I've seen several Mal/Generic-L detections reported lately. As they are infrequent and are dealt with by Sophos one way or the other I didn't think much about them. Today one has been detected on a co-workers machine right across the hall. Since the quarantine was empty (probably because of scan-on-write) I changed cleaning to "move", obtained the sample and sent it to Sophos. We first suspected something from a website (using Firefox) but as there were more detections (several minutes to more than half an hour apart) and also when Firefox was closed I started a scan (with HIPS scanning enabled). This time something turned up: sdra64.exe in the system32 directory detected (in the rootkit scan phase) as Sus/CFNBehav-A.
I've sent in this one too and am waiting for the results.
Christian
This thread was automatically locked due to age.
