This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Badsrc-M' has been detected in Pagefile.sys

Hi

Recently received this alert on a machine, that isn't overly used. Need to determine if this is false positive, but also it's copying to multuple VSS Shadow Copies each time a VSS is run, is there an way to identify its source.

The device has Intercept X on it and the "malware" is actually being cleaned up after we receive the alerts

Virus/spyware 'Troj/Badsrc-M' has been detected in "\\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\pagefile.sys". Cleanup failed



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Sophos User1483,

    as I said in the linked post the occasional alerts on an endpoint continued for one or two days then subsided, and in a post linked from there Guess it'd be safe to add an exclusion for the shadow copy (like \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy*\pagefile.sys), can't say if it'd help.

    Christian