Hi,

A few day ago I had 10 threats. The file names were PP-0966.pptx. I found the location of 5 of the threats and created a custom scan and performed the cleanup operation first but as a second choice deleted the threat.

However, I still have 5 threats. They appear under Quaranteen Manager as:

Date                                         Threat                                    Filename                          Action Available

April 19, 2011 1:52 PM        Mal/JavalmMa-A                    PP-00966.pptx                   Clean up manually

April 14, 2011 5:02 PM        Mal/JavalmMa-A                    PP-00966.pptx                   Clean up manually

April 14, 2011 4:40 PM        Mal/JavalmMa-A                    PP-00966.pptx                   Clean up manually

April 14, 2011 4:30 PM        Mal/JavalmMa-A                    PP-00966.pptx                   Clean up manually

April 14, 2011 4:40 PM        Mal/JavalmMa-A                    PP-00966.pptx                   Clean up manually

When I click on the first Threat the following comes up:

                   Threat:     Mal/JavalmMa-A 

                      Date:     April 19, 2011 1:52 PM and April 20, 2011 10:47 PM

Path and Filename:     /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’s iMac/2011-03-19-050524/Macintosh HD/Users/mmm108/Desktop/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class] 

    Action Available:     The threat cannot be cleaned up. Please click the threat name above for manual cleanup

instructions.

The other date April 14 2011 has the same path and Filename with different times.

My problem is that I cannot find these threats. If I put PP-00966 into my spotlight, I get nothing. I found the 5 threats by putting the filename into spotlight. I have a file called "badlist" which was used in finding and getting rid of the 145 threats that I initially had, but when I put these 2 files into a custom scan, they do not seem to be cleanedup or deleted.

Please advise me how I can get rid of these 5 threats. I hope that I have been clear in my problem. 4 of the 5 threats that I cleaned up or Deleted had the filename PP-00966.pptx, but possibly had different locations. One file if I remember correctly was a zip file, but I do not remember the exact name A-(some #'s zip or the zip before the #'s).  Thank you very much.

These threats are not on your main drive; they're backed up in your Time Machine backup.

In Time Machine, select the date March 19, 2011 05:05 AM and navigate to Macintosh HD/Users/mmm108/Desktop/Reconstructed Files/Documents/Office/ and you'll find the file.  Right/control click on the file to select it and bring up a contextual menu where you can delete all instances of this file within your Time Machine backup.

Thank you very much Andrew for your information on how to delete these 5 threats. 2 of the threats were deleted, but 3 remain. I will dilenate what each of these threats say for your opinion as there might be some slight difference that I do not detect. I did notice that there is a difference under

Threat Details

                    Threat: Mal/JavaImMa-A

                      Date : Apr 14, 2011 5:02 PM and Apr 21, 2011 8:47 PM

Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’s iMac/2010-12-30-082602/Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]

    Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.

#2

                    Threat: Mal/JavaImMa-A

                      Date : Apr 14, 2011 4:40 PM and Apr 21, 2011 8:27 PM

 Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’s iMac/2010-12-21-180005/Macintosh HD/Users/mmm108/Downloads/restore_2010_11_18_07_40_2662987/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]

     Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.

#3

                    Threat: Mal/JavaImMa-A

                      Date : Apr 14, 2011 4:30 PM and Apr 21, 2011 8:18 PM

 Path and Filename: /Volumes/External Firewire Drive/Backups.backupdb/Steven Meyer’s iMac/2010-12-21-180005/Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/Office/PP-00966.pptx [vmain.class]

      Action Available: The threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions.

Another question is how do I give Kudos? Thank you so much !!!!!

In Time Machine:

Date: 2010-12-30-0826

Path: Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/Office/

Date: 2010-12-21-1800

Path: Macintosh HD/Users/mmm108/Downloads/restore_2010_11_18_07_40_2662987/Reconstructed Files/Documents/Office/

Date: 2010-12-21-1800

Path: Macintosh HD/Users/mmm108/Desktop/Volumes/External Firewire Drive/ Data Recovered By Union Square Computer Repair/Recovered Files/Scan 5/Reconstructed Files/Documents/

Remove them the same way as the others.  The info is all in the path and filename info you provided below, if you find you have further issues like this in the future.

Also, please read these forums for how to perform manual cleanup... it's not as manual as it sounds.  You just have to create a custom scan of the drive with the malicious files on it, and run the scan.  However, when dealing with Time Machine, it's always safer to use the Time Machine interface if you can.

When I click on the blue threat I get a page that says safari cannot connect to the server.

First off: Nice software... It found a Windows virus in a Zip file on my Bootcamp partition that Microsoft AV ignored.

My only concern is how Sophos truncates the location of the file when malware is found.  Sophos needs to fix this in future versions!  I need to see the the complete path, or simply a way to open the enclosing folder to remove the file.  If the file is buried deep in the system, as this file was, there is no way to find it if Sophos cannot quarantine it, save for running a very long scan or doing the work-arounds listed here.

Good:  Excellent malware detection

Fail:  Removing the malware.  Not Mac-like in simplicity.

I'm using a MacBook Pro, OS 10.6.6. Saphos detected two viruses (Mal/Generic L, Mal/TDSSPack-Z) in .exe files in the backup files (Time Machine). Full scan stated to do a manual clean up. I've run custom scans multiple times using both the folders that the files were in as well as targeting the specific files. I've chosen the option to "delete files." Still, the files are there and the custom scans continue to tell me that threats were found. They are not cleared from the Quarantine Manager or from the listing of current threats. Virus Barrier X6 did not recognize them when I ran that. Please tell me how to get rid of them so that I can run boot camp and install Windows without existing threats.

I have a similar problem on an older macbook running OS X 10.4.11. Sophos found a trojan horse which needs to be deleted manually. , It doesn't show the complete path and spotlight can't seem to find the file. I ran a custom scan to find and delete. It found 1 threat, but when I open Quarantine Manager, no threat shows up on that screen.

I think I'll try starting this machine up in target mode and running the scan from my new macbook pro 13", running OS X 10.6.6.

The complete path to the threat can be found in the scan log.