Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 13849 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac Fails to Delete Malphish-A

budgie

I have just installed Sophos and did a full scan I did not think it detected anything but later when I restarted the computer said there was a virus called Malphish-A  it says that the threat can be cleaned up so when I try to do this it just keeps running and  nothing happens, there is nothing written next to it either in the path and file name in the original location so I obviously cannot Manually deleted it

If restart the computer it just finds it again I would  appreciated any help as I have no idea how to deal with this 

 

Many thanks

 

Barry

:1014803


This thread was automatically locked due to age.
  • 0

    I'm guessing, but if cleanup is having a problem the threat maybe located in a backup or a mailbox.

    Where is the threat located?  Can you see part of a path in the Quarantine Manager?

    :1014805
  • 0

    Hi Ruckus as I said they are no parths written next to it at all in the quarantine  manage rI also thought it may be something to do with a backup as I originally had a had an external hard drive attached I have however disconnected this now and yet every time I restart the computer it still find finds  the virus  !I

    Any Ideas ?

    Barry

    :1014807
  • 0

    Open Console and have a look through the Sophos Anti-Virus logs for a mention of the threat - you can filter in the top right if required.

    Example:

    2013-12-04_18-43-54.png

    :1014811
  • 0

    All that is in there is this !!!

    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.autoupdate: Sophos Anti-Virus is up to date

    :1014813
  • 0

    Hmmm.  Nothing in any of the logs?

    Can you screenshot what you see (alert, expanded Quarantine Manager window)?

    When does the alert appear?  Straight after a reboot and login or when opening a particular application or folder?  If you can narrow down when and what may be triggering the alert that would help.

    If the alert appears on login does your user account have anything particular listed to start on login under 'System Preferences' | 'Users & Groups' | Select your account | Select the 'Login Items' tab.  Example:

    2013-12-04_19-23-52.png

    When you did a full scan, did you perform a full scan of the entire computer, with no exclusions set and include compressed files?  To scan inside compressed files ensure the option shown below is checked.

    2013-11-14_19-42-44.png

    Finally I suggest running another scan ('Scan This Mac' with no exclusions and compressed files checked) and see if it returns something this time.

    :1014817
  • 0

    Similar post from March 2012: http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Mal-Phish-A-recurring-on-Mac-Help-on-permanent-removal/td-p/5617

    In that case it was an email.  When the mail application opened the alert appeared (the connection was IMAP in that case).  Logging into web mail and clearing up spam emails was the solution.

    You could open mail and check through your spam folder.  Example:

    Screen Shot 2013-12-04 at 19.41.49.png

    :1014821
  • 0

    Hi Ruckus s thanks very much forg giving me so many informative replies

    I have had another look and it seems there is a log  i didnt see there is also another virus which didnt really bother me as it is a windows executable i have sent you a screenshot  which says it has been detected and access to the file is denied not where it is, should i  just run a scan again ?

    Barry

    :1014823
  • 0

    May help to run another scan - and it won't hurt.

    If you have your mail app set up (possibly with an IMAP connection) I'd highly recommend check through it's spam/junk folder and see if the alert appears again as you click through the messages and/or deleting the messages - you may want to do this through a web browser connected to your webmail so when you delete them they are definitely gone.

    The threat is definitely transient (there for a split second and then gone again) and hence I'm leaning towards it not really being on your computer and hence a mail connection to webmail would explain it.

    :1014827