06-06-2011 08:35 PM
I'm a new user of both the iMac and SAV. I've picked up a OSX/FakeAV-DWN and OSX/FakeAVDl-A anti-malware.zip, but the Quarantine Manager doesn't tell me where they are located. Both need to be cleaned manually, but I don't know where they are.
Any advice or help would be greatly appreciated!
06-15-2011 11:42 PM
I have the exact same anti-malware that Gary has: OSX/FakeAV-DWN and OSX/FakeAVDl-A anti-malware.zip.
When I click on custom scans and then click on the +, nothing happens. No new windows open up. So now I'm stuck.
Anything else I can try?
Thanks so much!
06-16-2011 09:28 AM
If you've got the anti-malware.zip file and have not extracted it, there's no need to run a custom scan; just toss the file in the trash (it's located wherever your web browser downloads files to by default).
However, custom scans should work for you; clicking the + should open a dialog with Scan Name: and a highlighted field.
What version of OS X and Sophos Anti-Virus are you running?
06-16-2011 10:38 PM
Thanks for the response. I feel better knowing that without having opened the files I should be all good.
However, for future reference, I appreciate your follow up.
I downloaded Sophos yesterday - it's version 7.3, and Mac OS 10.5.8.
06-17-2011 09:05 AM
06-17-2011 10:23 AM
I had looked at that video before I posted on here but it didn't help because when I clicked the plus no new window opened up. I just tried it again and now a new window comes up. So strange! Anyway thanks for your help!
06-07-2011 09:08 AM
It appears you have a few things going on.
First, delivery failed messages are often sent when a spammer forges your email address as the From: address in their spam. It is likely that you are on a botnet's spamming list, so you are both getting hit with the spam and being abused as a fake sender.
Second, we'll need to know more about what malware is being flagged and where quarantine is finding it... but I suspect that it is indeed Windows malware that is showing up in your mail cache -- if you use webmail, it'll be showing up in your web cache when you load your inbox. It could also be drive-by java downloads that are in your Java cache folder.
The truth is, the majority of malware that will make its way onto your Mac is actually Windows malware and will not execute on your Mac. It is however still dangerous to any Windows machine you may communicate with, so it is best to clean it up.
06-08-2011 07:05 AM
I’m new to this too, Andrew. And you seem knowledgable. Of the 35 threats logged on my Quarantine page, most of the Path and Filenames begin with: /Volumes/Time Machine Backup/Backups.back...er.app/
I’ve managed to manually clean the threats from my Mac, but how do I clean the Time Machine? I can’t seem to access the paths.
06-08-2011 11:26 AM
The safest way to clean them from within Time Machine is to navigate to the point where they are detected within Time Machine. So, when viewing the full path, you look at the part beyond /Volumes/Time Machine Backup/Backups.backupdb/ to figure out where you should go. The next part of the path should be the name of your hard drive that's backed up.
Go into Time Machine, and havigate to the date indicated next in the file path, then the sub-path listed after that. Eventually you'll come to the file (listed here as "... er.app". Likely, this entire app is malicious. My guess is that this is MacDefender.app? If so, it will be found in the Applications folder.
Right click on the file, and select the menu item that says something like "remove all occurances" -- this will delete EVERY backup of that file from your Time Machine volume.
06-14-2012 10:52 AM
I'm using free Sophos 10.5 . It popped up on me detecting 23 virus threats (14 trojans and 9 mals, what ever that means)What's the difference between virus threat and an actual virus? In Quarantine Mgr I clicked the clean button. After scanning it said 'Clean Manually'. I don't understand what to do from there. The scan also combed through my hard drives. It took 18 hours to do so. I find that odd . There after, that scan said no virus' found. Very confusing. Can someone please advise/help me what to do from here. (please respond to email below)Thank You!