Manual cleanup - move - delete does not work!

Hello ed,

did the scans detect the threats but still not remove them? Did the scan ask you to authenticate as an administrator? Please take a look at the log - it should list the settings used, threats detected and the actions attempted/performed (or could you post them here)?

Christian

dear Christian

 did the scans detect the threats but still not remove them?

YES

 Did the scan ask you to authenticate as an administrator?

YES - but it didn't say how

i tried every possible option --

1. move, delete, and cleanup with "scan all"
2. move, delete, and cleanup with "scan with current privileges"
3. unlocking the quarantine manager and clicking clean up threat
4. only to have the "clean up" option change to "clean up manually"
5. which led me to instructions on your site and posts in this forum
6. which told me to run a custom scan
7. which led me to step 1-6 again
8. which led me to step 1-6 again
9. which led me to step 1-6 again
10. which led me to step 1-6 again
11. which led me to step 1-6 again ...

after about a dozen tries in the past 3 days i finally wrote a post in this forum

see also

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Need-to-improve-interface-and-documentation/m-p/489

Please take a look at the log - it should list the settings used, threats detected and the actions attempted/performed

(or could you post them here)? 

you want me to post a log with 2000 lines

or will this truncated and edited snippet of just one folder do?

Sophos Anti-Virus

Product version: 7.2.1C

Threat detection engine version: 3.12.11

Threat data version: 4.59

Release date: 01 November 2010

Detects 2111175 threats

Copyright © 2008-2010 Sophos Group. All rights reserved.

Scan name: "virus sophos"

Scan items:

 Path: /Volumes/x  enabled: yes

Configuration:

 Scan inside archives and compressed files: Yes

 Automatically clean up threats: No

 Action on infected files: Move to folder at path "/Users/Shared/Infected/"

Sophos Anti-Virus

Product version: 7.2.1C

Threat detection engine version: 3.12.11

Threat data version: 4.59

Release date: 01 November 2010

Detects 2111175 threats

Scan name: "virus sophos"

Scan items:

 Path: /Volumes/x  enabled: yes

Configuration:

 Scan inside archives and compressed files: Yes

 Automatically clean up threats: No

 Action on infected files: Move to folder at path "/Users/Shared/Infected/"

Scan started at 2010-11-09 09:30:41 -0500

Threat: 'Mal/Generic-L' detected

 Threat not moved because cleanup is available

Threat: 'Mal/Behav-053' detected 

 Threat not moved because cleanup is available

Threat: 'Troj/PSW-HX' detected 

 Threat not moved because cleanup is available

Threat: 'Troj/Mdrop-CGG' detected 

 Threat not moved because cleanup is available

Threat: 'Troj/Agent-GPW' detected

 Threat not moved because cleanup is available

Threat: 'Mal/VBDrop-G' detected 

 Threat not moved because cleanup is available

Threat: 'Troj/AdbPat-A' detected 

 Threat not moved because cleanup is available

Threat: 'Mal/Packer' detected 

 Threat not moved because cleanup is available

Scan completed at 2010-11-09 09:32:33 -0500.

 165 items scanned, 8 threats detected, 0 issues

---

broker52 wrote:

… backup drive (Time Machine) has infected files …  remove them. 

---

Please see 

threats backed up by Time Machine (2010-11-07).

Hello ed,

the snippet is ok except that you obviously edited out the paths - as you did scan inside archives (which is usually not necessary) I assume most if not all items are in "there". Unless I intend to move and use archives "somewhere else" I'd not fiddle with them (and then I'd first try on a copy what'd be left after a cleanup).

For these custom scans I'd use cleanup when a threat is found and delete if cleanup fails. If this combination doesn't work (but see above about archives) please post again a snippet of the log. 

 Did the scan ask you to authenticate as an administrator?

YES - but it didn't say how

I'm not a Mac guy but (or because of that?) the meaning of the pop up and Scan with Current Privileges vs. Scan All was immediately obvious to me. What would you suggest to make it better - would a lock icon be more "Mac-like"?

Christian

OK

i finally got it to work [after a week if trying]

here's how

do a custom scan with these settings

options

1-when a threat is found: CLEAN UP THREAT

2-if cleanup fails: MOVE THREAD

3-chose a move folder

4-scan

then it works

AND AN AUTHENTICATE DIALOG BOX POPS UP!

but it shouldn't have to be so hard

other av programs handle it much easier

btw

i excluded the full paths because they are very long and contain personal info

none of the files were compressed

i had that set because i saw no need to change it

i am disabled

i use a chopstick to type on the keyboard and the keyboard to move the mouse pointer

it is time consuming and labor intensive

small violations of apple interface norms may be no biggie for you

but they make  a lot  of extra work for me

thanx for the free program

i hope you improve the interface

Hello Ed,

glad to hear it's working.

small violations of apple interface norms may be no biggie for you

I see ... Thanks for reminding us. ... and the keyboard to move the mouse pointer  Gave it a try, what a PITA! You have a big point here.

We'll see what Sophos can do pertaining to accessibility.

Christian

---

broker52 wrote:

… My  backup drive (Time Machine) has infected files and I don't know how to remove them. …

---

Don't attempt removal without first updating SAV. Please see 

Time Machine backups - update now available

christian and sandy

thanks for the response

don't mean to sound whiney

it's just my nature

i have spent an extreme amount of time  putting your product to the test

trying to see how usable it really is for me

and understand what it actually does

consider me an outside beta tester

i have read the [meager] docs

i have posted a lot of questions and comments

all of my posts are sincere

if you are interested in making this product a success

i hope you will find my input usefull

Hello,

Please could you help me to clean up the following threats manually? I know they affect Windows (only) but shouldn't I clear them?

The instructions for 'Action' online take me in a loop.

How do I find these files? What do I search for as I'm having no luck? 

2010-11-26 11:25:54 +0000 Threat: 'Mal/JavaSnd-B' detected in /Users/MY NAME/Library/Caches/Java/cache/6.0/20/7bb99554-140759ce/vmain.class

2010-11-26 11:25:55 +0000 Threat: 'Mal/JavaHu-A' detected in /Users/MY NAME/Library/Caches/Java/cache/6.0/29/7adbb65d-27569146/________vload.class

2010-11-26 11:25:55 +0000 Threat: 'Mal/JavaHr-A' detected in /Users/MY NAME/Library/Caches/Java/cache/6.0/29/7adbb65d-27569146/vmain.class

2010-11-26 11:25:55 +0000 Threat: 'Mal/JavaKC-M' detected in /Users/MY NAME/Library/Caches/Java/cache/6.0/58/1f62c23a-5e1baaa0/vmain.class