dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
9

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME
Nokia XS-110G-A
Linksys Velop MX5300

lordpuffer to Simple Guy

Premium Member

to Simple Guy

Re: [Snow] Removing malware Troj/Java-FR in OS X

Click for full size
Click for full size
Click for full size
It's easy to take screenshots/windows shots/area shots with a Mac. See First Attachment.

Make sure that your preferences for "Scan Local Drives" for Sophos are set like in the Second Attachment.

Then, using the Scanner in the Third Attachment, run a FULL SCAN, by clicking on the arrow and by choosing FULL SCAN. It should ask for your Admin Password.

After that is done, let us know if it removed the Trojan, or just Quarantined it. Hopefully it will remove it.
Simple Guy
join:2012-05-16

Simple Guy

Member

The screen shots and information posted are for the Windows version of Sophos. The interface for the Mac is entirely different. Not alike at all. Windows has all those choices the Mac version does not. Most of the stuff shown in your screen shot doesn't even exist on the Mac version such as the options when you right click on the tray icon or there is no choices for checking any hidden files anywhere through the sophos Mac version.

I did everything correctly with the Mac scan. Everything. The special scan detected the threat. The information with the special scan said the threat should now be eliminated and that can be confirmed checking the checking the quarantine manager which would show the threat gone. But it is not gone. It is still there.

There are no options in the Mac Sophos to remove or select or deselect anything. You first at step one of the whole procedure run a full scan of all drives and it detects the threat. It shows the threat in the quarantine manager. You then tell it to clean up the threat which is your only option at that point. It tries. It fails. It tells you it fails. It says you must manually remove it. That is your only option. It tells you how to set up and run a special scan. I successfully did that. It detects the threat and says the threat should not be eliminated from the quarantine manager. It's not.

I know where the file is. It is in a hidden file. I know the name of the file.

At this point all I need to know is (please entirely forget about Sophos at this point) is how to use my Mac, (finder I presume) to navigate to where I can search or see hidden files. By doing that I can go to the location of the file and manually delete it.

Thank you.
Simple Guy

1 edit

Simple Guy to lordpuffer

Member

to lordpuffer
said by lordpuffer:

It's easy to take screenshots/windows shots/area shots with a Mac. See First Attachment.

Make sure that your preferences for "Scan Local Drives" for Sophos are set like in the Second Attachment.

Then, using the Scanner in the Third Attachment, run a FULL SCAN, by clicking on the arrow and by choosing FULL SCAN. It should ask for your Admin Password.

After that is done, let us know if it removed the Trojan, or just Quarantined it. Hopefully it will remove it.

Simply to be clear the screen shot you show of the interface does not exist for the Mac version as shown.

Screen shot one equivalent for the Mac is you have a choice to run a full scan. Period. No other options or choices or selections.

tmpchaos
Requiescat in pace
Numquam oblitus
join:2000-04-28
Hoboken, NJ

tmpchaos

Numquam oblitus

That's incorrect. The screenshots both I and lordpuffer See Profile posted are from the Mac version of Sophos. His middle screenshot, for instance, can be found by clicking Sophos Ant-Virus at the top of your screen, then choosing Preferences from the drop down.

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff to Simple Guy

MVM,

to Simple Guy
said by Simple Guy:

At this point all I need to know is (please entirely forget about Sophos at this point) is how to use my Mac, (finder I presume) to navigate to where I can search or see hidden files. By doing that I can go to the location of the file and manually delete it.

If you have the full path in /folder/folder/folder form, then from any Finder window, go to the "Go" menu at the top of the screen and select "Go To folder". Put in the path (without the filename) and it'll take you to that folder even if it's hidden.

In general, Finder only hides files/folders that begin with a ".", but there are some special folders that are also hidden, such as /Users/you/Library and all of the system folders (/etc, /private, /var and so on).
Simple Guy
join:2012-05-16

Simple Guy to tmpchaos

Member

to tmpchaos
said by tmpchaos:

That's incorrect. The screenshots both I and lordpuffer See Profile posted are from the Mac version of Sophos. His middle screenshot, for instance, can be found by clicking Sophos Ant-Virus at the top of your screen, then choosing Preferences from the drop down.

Thank you. However, I've discovered that I have a more current or latest version and the GUI is different, but that doesn't matter. In the end the functions are the same.

I have followed the directions specifically. In the most recent scan a new additional MS OS malware was detected and it was cleaned normally. That just left the original which is the OP.

To be absolutely perfectly clear I have followed the instructions to manually remove the Trojan and I have correctly carried out all instructions and run the custom scan but it does not delete the threat. There is no way to delete the this threat for some reason with Sophos. Sophos AV confirms all my actions have been the correct actions in black and white terms. No gray areas.

I'm curious about how I got this, which was very recent and then the second one was just today. Would I be correct in assuming that I am getting it via an email from a Windows computer, even if the email has no attachments of any kind?

Meanwhile I'm just going to switch to Avast if it is full anti-malware program v just a stand alone pure AV.

Thanks for all of your help and for your patience too.
modelamac7
join:2002-04-13
Waterford, MI

modelamac7 to Simple Guy

Member

to Simple Guy
This should work without a lot of fuss, since you know the name of the file.

The app EasyFind (free) will search for that file name in your hard drive or your Home folder, or wherever you tell it to search., It will look in hidden files. It will list every file with that name, show its location. The best thing is it will allow you to select and delete it right in that same window. If it requires Admin privileges to delete, you can right-click on the file and select "Show in Finder". Do that and delete it from the finder window, typing in your Admin password.

Get EasyFind here:

»www.macupdate.com/app/ma ··· easyfind