12-27-2010 12:07 PM
I would appreciate help with a problem identified when I did a
scan using the free Sophos Anti-Virus for IMac Home Edition that
uses Mac OS X 10.5. The scan detected Mal/EncPk-LF threat and
the action advised was to "clean up manually" by creating a
custom scan, but I cannot figure out how to do that.
Herbert Marx (email@example.com)
Solved! Go to Solution.
12-27-2010 12:52 PM
Go to the icon and right click on it and open sophos AV. Then on the bottom left is some writing with "Custom Scans" Click on that and then on the + sign and then choose the location where the threat is, or folder.
Give that a try, never had to do it before, but just had a play with it. If I am wrong I am sure someone will put me right.
12-31-2010 09:34 AM
Does anyone have any experience removing a threat that has been backed up by Time Machine?
Prior to installing Sophos, I must have picked up a virus and backed it up. The Sophos scan now has seen that and tells me that I need to remove it manually. However, trying to find it is next to impossible, especially since the Quarantene Manager does not give me the full path, AND it doesn't give me any idea of which backup file it is in. I am really frustrated.
01-02-2011 10:54 AM - edited 01-02-2011 02:16 PM
John I am having a similar problem trying to remove a MAL/Phish-A file from my Time Machine backups I installed and ran Sophos for MAC anti-virus for the first time yesterday and it detected 3 Trojans in my Library/Caches/Java on the local HD in addition to the MAL/Phish-A on TIme Machine. All 4 indicated they needed to be cleaned manually so I ran an initial custom scan just of the local hard drive to delete the 3 Trojans which were successfully removed.
I have not yet been successful in removing the MAL file however from Time Machine. In my first attempt I ran a scan only on the most recent backup volume so I could filter down to the actual path of the Library/Mail/Sent folder. Even though I had selected the Delete action in the Options dropdown the completed scan indicated that the file was detected but "Threat not deleted because cleanup is available". This is in spite of the fact that the Quarantine Manager indicated the file must be cleaned manually.
After puzzling over this I ran the scan a second time this time selecting CLEAN from Options and an additional dropdown appeared asking what action I wanted if the clean failed...so I selected DELETE in the second option box. This scan also failed to remove the MAL file but when checking the scan log it indicated "Failed to clean up threat" "Issue deleting threat".
So not knowing if the "issue" is because I was trying to selectively scan only the folder where the file resided in a single backup volume, I am now running a complete scan of my entire Time Machine drive (1.7 million files) and have selected both the CLEAN and then DELETE options. The scan has been running since 4am and has only 250,000 files to go so I will let you know if it is successful in removing the MAL/Phish-A in all occurences on the Time Machine. If it again finds an "issue deleting threat" I will have to appeal to SOPHOS support moderators here or anyone else who has successfully removed infected files from Time Machine.
UPDATE: My total Time Machine scan completed finally but was again unable to clean or delete the detected MAL file. I then decided to try to use the "Move" function and created a folder on the Time Machine drive specifically for infected files. I ran a custom scan only of the folder containing the detected file and selected Clean and then Move options. The scan failed to clean and reported an "issue moving threat". So the file was not moved.
I read up on how to delete files from Time Machine directly using only the Time Machine interface but even that would not work as expected. I could not pull up any context menu where I could select the option to "delete all backups" of the selected offending file even though Apple Support indicated it should work.
So after reading a few more posts here and making sure my Sophos was set for On Access Mode, I have decided for now to let the Mal file sit out on Time Machine and will just be careful never to recover that file. I did a fresh Time Machine backup of my clean MAC HD and verified that the offending file is no longer to be found in that copy. At this point my assessment is that Time Machine is not allowing SAV to remove any backup files. I do get the SAV Detection Alert screen everytime I access the file in Time Machine but unfortunately that is all that can be done at the moment to my knowledge.
01-04-2011 12:28 PM
Have you been able to locate the infected files in your Time Machine "Finder" window? Once you do this, you should be able to control/right click on the file and select "Delete All Backups of 'infectedfile.app'", then Click OK when it warns you you can't undo.
10-09-2011 11:12 PM
Thanks for your tip. I located one of my backup files in Time Machine; created a Custom Scan and ran it .
It detected the threats but did not delete them despite being asked to do this in the drop down menu. Gertting there little by little but it seems a long and winding road? Any experience with this?
12-17-2011 12:15 AM
My Time Machine does nothing when I right-click or control-click. Super frustrating. Anyone know how to get around this? I tried looking in Apple forums, but found nothing.
12-19-2011 11:52 AM
I'll try a step-by-step, and we can see where your setup fails:
04-18-2012 08:46 AM
I read your post with interest. I ran a scan for the first time yesterday. Came up with a trojan virus in my time machine, it said and also in mail somewhere. I did see that this is a windows virus. I guess it must be imbedded in some email somewhere, but I just don't know how to find it anyway. It sounds like some of these are not removeable (I got the same message it has to be manually removed,) and I am assuming (hopefully correctly) that it is harmless to my Mac. I don't think I want to waste anymore time with this, so for now I'm going to let it go as well.
04-23-2012 05:50 PM
Having completed a scan I was presented with a window telling me I had two bad files in quarantine manager, and that I was to remove them manually. How do I do that? The Clean Up Threat button is not live, even after opening the lock.