This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can virus detection be triggered just by a filename?

Hi,

We got a notification of a virus as follows: Virus/spyware 'Mal/EncPk-AJO' has been detected in "C:\Windows\Temp\JET6FD2.tmp".

Is it possible that it got labelled as a virus just on the filename?

Wondered because it was in use by the Sophos firewall service, and although that filename is associated with a virus it’’’’s detection hasn’’’’t been updated since October 2013, and there are a lot of JETxxxx.tmp files with a new one appearing to get created each time the firewall service starts.

So is this just a false positive down to luck?

Thanks

This thread was automatically locked due to age.

0 QC over 10 years ago

Hello Giraffe,
the JETxxxx.tmp files are created by the MSDB engine which SCF uses. This seems to be a false positive triggered by some "unfortunate" pattern in the .tmp file - like some other families the EncPk detections are of a more generic nature. Guess a right-click scan will declare it clean in which case just dismiss the alert.
Christian
:55788
Cancel
Vote Up 0 Vote Down

Cancel
0 Giraffe over 10 years ago

Thanks Christian, that's pretty much what I did :smileyhappy:
And I always said that coincidence is more of a science than coincidence!
:55789
Cancel
Vote Up 0 Vote Down

Cancel