DELETING A THREAT MANUALLY - FINDING THE THREAT

Me too!  I have the Mal/EncPk-FX and the location says Setup_418.exe...  How in the world do you find those files?  I was using Finder, maybe I'm looking in the wrong place.  Windows use to have the choice of looking in "hidden files."  Is there a hidden file in iMac?

Collette, If you open the "Quarentine Manager"  at the bottom, it says threat details.  Don't click on the name, but if you click on the "symbol" beside it, it will tell you where the threat lies.  I still cannot find it though.  You probably already knew that.  I did locate the "hidden files" options in Finder preferences.  Still to no avail.

Sherrie

i am having a similar problem... under actions, all 6 of my threats say "clean up manually," and below in the details it says, "The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions."

i did that, it took me to the sophos support site, and took me to a page that had a link to here (http:/ /www. sophos. com/ support/ knowledgebase/ article/ 112129.html). under the mac os x instructions, further down the list it says:

1. If there are any threats for which the action available is 'Clean up manually', create a custom scan.
2. Select the areas where the remaining threats reside and add these to the Scan Items.
3. In the Options tab, select 'Delete threat' from the drop down menu.
4. Click Done.
5. Run the scan.

If the file is javasomethingsomething##, it's likely in the java cache, which is where Java stores its temp files downloaded from the internet.  These files can be deleted with no worries as they're just cache files.  Searching for these files with Spotlight won't show anything because Spotlight doesn't index your cache folders by default.  Running locate from the terminal might find it, but that depends on whether the cache file was around the last time the locate index was updated.

To answer your other question, cleanup depends on what kind of malware you're dealing with and how it's installed.  For cache files like your instance, deleting is just as effective as "cleaning it up" (and is, in fact, the same thing -- not to be confused with putting the item in the trash).  For file infectors, cleanup actually removes the malicious code from the infected file.  For multi-part malware, cleanup often cleans up multiple support files as well as deleting the bad files.

You don't have to specify the exact location (file) in the custom scan, part of the path is sufficient (indeed anything "higher up" including all of your Mac will work although scanning will take significantly longer). So in your example adding (user)/(folder)/(library)/ will do (and even if you can't find the item easily  the custom scan will as did the one which originally found the threat).

HTH

Christian 

I'm having the same problem. I have an Imac. I'm running your free Home edition. I've done the following many times.

1. I run "scan local drives".

2. I go to "Quarantine Manager" and find 145 threats. I have gone each threat and they are all "windows" affected

operating systems.

3. At the bottom in the rectangular box it gives the threat in blue Troj/JavaDI-X, the Date, Path and filename: /Volumes/…/restore_2010_11_18_07_40_2663033.tar [Volumes/…/Sc/GoogleUploader.class]

4. Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.

5. I click on the threat file name in blue:

6. I click on "instructions for removing the threat" in blue

7. I click on "Instructions for removing trojans"

8. I go to #11 under Mac OS computers which says to create a custom scan.

9. How do I "Select the areas where the remaining threats reside and add these to the Scan Items."

How, where do I find: "/Volumes/…/restore_2010_11_18_07_40_2663033.tar [Volumes/…/Sc/GoogleUploader.class]" and place this virus in the box to scan?

All of these threats are located on my External Hard Drive.

Thank you.

Hello Steven,

as I said in my post, any partial path containing the threats will suffice - you can even select just the external drive. Of course a more specific path will decrease the time required for the scan but it won't affect the results (unless you just want to some of the threats but not others). 

Christian

Thank you Christian for your reply, but I still do not see what I need to do to get rid of these threats. It is not clear to me where I should go or what I should do. I'm sorry that I do not understand your instructions. Do I go to my hard disk and search for the file which by the way I've already done, but without success? I'm missing something. Its obvious to you, but I'm still not getting it. Thanks so much.

1. Open Sophos Anti-Virus
2. A window opens with SOPHOS across the top and Scan Local Drives underneath
3. At the bottom right is an Open Quarantine Manager... button
4. At the bottom left is a triangle next to Custom Scans
5. Click the triangle
6. The Custom Scan part of the window expands
7. Click the + at the bottom left
8. Name the scan in the Scan Name field
9. Click the + at the bottom left
10. Select your external drive
11. Click the Open button
12. Click the Done button
13. Click the "Play >" button on the custom scan you created
14. Follow the cleanup instructions you already have.

I'm still having problems.

1. I did not find the open file, but I clicked done in the expanded menu. in #4 of your instructions:

" the bottom lect is a triangle next to Custom Scans." What is lect? I named the scan in the scam name field as Infected files, but its just a name I thought up. What are the clean up instructions that I already have? I'm sorry that I just do not get your instructions. Thank you very much for your help!