This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URGENT! Help with JS/Agent-AZOD malware on Mac OS X 10.10.5

8345.Malware screengrab.tiff

Hello all,

I was backing up my mac onto my external hard drive via time machine when I received a quarantine manager notice that I had JS/Agent-AZOD malware on my mac which needs to be removed manually, and the 'cleanup' icon is greyed out. I note the file path is /Volumes/Macintosh HD 1/Backups.backupdb/Edwin's Macbook Pro/2018-08-23...rome/Default/Extensions/.

I have Sophos Home Edition 9.6.8, Threat detection engine: 3.73.0 Threat data: 5.54

I also note that this link (https://support.home.sophos.com/hc/en-us/articles/360000555626-Manual-malware-cleanup-on-a-Mac-computer) states that in order to delete the malware I will have to go into the time machine archive. I cannot find the above path in my finder window, which leads me to believe that the malware is on my external hard drive (on which my time machine data is stored). I ran a full system scan and it did not return anything, which reinforces my prior conclusion.

I would like to get rid of this malware, however I am reluctant to put the hard drive back into my computer now that I think that the malware is on it.

I would be grateful for any suggestions as to what I could do to resolve this.

Kind Regards,

 

Ed



This thread was automatically locked due to age.
Parents
  • Hi ED1234,

    You can find the complete file path of the detected file in the log file -  /Library/Logs/Sophos Anti-virus

    But to remove the detected file, you need to follow the instructions as suggested in the Article that you shared.

    You may also try via the termail using the command: rm /Volumes/Macintosh\ HD\ 1/Backups.backupdb/Edwin's\ Macbook\ Pro/2018-08-23...rome/Default/Extensions/

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • I have since found what I think is the file (see attached photograph) in Time Machine, and I proceeded to delete it. However, after attempting to do so, I can no longer see the backup folder with it in (dated 2018-08-23-230035) in Finder, nor can I access that time frame in Time Machine. I still think it is on my computer / hard drive as I can find the file in finder (As per the attached photograph).

    Your assistance would be appreciated. 8468.file.tiff

  • Hi ED1234,

    Did you manage to delete the specific file that was detected or the entire instance of the particular backup? 

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply Children