Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 59 replies
  • Subscribers 6 subscribers
  • Views 72462 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with Creating a Custom Scan to remove a Threat

hjmarxmd

I would appreciate help with a problem identified when I did a
scan using the free Sophos Anti-Virus for IMac Home Edition that
uses Mac OS X 10.5.  The scan detected Mal/EncPk-LF threat and
the action advised was to "clean up manually" by creating a
custom scan, but I cannot figure out how to do that.
Herbert Marx (hjmarxmd@pol.net)

:1001625


This thread was automatically locked due to age.
  • 0

    This does get tricky... if you don't want to scan the entire drive, try this:

    1. Go to the Finder
    2. Select the Go menu
    3. Select Go to Folder (command-shift-g)
    4. type "/private/tmp" (no quotes) into the text box and click Go
    5. Now, create your custom scan, click the + icon, and then... (this is where I like the MacOS way of doing things)
    6. go back to the Finder, click and hold on the tmp folder, drag it over the open dialog box, or drag it over the Sophos blue shield, wait a moment, and drag it over the open dialog box, or enter Expose and then drag it over the appropriate dialog box.
    7. The hidden folder will now be selected in the dialog box.

    Note that this trick works for accessing hidden folders in ANY open/save dialog.

    :1002253
  • 0

    "I'm using a Mac OS X"  "Go to the icon and right-click on it" isn't there a disconnect here? lol

    :1002333
  • 0

    Not really; control-click and contextual menus have been a part of OS X from the beginning.

    But if you like, I could have said "click on the icon, and then click the gear button on the Finder window and select...."

    Sometimes, right click is truly simpler, and Apple finally admitted it 11 years ago.

    And don't get me started on function keys vs Apple's F-Keys with all their command-shift goodness....

    :1002339
  • 0

    ooh that looks helpful. I gave up the other day so now I have to do the whole 4-hour scan again, but with these directions I'm sure I can do it. I'll be sure to let you know : ))

    :1002393
  • 0

    Brilliant. Ditto to above praise. I'm new to Sophos today, scanned the whole computer and found 3 Trojans hiding in my Google Chrome Cache. I was quite at sea as to how to do the requested Custom Scan. I followed your instructions exactly and it worked perfectly. Thank you so much for taking the time to spell it out so well.

    :1002437
  • 0

    merril444 - THANK YOU so much! I also followed your instructions word for word, and was able to clean-up the Trojans in quarantine. I really appreciate you sharing this with the community. 

    :1002633
  • 0

    Hi thanks a million for the detailed instructions to do manual clean up! :womanhappy:  I've followed exactly  but when I go back into the Quarantine Mananger the file is still there?  When I click on it, it says that the affected operating system is windows.  I'm on Mac os x. Can I just delete the file then?  I have about 30 of these.  Most are called Troj/Wimad-Gen, Mal/Packer or Troj/Agent-INP.

    Any advice would be much appreciated. 

    :1002689
  • 0

    Yes, if you know where the files are located, and they're of type Troj/<anything>, you can just delete them.  Since you're on a Mac, you can probably just delete anything of type Mal/Packer too -- this detects the code used to hide malicious software from AV software, it is remotely possible that this one might be detected on a legitimate Windows executable, but not a legitimate Mac file.

    :1002691
  • 0

    That was excellent.  Very easy to follow directions and I cleared 9 threats I was trying to get rid of all day.  THANKS!

    :1002713
  • 0

    So this did not work for me, despite your very thourough instructions.  In step number 3, you say double click on it and another window is supposed to come up.  What am I supposed to double click on?

    :1002751