11-30-2010 12:30 PM
Whenever I do a full scan, Sophos finds the same two threats which need to be manually removed. The trouble is I can't find the location folder of these threats as whenever I search for the filename on my mac they just can't be found.
Does anyone know of a way I can find the path to where these threats are located so I can manually remove them?
12-01-2010 09:00 AM
Me too! I have the Mal/EncPk-FX and the location says Setup_418.exe... How in the world do you find those files? I was using Finder, maybe I'm looking in the wrong place. Windows use to have the choice of looking in "hidden files." Is there a hidden file in iMac?
12-01-2010 09:29 AM
Collette, If you open the "Quarentine Manager" at the bottom, it says threat details. Don't click on the name, but if you click on the "symbol" beside it, it will tell you where the threat lies. I still cannot find it though. You probably already knew that. I did locate the "hidden files" options in Finder preferences. Still to no avail.
12-01-2010 06:24 PM
i am having a similar problem... under actions, all 6 of my threats say "clean up manually," and below in the details it says, "The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions."
i did that, it took me to the sophos support site, and took me to a page that had a link to here (http:/ /www. sophos. com/ support/ knowledgebase/ article/ 112129.html). under the mac os x instructions, further down the list it says:
12-01-2010 10:11 PM
If the file is javasomethingsomething##, it's likely in the java cache, which is where Java stores its temp files downloaded from the internet. These files can be deleted with no worries as they're just cache files. Searching for these files with Spotlight won't show anything because Spotlight doesn't index your cache folders by default. Running locate from the terminal might find it, but that depends on whether the cache file was around the last time the locate index was updated.
To answer your other question, cleanup depends on what kind of malware you're dealing with and how it's installed. For cache files like your instance, deleting is just as effective as "cleaning it up" (and is, in fact, the same thing -- not to be confused with putting the item in the trash). For file infectors, cleanup actually removes the malicious code from the infected file. For multi-part malware, cleanup often cleans up multiple support files as well as deleting the bad files.
12-02-2010 12:40 AM
You don't have to specify the exact location (file) in the custom scan, part of the path is sufficient (indeed anything "higher up" including all of your Mac will work although scanning will take significantly longer). So in your example adding (user)/(folder)/(library)/ will do (and even if you can't find the item easily the custom scan will as did the one which originally found the threat).
12-10-2010 04:27 AM
I'm having the same problem. I have an Imac. I'm running your free Home edition. I've done the following many times.
1. I run "scan local drives".
2. I go to "Quarantine Manager" and find 145 threats. I have gone each threat and they are all "windows" affected
3. At the bottom in the rectangular box it gives the threat in blue Troj/JavaDI-X, the Date, Path and filename: /Volumes/…/restore_2010_11_18_07_40_2663
4. Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.
5. I click on the threat file name in blue:
6. I click on "instructions for removing the threat" in blue
7. I click on "Instructions for removing trojans"
8. I go to #11 under Mac OS computers which says to create a custom scan.
9. How do I "Select the areas where the remaining threats reside and add these to the Scan Items."
How, where do I find: "/Volumes/…/restore_2010_11_18_07_40_2663033.tar [Volumes/…/Sc/GoogleUploader.class]" and place this virus in the box to scan?
All of these threats are located on my External Hard Drive.
12-10-2010 05:25 AM
as I said in my post, any partial path containing the threats will suffice - you can even select just the external drive. Of course a more specific path will decrease the time required for the scan but it won't affect the results (unless you just want to some of the threats but not others).
12-10-2010 06:06 AM
Thank you Christian for your reply, but I still do not see what I need to do to get rid of these threats. It is not clear to me where I should go or what I should do. I'm sorry that I do not understand your instructions. Do I go to my hard disk and search for the file which by the way I've already done, but without success? I'm missing something. Its obvious to you, but I'm still not getting it. Thanks so much.
12-10-2010 09:49 AM - edited 12-11-2010 03:35 PM