Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 8 subscribers
  • Views 8459 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware

MIchael Mears
Please help. New to Sophos. Attempting to manually cleanup malware detected.
 
MichaelsiMac
Manual cleanup required: 'Mal/Phish-A' at '/Volumes/Seagate Backup Plus Drive/Backups.backupdb/MichaelsiMac/2016-02-12-154038/Mac OS/Users/newuser/Library/Mail/V2/POP-wisezenheimer@earthlink.net@pop.earthlink.net/INBOX.mbox/BF15672C-108F-438D-9061-00EAB95FE580/Data/0/2/3/Attachments/320992/2/formattachment.html'
MAY 23, 2017 10:36 PM
 
I don't understand the prompts. #1:
  1. In the Finder, navigate as close to this location as you can, starting from the portion. When the next level down no longer exists (or when you've found the file indicated), select 'Enter Time Machine' from the Time Machine menu item (a clock face with an arrow around the outside).
  Is it referring to the Finder on my computer? And what does "navigate close to this location as you can, starting from the portion"? What location? And what is "portion"?  when I "Enter Time Machine" I get my desktop menu. Can someone help me? I have two malware items that need to be removed asap. Thanks.
  1. Make a note of the complete file path. E.g., /Volumes/<Time Machine Volume Name>/Backups.backupdb/<Computer Name>/YYYY-MM-DD-NNNNNN/<User Name>/Library/Caches/Java/cache/6.0/8/123456-123456
  2. From the Sophos Home Dashboard, temporarily turn off Automatic Virus Protection.
  3. In the Finder, navigate as close to this location as you can, starting from the portion. When the next level down no longer exists (or when you've found the file indicated), select 'Enter Time Machine' from the Time Machine menu item (a clock face with an arrow around the outside).
  4. Navigate to the date and time indicated by YYYY-MM-DD in the file path, and then follow the path to the detected file within Time Machine.
  5. Control or right-click the file, and select 'Delete All Backups of <detected filename>'.
  6. Click OK.
  7. (Important) From the Sophos Home Dashboard, turn the Automatic Virus Protection back on.


This thread was automatically locked due to age.
  • 0

    Will attempt to help out but judging by the posted date you may have already fixed it? 

    There's an email attachment that has been flagged as a virus. This attachment is in your Seagate Backup Plus Drive. You can use Finder to browse to the Seagate HDD -OR- the Seagate HDD may have an icon on the iMac desktop screen. You can try to drill to the formattachment.html and delete that. 

    Is it referring to the Finder on my computer?
    --     Yes it is

    navigate close to this location as you can, starting from the portion
    -- Not sure either. Use your Finder, open up the Seagate Drive and follow the path. I'm hoping if you can browse the Seagate HDD that you can get past the backups.backupdb. 

    From the 7 point To-do List you've got it looks like they want you to delete all backups that contain the affected file attachment. I'm not too well versed in Time Machine so here's a link to Sierra How-To delete backups: https://support.apple.com/kb/PH25630?locale=en_US If you delete the backups, your Time Machine app will be fine and will continue to create backups as normal. Be sure to remove the email with the infected attachment from your email app or Sophos may catch it in the backups again. 

    [I hit the CTRL key, but I'm still not in control!]

Unfiltered HTML