Go to the icon and right click on it and open sophos AV.   Then on the bottom left is some writing with "Custom Scans"    Click on that and then on the + sign and then choose the location where the threat is, or folder.   

Give that a try, never had to do it before, but just had a play with it.  If I am wrong I am sure someone will put me right.

Good luck.

Rollers

Greetings ... 

Does anyone have any experience removing a threat that has been backed up by Time Machine?

Prior to installing Sophos, I must have picked up a virus and backed it up.  The Sophos scan now has seen that and tells me that I need to remove it manually.  However, trying to find it is next to impossible, especially since the Quarantene Manager does not give me the full path, AND it doesn't give me any idea of which backup file it is in.  I am really frustrated.  

John

John I am having a similar problem trying to remove a MAL/Phish-A file from my Time Machine backups  I installed and ran Sophos for MAC anti-virus for the first time yesterday and it detected 3 Trojans in my Library/Caches/Java on the local HD in addition to the MAL/Phish-A on TIme Machine.  All 4 indicated they needed to be cleaned manually so I ran an initial custom scan just of the local hard drive to delete the 3 Trojans which were successfully removed. 

I have not yet been successful in removing the MAL file however from Time Machine.  In my first attempt I ran a scan only on the most recent backup volume so I could filter down to the actual path of the Library/Mail/Sent folder.  Even though I had selected the Delete action in the Options dropdown the completed scan indicated that the file was detected but "Threat not deleted because cleanup is available". This is in spite of the fact that the Quarantine Manager indicated the file must be cleaned manually.

After puzzling over this I ran the scan a second time this time selecting CLEAN from Options and an additional dropdown appeared asking what action I wanted if the clean failed...so I selected DELETE in the second option box.  This scan also failed to remove the MAL file but when checking the scan log it indicated "Failed to clean up threat"  "Issue deleting threat".

So not knowing if the "issue"  is because I was trying to selectively scan only the folder where the file resided in a single backup volume, I am now running a complete scan of my entire Time Machine drive (1.7 million files) and have selected both the CLEAN and then DELETE options.  The scan has been running since 4am and has only 250,000 files to go so I will let you know if it is successful in removing the MAL/Phish-A in all occurences on the Time Machine.  If it again finds an "issue deleting threat"  I will have to appeal to SOPHOS support moderators here or anyone else who  has successfully removed infected files from Time Machine.

UPDATE:  My total Time Machine scan completed finally but was again unable to clean or delete the detected MAL file.  I then decided to try to use the "Move"  function and created a folder on the Time Machine drive specifically for infected files.  I ran a custom scan only of the folder containing the detected file and selected Clean and then Move options.  The scan failed to clean and reported an "issue moving threat".  So the file was not moved.

I read up on how to delete files from Time Machine directly using only the Time Machine interface but even that would not work as expected. I could not pull up any context menu where I could select the option to "delete all backups"  of the selected offending file even though Apple Support indicated it should work.

So after reading a few more posts here and making sure my Sophos was set for On Access Mode, I have decided for now to let the Mal file sit out on Time Machine and will just be careful never to recover that file.  I did a fresh Time Machine backup of my clean MAC HD and verified that the offending file is no longer to be found in that copy. At this point my assessment is that Time Machine is not allowing SAV to remove any backup files.  I do get the SAV Detection Alert screen everytime I access the file in Time Machine but unfortunately that is all that can be done at the moment to my knowledge.

Have you been able to locate the infected files in your Time Machine "Finder" window?  Once you do this, you should be able to control/right click on the file and select "Delete All Backups of 'infectedfile.app'", then Click OK when it warns you you can't undo.

Andrew

Thanks for your tip. I located one of my backup files in Time Machine; created a Custom Scan and ran it .

It detected the threats but did not delete them despite being asked to do this in the drop down menu. Gertting there little by little but it seems a long and winding road? Any experience with this?

Brian Armour

My Time Machine does nothing when I right-click or control-click. Super frustrating. Anyone know how to get around this? I tried looking in Apple forums, but found nothing. 

I'll try a step-by-step, and we can see where your setup fails:

1. Create a new Finder window, and navigate to the folder where the problem file exists in Time Machine
2. Choose "Enter Time Machine" from the Time Machine icon in the menu bar
3. Navigate back through your backup history until the file appears in the Finder window
4. Attempt to right-click on a file.
5. If a contextual menu does not appear with the options "Open", "Delete All Backups of '...'", "---", "Get Info", "Quick Look '...'" then you likely have a stuck modifier key.
6. Try hitting each of your modifier keys (control, option, command and shift both left and right ones if you've got multiple) a few times
7. Try right clicking again.
8. If no menu comes up, try holding down the control key and clicking the left side of your mouse.
9. If none of this works, press the Esc key and attempt to right click in the Finder window again.  Does it work?

I read your post with interest. I ran a scan for the first time yesterday. Came up with a trojan virus in my time machine, it said and also in mail somewhere. I did see that this is a windows virus. I guess it must be imbedded in some email somewhere, but I just don't know how to find it anyway.  It sounds like some of these are not removeable (I got the same message it has to be manually removed,) and I am assuming (hopefully correctly) that it is harmless to my  Mac. I don't think I want to waste anymore time with this, so for now I'm going to let it go as well. 

Having completed a scan I was presented with a window telling me I had two bad files in quarantine manager, and that I was to remove them manually. How do I do that? The Clean Up Threat button is not live, even after opening the lock.

-- Stephan