This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware FakeAV-Jo Keeps Showing Up

PC Windows 10

I'll receive a windows pop-up notification to the side that Sophos has detected malware/fakeav-jo and moved it to quarantine. When I open Sophos I see the file briefly in quarantine before it disappears by itself. 

 

The pop-up notification of this malware keeps appearing at least 5x in a row with the same message. These episodes also happen about twice a month. What's going on here?



This thread was automatically locked due to age.
  • Hello Lynn M,

    briefly in quarantine before it disappears
    this is normal. When automatic cleanup is enabled and a threat is cleanable a cleanup routine is dispatched. Depending on the threat it might perform a simple action like deleting the file, do some additional specific scanning, or even decide that a full scan is required. A file appears in QM immediately after detection, once cleanup is successful it will disappear.

    5x in a row with the same message
    an important pice of information is the file's path, it might give a hint which application is responsible. Likely the detection is on write and the application (e.g. Dropbox sync) might check whether the file has been successfully written and retry a few times.

    What's going on here?
    Hard to say from the outside without more information. If you have no idea why it happens about twice a month the Source Of Infection tool might help to find the culprit.

    Christian

  • Hello

     

    In addition to what  wrote, consider running Microsoft Autoruns to see if there are any unusual programs that are running automatically, and is triggering the detection.

    Sometimes it's a scheduled task that is running a script that seems unusual but may be causing behavior that is malicious and is triggering a detection. 

    For more information on MS Autoruns I recommend you read the official article here: https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx.