Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 12089 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Detected then Disappeared

Soup_pass

So I wanted to update my Video card driver, I used Device Manager to update my driver, but it failed. Then I used NVDIA GeForce Experience for update instead and still same result. I realized every time the installation is in about 5%, SOPHOS would pop-up and will say that there is a Threat detected Virus/Mal FakeAV-mr something like that. and when I clicked the notification, the threat appears for a second and disappears before I could do anything. I'm using Windows 8

:57894


This thread was automatically locked due to age.
  • 0

    Hello Soup_pass,

    View Anti-virus and HIPS log from the GUI will show you the threat's name, where it was found and what happened afterwards. Usually you see a threat disappear when cleanup kicks off in response to the detection and succeeds.

    Christian 

    :57898
  • 0

    the log says it has been removed. But still, I tried to update my driver. then the warning pops out again. Then I checked the log and it says that the Malware has been removed. for the nth time. 

    also, this may be not related, I tried to run a full scan on my PC. There were no threats but there are folders (I think) that are locked and Sophos can't access. I checked the location and if not all, they are mostly App Data -> browser folder. 

    :57899
  • 0

    Hello Soup_pass,

    the log says it has been removed. But still, I tried to update my driver. then the warning pops out again

    not really a surprise. Usually "the stuff" is unpacked during an install, the threat is detected (likely in a temp location) in one of the unpacked items and subsequently removed but remains in the original archive/package. 

    If the package is genuine (is it signed?) this could be a false positive. You should try to obtain and submit a sample of the offending item.

    there are folders (I think) that are locked

    you shouldn't get an access denied in your AppData (even if the browser is running). Can you view these locations with Explorer?

    Christian 

    :57900