"Clean up" continuing forever with OSX/Jahlav-C

Question

Hi there,

Looks like I'm having a problem similar to many other users:

Sophos found OSX/Jahlav-C just by monitoring the system, but "clean up" runs forever (hours) without removing the item, and I have to force quit to exit Sophos when that happens. I have run the "clean up" with all internet browsers closed, but the same problem occurred.

Additionally, the file path is listed as "..." so I can't find out where the file would be to manually delete it.

Ran the Sophos system scan and it identified no problems. Also installed and ran Avira and Avast system scans and these identified no problems.

What can I do to clean up this trojan / why is Sophos QM misbehaving so?

Version 8.0.11

detection engine 3.40.1

threat data&colon; 4.86

Would really appreciate your help!

Josh

This thread was automatically locked due to age.

quicksilver28 · Accepted Answer

Hi all,

Figured out the issue here. The offending file, QuickTimeUpdater.dmg, was in a TimeMachine backup of a different computer (that did not have Sophos) but that was stored on an HD that was connected to the computer running Sophos. Not only was the HD not connected to the computer running Sophos while Sophos was trying to eliminate the file, but even when the HD was connected, the computer running Sophos did not have permissions to delete the offending TimeMachine backup file of the other computer. Once we reconnected the HD to the computer that owned the offending TimeMachine backup file, we were able to manually delete the offending file. So the file appears to have been removed.

This leads me to a second question re how to ensure that OSX/Jahlav-C has not done nasty things to the exposed computers. Will post that in a separate topic.

Josh