Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 59 replies
  • Subscribers 6 subscribers
  • Views 72496 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with Creating a Custom Scan to remove a Threat

hjmarxmd

I would appreciate help with a problem identified when I did a
scan using the free Sophos Anti-Virus for IMac Home Edition that
uses Mac OS X 10.5.  The scan detected Mal/EncPk-LF threat and
the action advised was to "clean up manually" by creating a
custom scan, but I cannot figure out how to do that.
Herbert Marx (hjmarxmd@pol.net)

:1001625


This thread was automatically locked due to age.
  • 0

    after doing a custom scan to rid myself of 5 viruses, when I opened the quarantine manager the threats were still listed! 

    please advise?

    :1003107
  • 0

    "cleanup" isn't available (you can't disinfect the files as the entire file is malicious) -- you can, however, delete the files.

    :1003121
  • 0

    Hi,

    I have 2 trojwimad/gen (that are in quarantaine).

    They were from I Tunes, (wma), but I don't seem to be able to delete them from I Tunes. (don't find them there)

    I did that (cache), to no avail, they are still there.

    I tried this:

     

    1.             Go to the Finder

    2.             Select the Go menu

    3.             Select Go to Folder (command-shift-g)

    4.             type "/private/tmp" (no quotes) into the text box and click Go

    5.             Now, create your custom scan, click the + icon, and then... (this is where I like the MacOS way of doing things)

    6.             go back to the Finder, click and hold on the tmp folder, drag it over the open dialog box, or drag it over the Sophos blue shield, wait a moment, and drag it over the open dialog box, or enter Expose and then drag it over the appropriate dialog box.

    7.             The hidden folder will now be selected in the dialog box.

    Note that this trick works for accessing hidden folders in ANY open/save dialog.

    On step 5.. to 6.. I couldn't follow it..

    The names of my files are *crack* file name.wma and (release) same file name.wma.

    What may I do to neutralze, delete this trojan?

    Best,

    Sylvia

    :1003131
  • 0

    It sounds like you're doing everything right... the only bit here is that you need to go to the right folder.  If the files aren't in /private/tmp, then going there isn't going to help you.  You need to get the appropriate path from the Quarantine Manager; if the triangle on the bottom is pointing down and you click on the details, you'll get the complete path to the detected file.  Instead of typing "/private/tmp" you need to enter the path to the files in question... that's everything up to the last / .

    :1003143
  • 0

    I did all this but the 3 threats identified are still there in the main window.

    :1003151
  • 0

    Thanks for this excellent tech support.  However, I followed it carefully and it did not remove the four threats of OSX/FakeAV-A that were in my quarantine manager.  Any other suggestions?

    :1003285
  • 0

    HELP! PLEASE! These instructions were very helpful and I followed them all, but I still have a problem. The 8 threats in my quarantine manager are still there, even though I ran the custom scans.

    I followed the path (same as yours- under caches) to run the custom scans and they were completed with "no threats detected". However, as the custom scans were running the Mac antivirus application popped up with virus threats. But Sophos is not deleting them or recognizing them in the custom scans, even though they are in the quarantine.

    This virus is preventing me from adding new language levels from a CD (Rosetta Stone program). Any help would be greatly appreciated!

    :1003471
  • 0

    When running the custom scans, did you ensure "scan inside archives and compressed files" was checked under the Options tab?  Did you set "When a threat is found" to "Delete threat"?  These two items are required.  If you're cautious about direct deleting, you could select "Move threat" so that all the files end up in one easy to find location, where you can manually throw them in the trash yourself.

    However, if the scan is under caches, it is often easier just to manually toss your cache files in the trash, or even just restart your computer (The OS will clear many cache files as part of the restart process).  When you have completed these steps, the threats should be gone from the Quarantine.

    :1003477
  • 0

    I have followed Merril444 instructions on creating a custom scan and while I agree they are well written and easy to follow, unforunately they did not do the job. I have a Mac and for the best part of 3 years have had no problem with Viruses. Last weekend I received a junk email about a lottery win which I did not open and put to trash. Since then I have been flooded with large numbers of return mail advisories. I downloaded Sophos for Mac Home Edition and the scan shows 3 viruses which must be cleaned manually.

    Whren I fololwed above instructions, they took you to the Cache and I followed that without knowing what I was doing? if someone could help me with the file locations that would help as all of this is a mystery to me? I have i virus Mal/Generic-L File Path Volumes/My Book/Backups.backups.db......... (File FCrXML.dll) and 2 Virus Troj/Gida -A (Same File Path as above but File Gnida(1).SWF)

    If anyone can help this much appreciated

    Brian Armour

    :1004099