Whenever I do a full scan, Sophos finds the same two threats which need to be manually removed. The trouble is I can't find the location folder of these threats as whenever I search for the filename on my mac they just can't be found.
Does anyone know of a way I can find the path to where these threats are located so I can manually remove them?
Thanks
Colette :smileyvery-happy:
It's likely in your Java cache; when adding the folder to scan to your Custom Scan, navigate to /Users/<youraccount>/Library/Caches/Java/ and add that path. If this doesn't find it, try deleting everything in that folder from your Time Machine backup via the Time Machine interface (looks like a Finder window).
Searching these forums for Java will provide more detailed explanations if you're interested.
Hi,
A few day ago I had 10 threats. The file names were PP-0966.pptx. I found the location of 5 of the threats and created a custom scan and performed the cleanup operation first but as a second choice deleted the threat.
However, I still have 5 threats. They appear under Quaranteen Manager as:
Date Threat Filename Action Available
April 19, 2011 1:52 PM Mal/JavalmMa-A PP-00966.pptx Clean up manually
April 14, 2011 5:02 PM Mal/JavalmMa-A PP-00966.pptx Clean up manually
April 14, 2011 4:40 PM Mal/JavalmMa-A PP-00966.pptx Clean up manually
April 14, 2011 4:30 PM Mal/JavalmMa-A PP-00966.pptx Clean up manually
April 14, 2011 4:40 PM Mal/JavalmMa-A PP-00966.pptx Clean up manually
When I click on the first Threat the following comes up:
Threat: Mal/JavalmMa-A
Date: April 19, 2011 1:52 PM and April 20, 2011 10:47 PM
Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’’’’s iMac/2011-03-19-050524/Macintosh HD/Users/mmm108/Desktop/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]
Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup
instructions.
The other date April 14 2011 has the same path and Filename with different times.
My problem is that I cannot find these threats. If I put PP-00966 into my spotlight, I get nothing. I found the 5 threats by putting the filename into spotlight. I have a file called "badlist" which was used in finding and getting rid of the 145 threats that I initially had, but when I put these 2 files into a custom scan, they do not seem to be cleanedup or deleted.
Please advise me how I can get rid of these 5 threats. I hope that I have been clear in my problem. 4 of the 5 threats that I cleaned up or Deleted had the filename PP-00966.pptx, but possibly had different locations. One file if I remember correctly was a zip file, but I do not remember the exact name A-(some #'s zip or the zip before the #'s). Thank you very much.
These threats are not on your main drive; they're backed up in your Time Machine backup.
In Time Machine, select the date March 19, 2011 05:05 AM and navigate to Macintosh HD/Users/mmm108/Desktop/Reconstructed Files/Documents/Office/ and you'll find the file. Right/control click on the file to select it and bring up a contextual menu where you can delete all instances of this file within your Time Machine backup.
Thank you very much Andrew for your information on how to delete these 5 threats. 2 of the threats were deleted, but 3 remain. I will dilenate what each of these threats say for your opinion as there might be some slight difference that I do not detect. I did notice that there is a difference under
Threat Details
Threat: Mal/JavaImMa-A
Date : Apr 14, 2011 5:02 PM and Apr 21, 2011 8:47 PM
Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’’’’s iMac/2010-12-30-082602/Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]
Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.
#2
Threat: Mal/JavaImMa-A
Date : Apr 14, 2011 4:40 PM and Apr 21, 2011 8:27 PM
Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’’’’s iMac/2010-12-21-180005/Macintosh HD/Users/mmm108/Downloads/restore_2010_11_18_07_40_2662987/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]
Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.
#3
Threat: Mal/JavaImMa-A
Date : Apr 14, 2011 4:30 PM and Apr 21, 2011 8:18 PM
Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’’’’s iMac/2010-12-21-180005/Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]
Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.
Another question is how do I give Kudos? Thank you so much !!!!!
In Time Machine:
Date: 2010-12-30-0826
Path: Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/Office/
Date: 2010-12-21-1800
Path: Macintosh HD/Users/mmm108/Downloads/restore_2010_11_18_07_40_2662987/Reconstructed Files/Documents/Office/
Date: 2010-12-21-1800
Path: Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/
Remove them the same way as the others. The info is all in the path and filename info you provided below, if you find you have further issues like this in the future.
Also, please read these forums for how to perform manual cleanup... it's not as manual as it sounds. You just have to create a custom scan of the drive with the malicious files on it, and run the scan. However, when dealing with Time Machine, it's always safer to use the Time Machine interface if you can.
Hello Andrew and others:
I have read through all the discussions and they are insightful. But one piece of the puzzle is missing: how to do a Custom Scan. When my quarantine message comes up, the only triangle visible is yellow, with a broad base and pointed top. I click on that and nothing happens. Nowhere can I see lettering related to "Create Custom Scan", What am I doing wrong. Also, where is the log stored from past scans?
To get rid of 6 Trojans hiding under User/.../library/...java etc. I went into the appropriate folder. The file names I found were similar to those identified by Sophos, but not identical. Specifically, the first part of each filename matched what Sophos came up with; but the final string of letters and numbers was different. I assumed that these were the files Sophos identified as trojans and that it had changed their names to render them inactive -- which is I suppose that quarantine does. Then I moved them to the Trash and erased the trash.
Does that suffice or can the trojans escape erasing and reinfect other files?
I am a very simple user with a macbook pro. downloaded free home edition and found about 10 threats. I click the file name as instructed but that takes me to a SOPHOS page that purportedly has an 'action tab'. I cannot find the action tab. does it exist? can someone explain in simple terms what I need to do?
I cannot find the action tab
The layout of the Sophos site has recently been changed and the tab is gone. Its contents are now under Recovery Instructions:
Please see How to remove trojans, worms, and other malware ... for the general steps when dealing with threats and this post on manual cleanup.
Christian
I have just downloaded the Sophos free Mac home edition, and did a scan of all drives. Since there were more than 7,000,000 locations, it took some hours to execute. The result is that I have 103 threats. When I click on the threat in the Quaranteen Manager, it opens my web browser to bring me to the Sophos page realted to the particular threat. However, scrolling down, I see in bold title: Affected Operating Systems: Windows. Since I am using the Mac OS 10.5.8 it does not seem to be necessary to delete these "threats" since they can only threaten Windows operating systems. Yesterday, i called a Mac specialists in my area and he said that none of these threats affect my OS. It seems illogical and a great waste of time to hunt down and delete a threat that does not affect my computer. Am I correct to ignore these threats?
Thanks
Ron
