DELETING A THREAT MANUALLY - FINDING THE THREAT

Lect is a typo, now fixed.

If you named the scan in the scan name field, then you already clicked the triangle to open the custom scan part of the window.

I'll provide simplified instructions instead of step-by-step instructions:

What was already discussed in this thread by you and others is that in order to delete the threat, you need to do a custom scan instead of a "scan local drives" scan.  This means you need to create a new custom scan which will show up in the Custom Scans pane.  You can name this whatever you want; it just has to be scanning the area where the file is located.  Since you know the file is on your external volume, when creating your custom scan, you need to follow steps 9 through 12 in my previous instructions.  If you skip this step and only create a custom scan, you will be scanning nothing, which will, of course, turn up 0 results.

So now that you've got a custom scan created, follow steps 9 through 12.  The scan should again detect the malware just as the Local Drives scan did, but now you should have an option to clean up -- which just does a secure delete of the file (it doesn't get thrown in the trash).

If you'd prefer to do it yourself manually, you need to check the scan log in the Console.app and copy the full path to the file, and either do Finder -> Go... -> Go To Folder... and paste it in (without the filename), then select the file and throw it in the trash, or use Terminal.app and run rm -r <path/and/filename> to delete it.  These methods involve increasing complexity and both accomplish the same thing as a custom scan and clean.

Thank you again Andrew,

Are steps 9-12 

• 9 Click the + at the bottom left
• 10 Select your external drive
• 11 Click the Open button
• 12 Click the Done button  ?

 or are they a different steps 9-12? If they are different please tell me what they are as I've lost them.

• 14. Follow the cleanup instructions you already have. What are the clean up instructions that I already have?  Thank you so much for your help.

---

Sophosm3 wrote:

Thank you again Andrew,

Are steps 9-12 

• 9 Click the + at the bottom left
• 10 Select your external drive
• 11 Click the Open button
• 12 Click the Done button  ?

 or are they a different steps 9-12? If they are different please tell me what they are as I've lost them.

• 14. Follow the cleanup instructions you already have. What are the clean up instructions that I already have?  Thank you so much for your help.

---

Yes, these are the steps 9-12 you are looking for.

See your own post:

7. I click on "Instructions for removing trojans"

8. I go to #11 under Mac OS computers which says to create a custom scan.

9. How do I "Select the areas where the remaining threats reside and add these to the Scan Items."

I take it from this that you were already reading the instructions (point 14).  Steps 9-12 answer your question 9.

I have a Mal/Generic-L threat in "setup.exe,..." and the same threat in "toolbr.exe".  I have a threat, Troj/BadBean-A in 2bbf6c6d. iI follow all of the steps. when I hit the plus sign to do the search, and select my hard drive as the place to search, numerous items come up insetup.exe.  Nothing comes up in toolbr.exe.  One item comes up for the group of numbers and letters.

The finder finds nothing for toolbr.exe.  It finds many for setup.exe.  It finds one for 2bbf6c6d.  I

I have added the one with all the numbers and letters, and the Aol toolbar which is the closest I could find.  I am afraid to add all the setup.exe items because maybe some of them are necessary, uninfected, and I don't want them deleted.   I have selected 'Delete Threat" in the options.  the custom scan runs quickly when I start it, but it finds no threat even the the whole system scan found threats.

What am I doing wrong?

I have a Mac.

First off: Nice software... It found a Windows virus in a Zip file on my Bootcamp partition that Microsoft AV ignored.

My only concern is how Sophos truncates the location of the file when malware is found.  Sophos needs to fix this in future versions!  I need to see the the complete path, or simply a way to open the enclosing folder to remove the file.  If the file is buried deep in the system, as this file was, there is no way to find it if Sophos cannot quarantine it, save for running a very long scan or doing the work-arounds listed here.

Good:  Excellent malware detection

Fail:  Removing the malware.  Not Mac-like in simplicity.

Friend wrote program to delete the threats manually and I'm threat free now. Thanks

I'm using a MacBook Pro, OS 10.6.6. Saphos detected two viruses (Mal/Generic L, Mal/TDSSPack-Z) in .exe files in the backup files (Time Machine). Full scan stated to do a manual clean up. I've run custom scans multiple times using both the folders that the files were in as well as targeting the specific files. I've chosen the option to "delete files." Still, the files are there and the custom scans continue to tell me that threats were found. They are not cleared from the Quarantine Manager or from the listing of current threats. Virus Barrier X6 did not recognize them when I ran that. Please tell me how to get rid of them so that I can run boot camp and install Windows without existing threats.

I have a similar problem on an older macbook running OS X 10.4.11. Sophos found a trojan horse which needs to be deleted manually. , It doesn't show the complete path and spotlight can't seem to find the file. I ran a custom scan to find and delete. It found 1 threat, but when I open Quarantine Manager, no threat shows up on that screen.

I think I'll try starting this machine up in target mode and running the scan from my new macbook pro 13", running OS X 10.6.6.

The complete path to the threat can be found in the scan log.