This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat: 'Troj/DocDl-BBK' detected

I received an alert that Threat: 'Troj/DocDl-BBK' was detected, I clicked on the quarantine manager and there was nothing in there, I checked the log and it said:

com.sophos.intercheck: 2016-02-13 08:02:56 -0500 Threat: 'Troj/DocDl-BBK' detected in
com.sophos.intercheck: Access to the file denied

I did a search on the threat and it says it's windows-based threat???

Questions:

Why if its a windows-based thereat, did i get it?

Why wasn't it in the Quarantine Manager after it alerted me?

Why was access denied?

Thanks

Mark

This thread was automatically locked due to age.

Parents

QC over 8 years ago

Hello Mark (and Tommy),

first of all the scanner is "OS-agnostic" when it comes to detections (but not with respect to what - i.e. which files are considered "infectable" - is scanned). In this case it's very likely an MS-Office attachment containing a malicious downloader (which might be targeted at Windows only but eventually could "serve" the Locky ransomware. AFAIK when an attachment is decoded by the mail app, found to be malicious and subsequently blocked the path might be empty (as this temporary file is gone).

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

QC over 8 years ago

Hello Mark (and Tommy),

first of all the scanner is "OS-agnostic" when it comes to detections (but not with respect to what - i.e. which files are considered "infectable" - is scanned). In this case it's very likely an MS-Office attachment containing a malicious downloader (which might be targeted at Windows only but eventually could "serve" the Locky ransomware. AFAIK when an attachment is decoded by the mail app, found to be malicious and subsequently blocked the path might be empty (as this temporary file is gone).

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data