Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 2063 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cannot clear threat

vicky_s

Hi. I'm new to Sophos. I installed it today for the first time on my MACBook Pro. I run a complete scan and it came up with with a message "one threat detected". Following the web site instructions, I pressed quarantine manager and then the lock, which asked for my system password. Fine so far, but there is no threat shown in that window, so I cannot clean up anything. As I am new to Sophos, is there something I missed please? Why doesn't it show the file(s) which are infected? How can I clean up the threat? Please help.

Thanks

:1007903


This thread was automatically locked due to age.
  • 0

    If there's no longer anything shown in the Quarantine Manager, that means the threat is also gone.  Likely it was in a web cache file or email attachment that has since been removed from your computer.

    If it's not in the Quarantine Manager, you can assume that it's no longer a threat to your system.

    :1007909
  • 0

    I installed Sophos last night; scanned my iMac system; and it detected 2 threats.

    They are: W32/Gamarue-R associated with filename Fire Safety Guidance.pdf.zip; and Troj/Agent-VRM associated with filename EPS0093.zip

    I selected the Clean Up Threat button for each item and received the same response on both.

    Action Available: Cleanup of the threat was not successful. You must clean it up manually.

    Any idea how one goes about doing that? Granted, both files are located within my Time Machine Backups and perhaps that is preventing the application from cleaning the threat?

    /Volumes/Time Machine Backups/Backups.backupdb/iMac/2012-05-10-235939/Macintosh HD/Users/username/Library/Containers/com.apple.Preview/Data/Library/Mail/V2/IMAP-emailaddress@email.com@imap.mail.email.com/Bulk Mail.mbox/02BE9FFC-1BA7-4A6F-BE6E-FCEFB2A5AF68/Data/6/Attachments/6222/2/Fire Safety Guidance.pdf.zip

    /Volumes/Time Machine Backups/Backups.backupdb/iMac/2012-05-10-235939/Macintosh HD/Users/username/Library/Containers/com.apple.Preview/Data/Library/Mail/V2/IMAP-emailaddress@email.com@imap.mail.email.com/Bulk Mail.mbox/02BE9FFC-1BA7-4A6F-BE6E-FCEFB2A5AF68/Data/6/Attachments/6154/2/EPS0093.zip

    I appreciate whatever insight anyone can provide. Thanks

    :1007919
  • 0

    The threat cannot be cleaned up because both items are found within Zip archives (we don't touch archives by default, as they could also contain legitimate files), and furthermore the archives are located on a backup volume (we're very careful about modifying data on backup volumes).

    Your best bet is t:

    1) Go to your Time Machine Preferences, and exclude /Macintosh HD/Users/username/Library/Containers/com.apple.Preview/Data/Library/Mail/V2/IMAP-emailaddress@email.com@imap.mail.email.com/Bulk Mail.mbox

    (this way, you're not backing up your spam)

    2) navigate to that location in your Time Machine backup, right click Bulk Mail.mbox and delete ALL backups.

    The good news is that your spam filter already seems to have detected that the malware was in a suspect email.

    :1007933