Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 59 replies
  • Subscribers 6 subscribers
  • Views 72485 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with Creating a Custom Scan to remove a Threat

hjmarxmd

I would appreciate help with a problem identified when I did a
scan using the free Sophos Anti-Virus for IMac Home Edition that
uses Mac OS X 10.5.  The scan detected Mal/EncPk-LF threat and
the action advised was to "clean up manually" by creating a
custom scan, but I cannot figure out how to do that.
Herbert Marx (hjmarxmd@pol.net)

:1001625


This thread was automatically locked due to age.
  • 0

    Hi prtex,

    It appears you have a few things going on.

    First, delivery failed messages are often sent when a spammer forges your email address as the From: address in their spam.  It is likely that you are on a botnet's spamming list, so you are both getting hit with the spam and being abused as a fake sender.

    Second, we'll need to know more about what malware is being flagged and where quarantine is finding it... but I suspect that it is indeed Windows malware that is showing up in your mail cache -- if you use webmail, it'll be showing up in your web cache when you load your inbox.  It could also be drive-by java downloads that are in your Java cache folder.

    The truth is, the majority of malware that will make its way onto your Mac is actually Windows malware and will not execute on your Mac.  It is however still dangerous to any Windows machine you may communicate with, so it is best to clean it up.

    :1002955
  • 0

    I’’’’m new to this too, Andrew. And you seem knowledgable. Of the 35 threats logged on my Quarantine page, most of the Path and Filenames begin with: /Volumes/Time Machine Backup/Backups.back...er.app/

    I’’’’ve managed to manually clean the threats from my Mac, but how do I clean the Time Machine? I can’’’’t seem to access the paths.

    :1002963
  • 0

    The safest way to clean them from within Time Machine is to navigate to the point where they are detected within Time Machine.  So, when viewing the full path, you look at the part beyond /Volumes/Time Machine Backup/Backups.backupdb/ to figure out where you should go.  The next part of the path should be the name of your hard drive that's backed up.

    Go into Time Machine, and havigate to the date indicated next in the file path, then the sub-path listed after that.  Eventually you'll come to the file (listed here as "... er.app".  Likely, this entire app is malicious.  My guess is that this is MacDefender.app?  If so, it will be found in the Applications folder.

    Right click on the file, and select the menu item that says something like "remove all occurances" -- this will delete EVERY backup of that file from your Time Machine volume.

    :1002971
  • 0

    I have the exact same anti-malware that Gary has: OSX/FakeAV-DWN and OSX/FakeAVDl-A anti-malware.zip .

    When I click on custom scans and then click on the +, nothing happens. No new windows open up. So now I'm stuck.

    Anything else I can try?

    Thanks so much!

    :1003049
  • 0

    If you've got the anti-malware.zip file and have not extracted it, there's no need to run a custom scan; just toss the file in the trash (it's located wherever your web browser downloads files to by default).

    However, custom scans should work for you; clicking the + should open a dialog with Scan Name: and a highlighted field.

    What version of OS X and Sophos Anti-Virus are you running?

    :1003057
  • 0

    Andrew,

    Thanks for the response. I feel better knowing that without having opened the files I should be all good.

    However, for future reference, I appreciate your follow up.

    I downloaded Sophos yesterday - it's version 7.3, and Mac OS 10.5.8.

    Thanks again!

    :1003067
  • 0

    I had looked at that video before I posted on here but it didn't help because when I clicked the plus no new window opened up. I just tried it again and now a new window comes up. So strange! Anyway thanks for your help!

    :1003083
  • 0

    Thanks from a newbie! Had two Trojans which required manual cleanup and couldn't find any way to do a custom scan. Followed the directions from Meril444 and deleted the files. Thanks so much to all of you who put in helpful information. Now I can get back to work. :)

    :1003087
  • 0

    I have identified and isolated 16 OSX/FakeAV-DWN threats on my mac.  But I am not given the option to clean them up with the software, but am given the message "Cleanup not available for this threat ".  Not much help there!  How do I get rid of these things!

    :1003103