Hidden folders

[martinchivers]

using Mac OS High Sierra. Late 2012 iMac

Ive run Sophos Home and its come up with 4 viruses. These cannot be removed by Sophos itself but can only be removed manually. Ive made a note of the file names and searched (finder) for them. They are however hidden. Ive googled show hidden folders and followed the steps, but with no success at all.

file names....
/Users/martinchivers/documents/Outlook for macArchive_03.08.16.olm
and various versions of
/OutlookformacArchive_(dates) .olm

(see screenshot). I can find the normally hidden "Library" folder. Within "users"/martinchivers ive now been able to locate "martinchivers" and Documents (with is greyed out). But I am able to open the folders, but they don't contain the files I need to delete.

Can anybody tell me how to find them? Once I do, I assume I delete them, remove from trash-reboot etc? Anything else I need to do?

 

[BrianBaughn]

I don't use Sophos but that looks like it's indicating that it found the "virus" files in those OLM files, which are archives from your Microsoft Outlook app. This would indicate that they're probably in attachments in some email that was archived...I'm guessing that the archives were created on the dates that are in the OLM filenames.

You can look up the virus names yourself but I'm sure you'll find that they're all virus/trojans that affect Windows only.

I don't believe there's any way to get into an OLM file and delete a specific item. You would have to import the OLM, delete the offending email, and then re-export.

Is there any reason to keep these OLM archives? If not, the entire OLM file can be thrown away. However, as they stand the OLM files and the trojan/viruses they contain are no threat to your computer.

Are you currently using Microsoft Outlook?

 

[martinchivers]

Brian, thank you. Yes, I use Microsoft outlook as my email software. I would literally delete the entire .olm file, if I could locate it. One of the dates is in the future, though! (08.01.18). others are 2015 and 2016.

 

[BrianBaughn]

I see two 15s and two 16s.

The first one appears to be in your Documents folder if your account is "martinchivers". I don't think any of the files are invisible.

 

[martinchivers]

I can't find them in the file path, that its giving me.

 

[Fishrrman]

Do you have the exact filenames you're searching for?
Then download EasyFind:
http://www.devontechnologies.com/products/freeware.html

Set it up to search for invisible files as well as visible ones
Then... try again.
IF it finds something, you can delete it directly or choose to reveal it in the finder.

 

[martinchivers]

thanks. Ive downloaded it and run for "Invisible files and folders". Typed in both parts of the Trojan (the name of the virus and its location) (See screenshot). But unfortunatly its not found them

 

[BrianBaughn]

Is Sophos scanning just your computer or do you have an external drive connected?

 

[martinchivers]

I do have external hard drives, but they are only turned on, if and when I'm accessing them and not while running the anti-virus software.

 

[BrianBaughn]

Weird. Did you try a search like this?:

 

[martinchivers]

yes, it is weird isn't it.

Yes, I have (this is finder, right?). BUT without those additional search boxes (for want of a better description). How do you get this up?

 

[BrianBaughn]

You can start a search in any Finder window. That particular window appeared when I pressed “command-f” in Finder. You can add the extra conditions by clicking the “+”, selecting “other” and picking the condition. There’s checkboxes in there if you want to add the condition to the menu of conditions.

 

[martinchivers]

thanks. I tried it, and use ".olm" as the search term. It didn't find ANYTHING at all. I heard that High Sierra has security issues, maybe thats why ive got the virus in the first place, been using iMacs for 10 years and this is my first one.

 

[Septercius]

What happens if you try from the Terminal ("/Applications/Utilities/Terminal")?

cd /Users/martinchivers
find . -name "*.olm" -print

 

[martinchivers]

nothing, as far as I can see. I dont really know what it shall do

 

[BrianBaughn]

Does the Sophos app offer up a full report with full paths to those items? All we see is a partial path.

 

[martinchivers]

Brian, I dont think it does, no. Only whats on the screenshot, as far as I can see

 

[BrianBaughn]

Try a Terminal command that just lists the files in a folder, including invisible ones, and see if the file is actually there.

The first folder’s (your Documents folder) contents can be shown by copying and pasting this into Terminal:

ls -a ~/Documents/

 

[martinchivers]

this is what comes up.....

 

[BrianBaughn]

It's not there and there's nothing hiding it.

What happens when you click "How To" in that Sophos window?

 

[martinchivers]

good question! It takes me to a webpage with details of various types of viruses, but I looked at all that and didn't really see anything that look either appropriate or do-able.

https://home.sophos.com/removal?threat=Troj/DocDl-JM&platform=mac#hs-section-2-11

 

[PinkyMacGodess]

Is it scanning your Time Machine backup and finding them there somehow?
[doublepost=1512048372][/doublepost] Also: http://www.blogs.olmtopst.com/how-to-unhide-outlook-temp-folder-on-mac.html

 

[martinchivers]

I dont think it is, no. Because my time machine hard drive isn't turned on and connected, unless I'm doing a backup.

 

[BrianBaughn]

Is there ANY way to get the full path of those files? If you don't know, ask Sophos.

 

[martinchivers]

Is there ANY way to get the full path of those files? If you don't know, ask Sophos.

I dont know how to, no. I will have a look on their site and see if I can contact them to ask them. thanks