Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 15638 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus Mac query

musos

Hi there,

I'm running Sophos Anti-Virus in Mac OS 10.6.6

It has detected a threat (Mal/Phish-A) which seems to be on my Time Machine drive. I tried to clean up the threat but I get:

Cleanup of the threat was not successful. You must clean it up manually.

The path to the threat is so long that it is abbreviated in the Sophos window:

/Volumes/Time Machine/Backups.backupdb/…/47790/2/www.standardbank.co.za.html

In other words the "..." prevent me from finding the exact location of the threat.

I did a search for the enclosing folder in the latest backup, and found the original threat. I did a scan and it says "Open Quarantine Manager" which then instructs me to clean up manually. So, it seems I'm in a loop....

How do I get rid of the threat? In other words, how do I "clean this up manually"? 

Any suggestions?

:9749


This thread was automatically locked due to age.
  • 0

    Don't worry - I solved it.

    Here's how:

    I found the enclosing folder on my main drive, and then went into Time Machine and deleted all backups of that file.

    :9751
  • 0

    I am in the process of installing the same AV product.

    Can you explain in more detail how to remove threats manually as I read your post but don't even know where to start in finding files etc. I do have a time machine set up  right now I'm showing about 8 threats with 

    Troj/JavaDl-AZ  being the most common.

    Frustrating as I bought a MAC under the perception that there were no security issues as many do.

    Thanks in advance for any help you can offer as I feel like this is way over my head

    :9777
  • 0

    Sorry for the late response - I'm not in the habit of visiting these forums.

    The thing is that Time Machine files are protected so you can't just go into your drive and trash stuff. You can however remove things when you enter Time Machine itself.

    You have to first find the file(s) you want to remove. Sophos will alert you to the path to the file, which in your case is on the Time Machine drive. Take note of the name of the enclosing folder. For example, if the file was a mail attachment, it may be a a folder called "2" within a folder called "48022" which in turn is a few folders within the "Mail" folder in your personal Library folder.

    Because there are probably a thousand folders called "2" look for the folder called "48022" - you can do this with Spotlight or Search. Look on your main drive - not the Time Machine drive. We're looking for the original here. Even if Sophos has deleted the original file, the enclosing folders will still be there.

    Okay, so you now have a window open in the Finder, which shows the contents of "48022". Now, open Time Machine. (It's in your Applications folder - keep it in the Dock too). Select the file that Sophos alerted you to, or if it is not visible, you can go back in time until you find it. Alternatively, you can select the folder it was in (eg "2" in this example).

    Control-click on the file or folder and select [Delete all backups of "..whatever the file name is..."]

    You should get an alert asking for your admin password - enter it and the offending file(s) will be gone forever. Hit Cancel to exit Time Machine.

    Hope this makes sense....

    PS:

    Regarding Macs: There are indeed way fewer security issues on Mac. However, you may get sent phishing emails and spam which contain viruses and malware. Just delete them and carry on enjoying your Mac!   :-)

    :9991
  • 0

    Hi. These instructions are very clear. But unfortunately Spotlight cannot find the folder with the correct number (in my case 

    239358) on the Mac itself. So I don't know how to proceed. There's another Malware that is directly in the Downloads folder of my Time Machine back-up, and obviously I can't delete the Back-up folder. So I'm unsure how to proceed in both cases. Any suggestions?

    :10505
  • 0

    Spotlight is an intentionally stupid creature. By default, it doesn't allow you to search in many areas that Apple considers to be sensitive.

    Do this:

    Open a Find window (Command-F)

    Click on the + button (far right) and a new set of buttons will apear.

    Click-hold the first (left) button to get a menu and scroll down and select Other. A window will appear.

    Scroll down to "System files" and check the box next to it. This will keep it in the menu from now on.

    Click OK

    Now click on the same button and select System files.

    Click on the next button and choose "are included"

    Now Spotlight should search everywhere, and will probably find the stuff you're looking for....

    Also, see my post above about how to delete files from Time Machine itself.

    Open your Downloads folder.

    Enter Time Machine.

    Go back in time until you find the offending files. They will be there somewhere.

    :10529
  • 0

    My Mac was also infected.  Thanks for the tip here, I was able to find the files and delete them.  Everything seems to be working smoothly now.

    :21325
  • 0

    I downloaded the sophos program for the mac and scaned all my drives and it found 8 but 

    i tryed to download the removal tool  which I did but the terminal box came up with it does not run in dos can someone help me please Im running Mac OS 10.6.6 and the findings were trojans,malware and fake OSX

    I figured it out - I had to unlock the lock to make changes then click on the higlighted virus which took me to the threat center screen then I closed it and went back to the quarantine manager window and clean up was available for removal.  Just kept repeating the process until all were removed.

    :23537