Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 15640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus Mac query

musos

Hi there,

I'm running Sophos Anti-Virus in Mac OS 10.6.6

It has detected a threat (Mal/Phish-A) which seems to be on my Time Machine drive. I tried to clean up the threat but I get:

Cleanup of the threat was not successful. You must clean it up manually.

The path to the threat is so long that it is abbreviated in the Sophos window:

/Volumes/Time Machine/Backups.backupdb/…/47790/2/www.standardbank.co.za.html

In other words the "..." prevent me from finding the exact location of the threat.

I did a search for the enclosing folder in the latest backup, and found the original threat. I did a scan and it says "Open Quarantine Manager" which then instructs me to clean up manually. So, it seems I'm in a loop....

How do I get rid of the threat? In other words, how do I "clean this up manually"? 

Any suggestions?

:9749


This thread was automatically locked due to age.
Parents
  • 0

    Sorry for the late response - I'm not in the habit of visiting these forums.

    The thing is that Time Machine files are protected so you can't just go into your drive and trash stuff. You can however remove things when you enter Time Machine itself.

    You have to first find the file(s) you want to remove. Sophos will alert you to the path to the file, which in your case is on the Time Machine drive. Take note of the name of the enclosing folder. For example, if the file was a mail attachment, it may be a a folder called "2" within a folder called "48022" which in turn is a few folders within the "Mail" folder in your personal Library folder.

    Because there are probably a thousand folders called "2" look for the folder called "48022" - you can do this with Spotlight or Search. Look on your main drive - not the Time Machine drive. We're looking for the original here. Even if Sophos has deleted the original file, the enclosing folders will still be there.

    Okay, so you now have a window open in the Finder, which shows the contents of "48022". Now, open Time Machine. (It's in your Applications folder - keep it in the Dock too). Select the file that Sophos alerted you to, or if it is not visible, you can go back in time until you find it. Alternatively, you can select the folder it was in (eg "2" in this example).

    Control-click on the file or folder and select [Delete all backups of "..whatever the file name is..."]

    You should get an alert asking for your admin password - enter it and the offending file(s) will be gone forever. Hit Cancel to exit Time Machine.

    Hope this makes sense....

    PS:

    Regarding Macs: There are indeed way fewer security issues on Mac. However, you may get sent phishing emails and spam which contain viruses and malware. Just delete them and carry on enjoying your Mac!   :-)

    :9991
Reply
  • 0

    Sorry for the late response - I'm not in the habit of visiting these forums.

    The thing is that Time Machine files are protected so you can't just go into your drive and trash stuff. You can however remove things when you enter Time Machine itself.

    You have to first find the file(s) you want to remove. Sophos will alert you to the path to the file, which in your case is on the Time Machine drive. Take note of the name of the enclosing folder. For example, if the file was a mail attachment, it may be a a folder called "2" within a folder called "48022" which in turn is a few folders within the "Mail" folder in your personal Library folder.

    Because there are probably a thousand folders called "2" look for the folder called "48022" - you can do this with Spotlight or Search. Look on your main drive - not the Time Machine drive. We're looking for the original here. Even if Sophos has deleted the original file, the enclosing folders will still be there.

    Okay, so you now have a window open in the Finder, which shows the contents of "48022". Now, open Time Machine. (It's in your Applications folder - keep it in the Dock too). Select the file that Sophos alerted you to, or if it is not visible, you can go back in time until you find it. Alternatively, you can select the folder it was in (eg "2" in this example).

    Control-click on the file or folder and select [Delete all backups of "..whatever the file name is..."]

    You should get an alert asking for your admin password - enter it and the offending file(s) will be gone forever. Hit Cancel to exit Time Machine.

    Hope this makes sense....

    PS:

    Regarding Macs: There are indeed way fewer security issues on Mac. However, you may get sent phishing emails and spam which contain viruses and malware. Just delete them and carry on enjoying your Mac!   :-)

    :9991
Children
No Data