying no threats had been detected. Is it possible that the threat is still on my computer but found some way to hide itself? Or am I just being too paranoid?
:1003869


This thread was automatically locked due to age.
Parents
  • 0

    Troj/Invo-zip is a zip file attached to Zeus Bot laden emails (Windows-only).  So, if the file's not in your email cache and it disappears quickly, my guess is that you're using IMAP for email, and it's transient data coming from the server-side mail store.

    There's also a slight chance that it is detecting on temp files created during Zip compression/decompression, where the engine is detecting on a partial file -- and by the time the file is complete, it no longer looks like Invo-Zip.  Did you happen to be copying/creating a zip file at the time this detection went off?

    :1003939
Reply
  • 0

    Troj/Invo-zip is a zip file attached to Zeus Bot laden emails (Windows-only).  So, if the file's not in your email cache and it disappears quickly, my guess is that you're using IMAP for email, and it's transient data coming from the server-side mail store.

    There's also a slight chance that it is detecting on temp files created during Zip compression/decompression, where the engine is detecting on a partial file -- and by the time the file is complete, it no longer looks like Invo-Zip.  Did you happen to be copying/creating a zip file at the time this detection went off?

    :1003939
Children
No Data