This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Generic-S in Temp folder

Hello,

since this morning, every time I restart the PC, I get the message that there is an executable in the Temp folder that was detected as malware. The first time it could not be removed, but when I checked it was no longer there anyway. The other times it said it could remove the threat successfully.

The detections are Mal/Generic-S.
They are found in the Windows temp directory and look like this (the names change every time):

C:\Windows\Temp\0f62aff2-c963-2b81-c015-e65dbe0fc858\f572f226-cf75-148b-2c52-bacb5a2fc3c8.exe

A full scan of the system after removal has revealed no additional threats.

Should I be concerned?



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Shweta,

    the file path is gone. I deleted the folder, although it was already empty when I checked. There is actually a second detection now, this time. The first detection (Mal/Generic-S) comes from node.exe (primary reason "Nodejs"), but that has not occured since Friday.

    Now I have a second one, C2/Generic-A, apparently Firefox is trying to connect to "de . withtls . net" which is classed as a high risk site by Sophos, containing exactly this malware. Apparently there is something wrong with this device, even though the full scan doesn't yield any results.

    UPDATE: I found an empty Firefox extension (no name, no text) that could not be removed. I cleaned Firefox, this removed the extension. However, there's another detection now "Generic PUA CK". This seems to be "Outbrowse".

    I reinstalled the PC.

  • Hi

    If a C2 detection alert has been triggered this means that the Sophos Endpoint Security and Control product has detected communication with a suspect Command and Control site. For C2/Generic-A or C2/Generic-C, please refer How to investigate C2/Generic-C Detection

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids