Frustrated, please help me....Diz if you are there, if not someone with patience

According to Sophos' website Mal/phish-A "...attempts to steal personal information (for example login information, banking details or credit card numbers) by pretending to be a page belonging to a legitimate account provider but sending the details to a malicious or compromised website instead."

So it's not a file or code that runs on your computer.  Your Mac isn't infected (or even affected) by it.  It's simply a normal HTML webpage that when run in a web browser will look like a login screen for a bank - probably not even your bank. This is what phishing is.  If you use online banking AND as long as you type your bank's web address into the browser yourself: you're safe.

Where is the file ujbsqx.html located?  Open the Quarantine Manager, authenticate with the padlock, select the item, expand the 'Show Details' arrow and look at the 'Path and Filename' information - copy out all the fields it if posting back.

Sounds like it's an attachment to a mail (maybe in the Spam/Trash folder of your Mail application), however with the path I can't be sure.

If it is in the Mail app then your options are:

• Best option: Open the mail program and look for the email (with the offending attachment) and delete it.
• OR: from the quarantine manager click the 'Reveal in Finder' button and see if that leads you to the file.
• OR: from the quarantine manager click the 'Clean Up Threat' button and try that.

Note:  The recommend method is to try deleting the mail manually from the Mail application.  This does take longer and you do have to hunt around, but take the time to time this method first.  And also worth mentioning:  If the mail app is connecting to a web mail account the mail could be redownloaded from the server - hence you would need to login to the web mail in a browser and delete the mail from there (just adding this so you have all the possibilities).

If you do post back needing help please include a screenshot/full details of the 'Show Details' panel from the quarantine and say where the 'Reveal in Finder' button took you.

Good luck.

Dix,

Thank you for answering me!

I did two screen shots and when I tried to drag them over this is what I got....can you use these(is this what you wanted)??  One I beleive was a virus I was able to clean, but the other one I have to clean manualy, which concerns me.  I did ask Sandy this question but didn't receive an answer I copied and pasted the question here:

.....I clicked on the threat in the quarantine manager is that a problem when I do that??  Did I open the threat! and cause a problem on my computer??  At the bottom of the quarantine it says clear from list however; if I do won't it still be there in the computer!!??  Then at the bottom of the quarantine where it says clean up threat..it is not highlighted!!??  So don't know what to do to get rid of this threat!!??  Please help me here!!  I am afraid to click on anything.

The forum is just peer-to-peer (one user helping another) support and there isn't any remote support - sorry. :smileysad:

To display a screenshot you have to upload with the 'Attachments' option (below the reply editor), or upload it to a photo hosting service (like http://postimage.org for example) then post a link or insert it into a post with this button...

It's probably easier just to post the link though.

From the bit of the path posted...

backup.back..imapmbox attachment/38095/2/ujbsqx.html

 ...it seems the html file is in an email attachment (IMAP mailbox) in a a Time Machine backup.  Therefore this file isn't going to cause any problems - don't get frustrated over this.  I realize you want to get rid of it but there isn't a need to panic or rush.

Sophos have an article (118117) about removing files detected from Time Machine - scroll right to the bottom.  It explains what you should do.  Have a read through the whole process and then work through it step by step slowly so you don't skip a step etc.

To list all the options:

• Follow the instructions right at the bottom of the article linked above to locate the file and remove it.  Best option to try but it may seem too complicated
• Clear the item from the list (yes the file will be in the Time Machine backup but it's not hurting anything).  When scanning your Mac in the future exclude the back ups folder from the scan so it's not detected again - or just learn to ignore it and see it as a sign that 'Sophos is protecting me'.  Time Machine will keep backing up and eventually will overwrite the backup that contains the detected file.
• Delete all your back ups in Time Machine to blast away the problem.  If you have never used a Time Machine backup do you need to keep them?  It does mean you will lose all the back ups, but maybe that's ultimately the easier option to flush the file away?  You can immediately switch Time Machine back on and it'll start backing up again.

Hi Diz,

I tried to do an attachment and I received this message:  Needs the file does not have a valid extension for an attachment .jpg.gif  are the valid extention

If I don't do anything to delete the one that I need to do manually....will it infect emails that I send to people that have windows?

I really don't know anything about time machine.

I will be waiting to hear from you.

Thank you,

Darlene

From the bit of the path I've been able to see the file is locked up inside a Time Machine backup, inside your mail application, attached to an email - which I would guess is in your Trash folder.  The chances of it hurting anyone there is...none.

When you took the screenshot the file saved could have been missing a 'Windows friendly' extension.  Try this...

Open the quarantine manager, unlock the panel with the padlock, select the item and expand the 'Show Details' panel.  Then, to take a screenshot press and hold (in this order): Command + Shift + 4 + Space and then release.

The cursor changes to a camera and you can click the quarantine manager window.  The screenshot is saved to the desktop and can be uploaded to http://postimage.org/

Hi Diz,

I hope this works!!  

You are awesome...I really do appreciate all of your help!!

Let me know.  

Thank you,

Darlene

Sorry, hope what works?  And let you know what? 

Hi Diz,

I tried what you said to do photo shot in a camera mode like you showed me but I see now that it didn't work.  It was on my desk top and I dragged it and dropped it on the bottom in the attachment area, did I do that part right?

I tried it again and I received this message:

Please correct the highlighted errors and try again. The file does not have a valid extension for an attachment. jpg,gif are the valid extensions so I guess it didn't change it to a camera mode!??

So what do you think?

Having a problem posting I hope you are not getting this numerous times, if so I apologize.

Below the reply panel, under the heading 'Attachments', you should try clicking the 'Browse' button, navigate to the Desktop (if that's where the screenshot is) and attaching it that way - rather than dragging and dropping.

Let's recap:  getting the screenshot uploded is only so you can show all the mentioned paths start 'backup...'.  If that is true then you don't actually need to worry about the files.  You can clear the items from the quarantine manager and exclude the back up volume from future scans so they are not detected again.  See this recent post where I mention scanning the backup folder isn't required and the files cannot hurt the computer...

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Scan-never-completes/td-p/13371

Hi again Diz,

I did try to do it that way, and I get a snap shot of nothing!?? 

Recap.. this is to let you see the threat that I can't get rid of!!  So if I just CLEAR it will not be in my computer anymore!!??  If so then that's awesome and that's maybe what I should do!!??