Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 21137 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remove threats from Time Machine when Time Machine has not been running?

AnnHitchins

1) Sophos has been reporting a number of threats over the last 24 hours- all are unable to be removed by Sophos and have to be removed manually.

2) When I look up the locations for the threats in the log they all have addresses such as the following : 

'Troj/Zbot-GXI' detected in /Volumes/Time Machine Backups 1/Backups.backupdb/Ann’s MacBook Pro/2013-11-20-090236/Macintosh HD/Users/Ann/Library/Mail/V2/IMAP-annhitchins@yahoo.com@imap.mail.yahoo.com/Bulk Mail.mbox/04A87835-7A97-471E-B292-674CAD94DA87/Data/1/7/6/Attachments/671952/2/20131115123212813.zip

which I understand according to this link - https://www.sophos.com/en-us/support/knowledgebase/118117.aspx#howCustomScan

means they have to be identified and eliminated in time machine.

3). However I have NOT run time machine in Months! So how can I they be located there? ANd how can I remove them? There are at least a dozen! Please help!!



This thread was automatically locked due to age.
  • 0

    I'm new to mac, but could you just delete the Time Machine files at those locations? Since you haven't been actively using it i assume any data there is unneeded.

  • 0

    The clue is in the path. Where it says: /Volumes/Time Machine Backups 1/Backups.backupdb/Ann’s MacBook Pro/2013-11-20-090236/Macintosh HD/Users/Ann/Library/Mail/V2/IMAP-annhitchins@yahoo.com@imap.mail.yahoo.com/Bulk Mail.mbox/04A87835-7A97-471E-B292-674CAD94DA87/Data/1/7/6/Attachments/671952/2/20131115123212813.zip, you will see there is the date (I've emboldened it above). You may not have used time machine in months but the time machine drive is still recognised by your mac which is why Sophos has picked these threats up. The offending files are stored in that back-up from the dates shown in the path. If you never intend to use the back-up to restore your mac, you can safely leave them there. However, if you want to remove them (I've just successfully removed 10 threats from my time machine drive) you need to follow these steps:

    1) Copy and paste the contents of the threat list into something like Notes and print them or export them somewhere else so you can refer to them when you go into time machine (I suppose you can write them out if you're really pushed.

    2) Enter Time Machine and navigate to the appropriate date and you should see a window showing your folder list. Choose your home folder (in your case that's probably Ann)

    3) Follow the path (I'm using the one you've quoted above) so choose the following folders by clicking once on each to open the next level. The sequence is

    Library > Mail > V2 > IMAP-annhitchins@yahoo.com@imap.mail.yahoo.com > Bulk Mail.mbox > 04A87835-7A97-471E-B292-674CAD94DA87 > Data >1 > 7> 6 > Attachments > 671952 > and then single click on the zip file 20131115123212813.zip

    4) Once it is selected, click on the little wheel symbol at the top of the window and select "Delete all backups of 20131115123212813.zip"

    5) You'll be warned you cannot undo this action and asked for your admin password

    6) Enter the password and hit OK. All copies of that file on your Time Machine drive should be eliminated.

    7) Repeat for all the other paths listed in the threat list.

    Unfortunately you can't just open the drive and navigate to the appropriate file and try to trash it because you'll get a message saying that Time Machine cannot be modified. You have to do it from within Time Machine. It's time consuming but that's how it's done. [|-)]

    Best of luck [8-|]

Unfiltered HTML