Reply
Occasional Visitor
drrhonda
Posts: 1
Registered: ‎06-19-2012
0

Mal/iframe-F - How do I clean this up manually on a Mac?

[ Edited ]

It seems only in Firefox one of my blogsites appears to be hacked. I was suggested by my server that I try Sophos to identify and repair the malware. I have been a Mac user for a long time and never had a problem with a virus. Running the Sophos diagnostic it showed the threat to be Mal/Iframe-F and says to clean up manually, but it appears the virus removal tool is only for PC's. Am I missing something. Can anyone help? My laptop is running painfully slow. Also, I have thought to totally uninstall Firefox, but will that affect my Sophos program? I appreciate any help anyone can offer asap.

Employee
Agile
Posts: 1,195
Registered: ‎11-02-2010
0

Re: Mal/iframe-F - How do I clean this up manually on a Mac?

The Windows virus removal tool and the Sophos Anti-Virus for Macintosh Home Edition software are not the same thing, although they use the same detection and cleanup data.

Check the sidebar on this forum for a link to the download for the Mac product.

-
Andrew
Threat Researcher
SophosLabs


For our other self-service and peer-to-peer online support systems:


BY
Occasional Visitor
BY
Posts: 2
Registered: ‎10-01-2012
0

Re: Mal/iframe-F - How do I clean this up manually on a Mac?

[ Edited ]

I just received this "threat" today, but I'm not sure how to remove it, since it doesn't appear to be an actual file:

/Users/b--------Library/Caches/Firefox/Profiles/nizqf4uk.default/Cache/0/4C/F27ABd01

 

As I am not a computer/tech guru, I just want to confirm the following things:

- I am running only Mac OSX 10.7.4; is this malware a threat to my computer?

- How do I remove this? I feel silly, but I can't seem to create the custom scan to "manually" remove it? Or do I just need to clear my Firefox cache?

**** I feel silly; I was able to resolve it using the below from SOPHOS: Java Web Cache. If the file path contains “/Library/Caches/Java”, From the Sophos Preferences window, temporarily disable on-access scanning. Go to the Finder, hold down the Option key, and from the Go menu select Library. If the Library option does not exist, select Home and then click on the Library folder. Open the Caches folder and put the containing Java folder in the trash. Empty the trash. From the Sophos Preferences window, re-enable on-access scanning. Time Machine Archive.
BY
Occasional Visitor
BY
Posts: 2
Registered: ‎10-01-2012
0

Re: Mal/iframe-F - How do I clean this up manually on a Mac?

[ Edited ]

I wanted to edit my reply, as something was acting up on my Firefox. I was able to remove the threat using the steps below [from Sophos] - mine had to do with my cache[?]:

 

If any threats still exist as “Clean up manually” after performing the custom scan with the Delete option, the files are probably contained on a backup volume or inside an archive. These are not deleted by Sophos, as they probably contain a lot of information you do not wish to delete as well as the detected file.

Some common locations for such files are:

  • Java Web Cache.
    If the file path contains “/Library/Caches/Java”,
    1. From the Sophos Preferences window, temporarily disable on-access scanning.
    2. Go to the Finder, hold down the Option key, and from the Go menu select Library.
    3. If the Library option does not exist, select Home and then click on the Library folder.
    4. Open the Caches folder and put the containing Java folder in the trash.
    5. Empty the trash.
    6. From the Sophos Preferences window, re-enable on-access scanning.

     

    The link below [from SOPHOS] explains other scenarios to removing threats:

    http://www.sophos.com/en-us/support/knowledgebase/118117.aspx

 


I'm hoping that all malware threats really have been removed!

Employee
Agile
Posts: 1,195
Registered: ‎11-02-2010
0

Re: Mal/iframe-F - How do I clean this up manually on a Mac?

I'm glad that addition to the kba was useful for you :smileyhappy:

 

For web cache items, it's usually just as easy to disable on-access scanning, clear your web cache from within the browser's preferences and then re-enable on-access scanning.

 

The detection will re-appear the next time you visit the site with the malicious iFrame redirect.

-
Andrew
Threat Researcher
SophosLabs


For our other self-service and peer-to-peer online support systems: