Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 2400 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Report history is where?

LDMartin1959

I had a hit on my MBAir the other day.  Sophos reported a keylogger of some sort. It wasn't Flashback (as I recall) and I wanted to see details 'cuz I have no idea when it would/could have gotten installed. I went into the quaranteen manager which didn't show any more details. The QM was locked so I unlocked it, thinking I would be able to find out more. As soon as I unlocked it, the listing disappeared. I am trying to find where the report history is stored because I am curious about the details (where the infection was and other details) but it does not appear that there is any report history.

What am I missing here?

:1006883


This thread was automatically locked due to age.
  • 0

    Update: After letting the scan complete, I now see the following:

    The reported infection is OSX/Flshplyr-D, which is being reported in my Time Machine files (a sample location is showing as /Volumes/The Office/Backups.backupdb/M_Michaels/2012-03-28-082538/File Room/Users/Leslie/.null,).

    However, this is only after the scan results and I am still not finding where I can return to these results later.

    Additionally, when I follow the link in the results pane, I am taken to a page on the Sophos site which defines this as a Mac trojen, then offers to let me download the Windows Threat removal utility. Say what???????

    :1006887
  • 0
    Hello LDMartin1959, the analysis for OSX/Flshplyr-D has more information of you click, well, more information - specifically it mentions detections in Time Machine backups. The removal utility is just a plug (PR/marketing/web design have their own ideas - not too long ago you found a similar hint to give Mac HE a try all over the place - including knowledgebase articles for the Windows product ...). Detections and summaries are written to the log (custom scans have their own), "View log ..." should take you there. The logs are also accessible from the console app. Christian
    :1006889
  • 0

    "The logs are also accessible from the console app"

    Got it. Any idea how to delete the infection from my Time Machine files, especially since the file referenced is named ".null"?

    :1006891
  • 0
    Sorry, I have no TM (not even a decent and recent Mac) so I can't say how to navigate to or show the path to a dot-file? But maybe this is how to do it: http://meinit.nl/restore-hidden-files-apple-mac-os-x-time-machine Christian
    :1006895
  • 0

    Or worst case, I can just delete those back-up folders. Thanks.

    :1006901