Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 15263 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Can't Manually Remove OSX/iWorkS-A Threat. How Can I Get Rid Of It?

MLN1963

My Mac was used with a lot of programs already installed and I always wondered if there was anything on it. Being a previous PC guy I have seen my fair share of bugs. I decided that even though I was on a Mac it was time to try an anti-virus program. Sophos came recommended so I installed it on my early 2009 iMac. I have upgraded the OS to Mountain Lion if that is important. 

I ran the program and had about 5 threats, most dealing with the Windows side of things. I don't have Windows installed so it wasn't a real worry and they were removed. I also had OSX/iWorkS-A (Adobe CS4 Master Collection.toast) and followed the instructions on the Sophos website to remove it (setting up a specific scan and then delete it). They were very basic and easy to do but the threat isn't being removed and is verified according to subsequent scans.

I am not a Mac genius by any stretch of the imagination so maybe you guys can help me out? 

Thanks in advance

Mark

:1012804


This thread was automatically locked due to age.
Parents
  • 0

    Hi Mark,

    Thanks for the screen shot, the first one was particularly useful as it explains what is going on.

    The scanner picked up the file inside "Adobe CS4 Master Collection.toast" which is actually a disk image (I believe its actually using the same ISO format as CDs or DVDs). The scanner only can read that file structure but cannot "edit" (delete) contents from it. We don't automatically delete the whole disk image because there might be other useful things contained inside.

    You have two choices: (1) just delete the whole archive (Adobe CS4 Master Collection.toast); or (2) decode the ISO to disk, let the scanner clean up the offending bits, then recreate the archive.

    You should restore the "Adobe CS4 Master Collection.toast" from a legitimate Adobe source and rescan. If it still gives the same detection then I'll need more details about how we can replicate your results (as it would suggest our detection is incorrectly firing on authentic Adobe software).

    Hope that helps.

    :1012836
Reply
  • 0

    Hi Mark,

    Thanks for the screen shot, the first one was particularly useful as it explains what is going on.

    The scanner picked up the file inside "Adobe CS4 Master Collection.toast" which is actually a disk image (I believe its actually using the same ISO format as CDs or DVDs). The scanner only can read that file structure but cannot "edit" (delete) contents from it. We don't automatically delete the whole disk image because there might be other useful things contained inside.

    You have two choices: (1) just delete the whole archive (Adobe CS4 Master Collection.toast); or (2) decode the ISO to disk, let the scanner clean up the offending bits, then recreate the archive.

    You should restore the "Adobe CS4 Master Collection.toast" from a legitimate Adobe source and rescan. If it still gives the same detection then I'll need more details about how we can replicate your results (as it would suggest our detection is incorrectly firing on authentic Adobe software).

    Hope that helps.

    :1012836
Children
No Data