Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 5199 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Having trouble figuring out the real problem - 1.8 million emails

bfdempsey

hello to anyone who can help me

 

We have a Mac mini running  OS 10.8.5 that has an email account that appears to be infected - during two days the email account used by this machine sent out 1.8 million emails. We received over 100,000 bounce messages. After a scan with Sophos it detected 32 threats. 5 of those threats were located in

 

/User/audrey2/Library/Containers/com.apple.FaceTime/Data/Mail/V2/...

 

I don't know the rest of the path - I am not totally familiar with the software yet.

 

The threats that were all found there are: Mal/Zbot-KR, Mal/DrodZp-A, BredoZp-B, Troj/Photo-Zip, Troj/Zbot-FXS

 

All the other Threats that were listed in the quarantine manager are on the time Machine.

 

I need some advice - I will clean what I can - and I believe the best idea is to  just erase the time machine and start over.

 

:1017637


This thread was automatically locked due to age.
Parents
  • 0

    SAV can read items in the Time Machine but cannot then get 'write' (delete) permissions.  Hence you end up with a load of failures.  I'd suggest excluding the Time Machine volume as this will speed up the scan.  Plus with the items being in a backup you'd have to restore the items and then click on then...and then have the on-access scanner off so they aren't detected, and even then the detections listed are Windows based so they wouldn't run on Mac OS X (they would run on Windows running on a Mac but not OS X itself).

    The videos below may be of help.

    For Time Machine detections see...

    For mail attachments see...

    :1017661

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    SAV can read items in the Time Machine but cannot then get 'write' (delete) permissions.  Hence you end up with a load of failures.  I'd suggest excluding the Time Machine volume as this will speed up the scan.  Plus with the items being in a backup you'd have to restore the items and then click on then...and then have the on-access scanner off so they aren't detected, and even then the detections listed are Windows based so they wouldn't run on Mac OS X (they would run on Windows running on a Mac but not OS X itself).

    The videos below may be of help.

    For Time Machine detections see...

    For mail attachments see...

    :1017661

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?