This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat: 'Troj/DocDl-BBK' detected

I received an alert that Threat: 'Troj/DocDl-BBK' was detected, I clicked on the quarantine manager and there was nothing in there, I checked the log and it said:

com.sophos.intercheck: 2016-02-13 08:02:56 -0500 Threat: 'Troj/DocDl-BBK' detected in
com.sophos.intercheck: Access to the file denied

I did a search on the threat and it says it's windows-based threat???

Questions:

Why if its a windows-based thereat, did i get it?

Why wasn't it in the Quarantine Manager after it alerted me?

Why was access denied?

Thanks

Mark



This thread was automatically locked due to age.
Parents
  • Hello Mark (and Tommy),

    first of all the scanner is "OS-agnostic" when it comes to detections (but not with respect to what - i.e. which files are considered "infectable" - is scanned). In this case it's very likely an MS-Office attachment containing a malicious downloader (which might be targeted at Windows only but eventually could "serve" the Locky ransomware. AFAIK when an attachment is decoded by the mail app, found to be malicious and subsequently blocked the path might be empty (as this temporary file is gone).

    Christian

Reply
  • Hello Mark (and Tommy),

    first of all the scanner is "OS-agnostic" when it comes to detections (but not with respect to what - i.e. which files are considered "infectable" - is scanned). In this case it's very likely an MS-Office attachment containing a malicious downloader (which might be targeted at Windows only but eventually could "serve" the Locky ransomware. AFAIK when an attachment is decoded by the mail app, found to be malicious and subsequently blocked the path might be empty (as this temporary file is gone).

    Christian

Children
No Data