05-04-2012 06:25 AM
I had a hit on my MBAir the other day. Sophos reported a keylogger of some sort. It wasn't Flashback (as I recall) and I wanted to see details 'cuz I have no idea when it would/could have gotten installed. I went into the quaranteen manager which didn't show any more details. The QM was locked so I unlocked it, thinking I would be able to find out more. As soon as I unlocked it, the listing disappeared. I am trying to find where the report history is stored because I am curious about the details (where the infection was and other details) but it does not appear that there is any report history.
What am I missing here?
05-04-2012 07:49 AM
Update: After letting the scan complete, I now see the following:
The reported infection is OSX/Flshplyr-D, which is being reported in my Time Machine files (a sample location is showing as /Volumes/The Office/Backups.backupdb/M_Michaels/2012-03-28-0825
However, this is only after the scan results and I am still not finding where I can return to these results later.
Additionally, when I follow the link in the results pane, I am taken to a page on the Sophos site which defines this as a Mac trojen, then offers to let me download the Windows Threat removal utility. Say what???????
05-04-2012 08:28 AM
05-04-2012 08:55 AM
"The logs are also accessible from the console app"
Got it. Any idea how to delete the infection from my Time Machine files, especially since the file referenced is named ".null"?
05-04-2012 09:15 AM