Removing Mal-Phish A from MacBook Pro running OS X 10.11.6

Sophos detected Mal-Phish A in an email attachment currently on a time capsule backup.

How do I remove it?

David-Laxers-MacBook-Pro:2 davidlaxer$ pwd
/Volumes/Time Machine Backups/Backups.backupdb/David Laxer’s MacBook Pro/2016-05-05-080928/Macintosh HD/Users/davidlaxer/Library/Mail/V3/POP-davidl8@mail.spamarrest.com/INBOX.mbox/BC431648-FFBD-4009-8158-4E255EC8A039/Data/7/9/Attachments/97348/2
David-Laxers-MacBook-Pro:2 davidlaxer$ ls -l
total 80
-rw-r--r--@ 1 davidlaxer  staff  38437 Nov  4  2015 2,,7_092--AmExCiVS_579,30.html
David-Laxers-MacBook-Pro:2 davidlaxer$ sudo rm 2,,7_092--AmExCiVS_579,30.html
override rw-r--r--  davidlaxer/staff for 2,,7_092--AmExCiVS_579,30.html? yes
rm: 2,,7_092--AmExCiVS_579,30.html: Operation not permitted
David-Laxers-MacBook-Pro:2 davidlaxer$

  • In reply to FormerMember:

    I'm on a Mac running OS X 10.11.16.  The tool above indicates it's for Windows.

  • FormerMember
    FormerMember

    In reply to David Laxer:

    Hi,

     

    you shouldn't take a look at this tool but you should look at the section "Recovery Options"

     

    Regards Meghan

  • David,

    The problem is that the file in question is in a hidden folder. Here's what I did when I had something similar in a Time Machine backup:

     

    Show all hidden folders.

    Go to Terminal. Type in: defaults write com.apple.Finder AppleShowAllFiles true

    Hit return. At next prompt, type in: killall Finder

    This will allow you to view all hidden folders. Connect backup drive and enter Time Machine. Follow the path Sophos indicated to locate the file. Once you've located it, right click (or option click) and the choice is called something like "remove all instances of this file" (something like that). Once you've done that, you can hide folders again.

     

    Go to Terminal. Type in: defaults write com.apple.Finder AppleShowAllFiles false

    Hit return. At next prompt, type in: killall Finder

     

    This worked for me. I hope it works for you, too!

     

    Sue