This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

removing virus from backup on Time Machine

Hi, I got Sophos and it removed the virus from my Mac which is great but it detected a virus "Bundlore" in my external hard drive where I put my backups. 

It asked if I wanted to clean it, and I did, so I pressed the "clean" button, and I got this message with the wheel moving: 

 

So because the wheel is moving, I think it's actually doing something, but it is taking hours and giving me no progress bar / sign of when it will be done. Is that normal? 

Note the greyed out text in the background telling me I have to remove it manually. Should I do that instead? 

This is my second try. I interrupted this process after several hours but now I'm trying again. After aborting the first try, I did delete an old backup of mine, where Sophos said the virus was located, but in this second try the virus just moved over to the next backup (my oldest.)



This thread was automatically locked due to age.
  • poweredbyvb said:

    Hi, I got Sophos and it removed the virus from my Mac which is great but it detected a virus "Bundlore" in my external hard drive where I put my backups. 

    It asked if I wanted to clean it, and I did, so I pressed the "clean" button, and I got this message with the wheel moving: 

     

    So because the wheel is moving, I think it's actually doing something, but it is taking hours and giving me no progress bar / sign of when it will be done. Is that normal? 

    Note the greyed out text in the background telling me I have to remove it manually. Should I do that instead? 

    This is my second try. I interrupted this process after several hours but now I'm trying again. After aborting the first try, I did delete an old backup of mine, where Sophos said the virus was located, but in this second try the virus just moved over to the next backup (my oldest.) 

    Bundlore is not a virus.  Bundlore is a Potentially Unwanted Application.

    A PUA is not a virus, key logger, nor ransomware designed to steal your data.  A PUA is a program that can cause other problems.  PUAs can potentially provide a way for other malware to bypass your security and enter your computer.

    In this case, Bundlore is adware.  Adware isn't malicious by nature, but it can be very frustrating to deal with.  Bundlore is a collection of adware programs that add "special offers" in the installers of other programs, installs extensions/plug-ins/add-ons in your browser, and causes popups to appear in sites that normally don't have them.

    Sophos found a variant of Bundlore in a file named: Donwloader_setup_mac.dmg in a Time Machine backup from February 2016.  The file is an installation package acting as a Trojan horse inside a folder named veebee on the desktop of user: Mac.  The full path to the file is veebee > Documents > PayPal Statements

    This is a copy of an issue that was once in your Mac.  The issue is no longer in your computer, but it remains in an old backup/copy of your computer from 22 months ago.

    Have you tried to log into your Sophos Home Dashboard at http://home.sophos.com and click the clean button in the alert in the history for your computer?  If that doesn't clean the issue from your Time Machine backup, you can ignore this issue since it is not an immediate threat, or you can attempt manual cleanup.  The easiest way to manually clean this issue is to delete your whole Time Machine backup and start fresh.