False positive confirmed by Sophos Support this morning. Here is a KB they sent me.
https://community.sophos.com/kb/en-us/125000 On Sun, Sep 4, 2016 at 8:53 AM, Richard Stovall <[email protected]> wrote: > Is it a real outbreak? Everything I can find about that name is really > old. Bad defs from Sophos resulting in false positives? > > On Sep 4, 2016 7:34 AM, "Beard, Julius" <[email protected]> wrote: > >> Yep, we’re seeing the same on a number of machines running Sophos. I see >> they updated their KB article in Threat Center last night, but now it goes >> to a 404 page. >> >> >> >> You get any response from them? >> >> >> >> *From:* [email protected] [mailto:[email protected] >> orum.com] *On Behalf Of *Kelsey, John >> *Sent:* Sunday, September 4, 2016 12:16 AM >> *To:* '[email protected]' <[email protected]> >> *Subject:* [NTSysADM] Outbreak >> >> >> >> We’re seeing a massive outbreak of Troj-FarFli-CT tonight, affecting >> winlogon.exe. Sophos doing a poor job of stopping it so far. Anyone else >> seeing similar? >> >> Tons of our VMs are getting infected. On hold for over 30 minutes >> waiting for Sophos support right now. >> >> >> >> *************************************** >> *John C. Kelsey* >> >> Penn Highlands Healthcare >> (: 814.375.3073 >> 2 : 814.375.4005 >> *: [email protected] >> *************************************** >> >> [image: PHH ESig Logo 150dpi] >> >> >> >> This email and any attached files are sensitive in nature and intended >> solely for the intended recipient(s). If you are not the named recipient you >> should not read, distribute, copy or alter this email. Any views or opinions >> expressed in this email are those of the author and do not represent those >> of Penn Highlands Healthcare or its affiliates.. Warning: Although >> precautions have been taken to make sure no viruses are present in this >> email, the company cannot accept responsibility for any loss or damage that >> arise from the use of this email or attachments. >> >>
