Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 9 subscribers
  • Views 3368 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware FakeAV-Jo Keeps Showing Up

Lynn M

PC Windows 10

I'll receive a windows pop-up notification to the side that Sophos has detected malware/fakeav-jo and moved it to quarantine. When I open Sophos I see the file briefly in quarantine before it disappears by itself. 

 

The pop-up notification of this malware keeps appearing at least 5x in a row with the same message. These episodes also happen about twice a month. What's going on here?



This thread was automatically locked due to age.
  • 0

    Hello Lynn M,

    briefly in quarantine before it disappears
    this is normal. When automatic cleanup is enabled and a threat is cleanable a cleanup routine is dispatched. Depending on the threat it might perform a simple action like deleting the file, do some additional specific scanning, or even decide that a full scan is required. A file appears in QM immediately after detection, once cleanup is successful it will disappear.

    5x in a row with the same message
    an important pice of information is the file's path, it might give a hint which application is responsible. Likely the detection is on write and the application (e.g. Dropbox sync) might check whether the file has been successfully written and retry a few times.

    What's going on here?
    Hard to say from the outside without more information. If you have no idea why it happens about twice a month the Source Of Infection tool might help to find the culprit.

    Christian

  • 0 in reply to QC

    Hello

     

    In addition to what  wrote, consider running Microsoft Autoruns to see if there are any unusual programs that are running automatically, and is triggering the detection.

    Sometimes it's a scheduled task that is running a script that seems unusual but may be causing behavior that is malicious and is triggering a detection. 

    For more information on MS Autoruns I recommend you read the official article here: https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx.

Unfiltered HTML