This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trojans

I have 4 Trojans on my Mac and don't know how to remove them manually. The Sophos instructions are not clear enough for a computer lay-person like my self.

:1004279


This thread was automatically locked due to age.
    1. Open Sophos Anti-Virus
    2. Click Open Quarantine manager
    3. Click on one of the detections (avoid clicking the hyperlinked detection name)
    4. Click the triangle beside Threat Details
    5. Make note of the path to the detection
    6. Click on the triangle beside Custom Scans at the bottom of the page (if that's at the bottom of the page)
    7. Click the + at the bottom of the page
    8. Click the + at the bottom of the page
    9. Navigate to the folder the detection was listed in and click Open
    10. Click the Options tab near the top of the window
    11. Select Log Only, and change it to Delete Threat
    12. Click Done
    13. Click the "Play" button on your new scan (titled "untitled")
    14. Wait for the scan to complete
    15. Double check that the files are gone by clicking Open Quarantine Manager
    16. If they're not gone, you'll have to use the Finder (or TimeMachine) to locate the files and drag them to the trash.
    :1004285
  • Thanks Andrew for your directions. They were very clear. Unfortunately, the 4 trojans were still in the quarantine box and they still need to be removed manually. I don't know how to locate them using finder. They don't seem to appear when I type in the path. I tried locating them on Time Machine but not sure if I am doing it correctly. Here a couple of the detections.  

    Volumes/Time Machine Backups/Backups.backupdb/Art Balogh’’’’s iMac/2010-10-21-230126/Macinto

    Volumes/Time Machine Backups/Backups.backupdb/Art Balogh’’’’s iMac/2010-10-21-230126/Macin

    Thanks

    Abe

    :1004435
  • Yes, if they're in Time Machine, you'll have to manually remove from within Time Machine.

    Those paths are incomplete... do you happen to know the full path?  It should show up in the Quarantine details if you click on it.  If not, we'll have to go into the SAV logs to get the full path.

    This will show you exactly where in your TM universe the file is located.  Once you know where it is, open the folder containing it in the finder (command-shift-g, and paste in the path starting at Macintosh -- at the end of what you list below), then with that finder window open, enter Time Machine, right/control click the file, and select the option to delete all backups.

    :1004439
  • Hi Andrew

    The one file ends in Macintosh HD/Users/suebalogh/library/Mail downloads/eTicket#1721.exe I opened finder then time machine backups and typed the file thread into the search line and no file ws found. When I click on the thread in the quarantine box, only part of the thead is shown.

    :1004449
  • That means it's an attachment to a Bredo spam, living in a backup of your Mail Downloads folder.

    While logged in to the suebalogh account,

    1. type command-shift-G,
    2. enter "Macintosh HD/Users/suebalogh/library/Mail downloads/" on the line it prompts you with. 
    3. Press return.
    4. Now, with that finder window open, enter Time Machine
    5. Navigate to 2010-10-21-230126
    6. Right-click the file "eTicket#1721.exe" and delete all backups
    :1004453
  • Where do I click Quarantine Manager? I can't see the link?