Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 7 subscribers
  • Views 9226 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URGENT! Help with JS/Agent-AZOD malware on Mac OS X 10.10.5

ED1234

8345.Malware screengrab.tiff

Hello all,

I was backing up my mac onto my external hard drive via time machine when I received a quarantine manager notice that I had JS/Agent-AZOD malware on my mac which needs to be removed manually, and the 'cleanup' icon is greyed out. I note the file path is /Volumes/Macintosh HD 1/Backups.backupdb/Edwin's Macbook Pro/2018-08-23...rome/Default/Extensions/.

I have Sophos Home Edition 9.6.8, Threat detection engine: 3.73.0 Threat data: 5.54

I also note that this link (https://support.home.sophos.com/hc/en-us/articles/360000555626-Manual-malware-cleanup-on-a-Mac-computer) states that in order to delete the malware I will have to go into the time machine archive. I cannot find the above path in my finder window, which leads me to believe that the malware is on my external hard drive (on which my time machine data is stored). I ran a full system scan and it did not return anything, which reinforces my prior conclusion.

I would like to get rid of this malware, however I am reluctant to put the hard drive back into my computer now that I think that the malware is on it.

I would be grateful for any suggestions as to what I could do to resolve this.

Kind Regards,

 

Ed



This thread was automatically locked due to age.
Parents
  • 0

    Hi ED1234,

    You can find the complete file path of the detected file in the log file -  /Library/Logs/Sophos Anti-virus

    But to remove the detected file, you need to follow the instructions as suggested in the Article that you shared.

    You may also try via the termail using the command: rm /Volumes/Macintosh\ HD\ 1/Backups.backupdb/Edwin's\ Macbook\ Pro/2018-08-23...rome/Default/Extensions/

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Many thanks for your reply.

    I have found the full file path of the detected file. 

    Am I correct in assuming therefore that the malware is on the external hard drive, and that in order to manually remove it I will have to plug it back in? Just seeking confirmation. 

    Kind Regards

    Ed 

    EDIT: The full file path is '/Volumes/Macintosh HD 1/Backups.backupdb/.... MacBook Pro/2018-08-23-230035/Macintosh HD/Users/.../Library/Application Support/Google/Chrome/Default/Extensions/aiimdkdngfcipjohbjenkahhlhccpdbc/31.2.2_0/js/jquery.js'

    I had a look for it with and without the hard drive plugged in and I could not find it. Under 'Users' there is no Library folder (which appears to have gone up a level under 'Macintosh HD',) and under 'Library' > 'Application Support' there is no 'Google' folder through which I could presumably find the detected file.

    I would be grateful for some advice on this.

     

    EDIT 2: I tried searching for the 'Volumes' folder using finder, but it takes me through a never ending loop between 'Volumes' and 'Macintosh HD.' I'm wondering if this is an indication of the detected file's presence on my computer. Please see the attached photo.3443.finder window.tiff

Reply
  • 0 in reply to Gowtham Mani

    Many thanks for your reply.

    I have found the full file path of the detected file. 

    Am I correct in assuming therefore that the malware is on the external hard drive, and that in order to manually remove it I will have to plug it back in? Just seeking confirmation. 

    Kind Regards

    Ed 

    EDIT: The full file path is '/Volumes/Macintosh HD 1/Backups.backupdb/.... MacBook Pro/2018-08-23-230035/Macintosh HD/Users/.../Library/Application Support/Google/Chrome/Default/Extensions/aiimdkdngfcipjohbjenkahhlhccpdbc/31.2.2_0/js/jquery.js'

    I had a look for it with and without the hard drive plugged in and I could not find it. Under 'Users' there is no Library folder (which appears to have gone up a level under 'Macintosh HD',) and under 'Library' > 'Application Support' there is no 'Google' folder through which I could presumably find the detected file.

    I would be grateful for some advice on this.

     

    EDIT 2: I tried searching for the 'Volumes' folder using finder, but it takes me through a never ending loop between 'Volumes' and 'Macintosh HD.' I'm wondering if this is an indication of the detected file's presence on my computer. Please see the attached photo.3443.finder window.tiff

Children
No Data
Unfiltered HTML