06-13-2012 08:14 PM
I scanned my computer (Mac OS X 10.4.11) and Sophos detected 3 threats, all of which the Quarantine Manager says can only be cleaned up manually. The threats all have the same name: Troj/ByteVeri-X .
1) The instructions on the Sophos site say: "If there are any threats for which the action available is 'Clean up manually', create a custom scan". I haven't been able to locate the threats following the path and file name. Which file(s) should I custom scan? And what should I do about the threat itself after I managed to do a custom scan?
2) Also, when I clicked on "Troj/ByteVeri-X" (= the threat name in the Quarantine manager) the Sophos Threat Analysis page that came up says that this threat only affects Windows. I don't use Windows, I believe, because I have a Mac. Does this mean I am safe and do not have to remove the threat?
06-14-2012 12:39 AM
re 2): Indeed Troj/ByteVeri-X specifically targets a Windows vulnerability (if I correctly understand the analysis). While you should be safe it is always a good idea to clean up/remove all item found so you don't pass them on inadvertently. In general the Affected Operating Systems should be taken with a grain of salt though. Code (which is often more or less OS independent like Java, scripting in webpages and so on) is usually classified as Trojan when it downloads - not necessarily by exploiting a vulnerability - other potentially malicious code and Affected OS relates to the apparent target of these downloads. In other words, the threat might work on many OSs but only "deliver" malware for a specific OS - a behaviour which can change at any time. Of course the analysis will be updated when it becomes known that other platforms are targeted as well - but you might be the first to get hit.
re 1): could you give an example of the path? For a custom scan select any folder along the path - the further "down" the less time the scan takes of course. Set the options to Clean up threat and (If cleanup fails) Delete threat. This does not apply to threats found in Time Machine backups - for the please see here.
06-14-2012 06:25 PM
Thank you, Christian.
I managed to find the complete path, did a custom scan and cleaned up the threat following your instructions. When I scanned again the threat was gone. I also scheduled another scan for later today. I'll see what happens.