Author Topic: Viruses in Volumes Time Machine Sparsebundle  (Read 9848 times)

0 Members and 1 Guest are viewing this topic.

Offline Bas

  • Newbie
  • *
  • Posts: 7
Viruses in Volumes Time Machine Sparsebundle
« on: January 29, 2014, 08:45:01 AM »
When scanning my MacBook Air OS Mavericks Avast detects viruses in Volumes/Time Machine/Sparsebundle/bands. Should I move these threats to the virus chest or should I exclude these volumes from scanning.

Offline krahulik

  • Avast team
  • Sr. Member
  • *
  • Posts: 277
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #1 on: February 06, 2014, 10:59:14 AM »
Hello,
 I would exclude it from the scanning. You can try to delete the viruses according this guide: http://reviews.cnet.com/8301-13727_7-57597578-263/how-to-clear-unwanted-files-from-time-machine-backups/

Best Regards,
  Martin Krahulik

Offline Bas

  • Newbie
  • *
  • Posts: 7
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #2 on: February 06, 2014, 05:50:14 PM »
Hello Martin,

Thank you for your advice!

Bas

Offline Taregreen

  • Newbie
  • *
  • Posts: 2
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #3 on: February 13, 2014, 04:15:37 PM »
This is happening to me as well. The first time it happened several viruses showed up in volume in time machine sparsebundle, so I just deleted the whole backup then rescanned my system and nothing was detected. I then ran a backup and rescanned. Again viruses were detected in the time machine backup sparse bundle.  Are these actually viruses or are they false positives?  I'm in the process of deleting the backup (again). I will then rescan the system after that and let you know how I make out.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #4 on: February 13, 2014, 08:20:11 PM »
These files are present in your system, have you done a full scan on the actual boot/system volume prior to backing up?

Offline Bas

  • Newbie
  • *
  • Posts: 7
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #5 on: February 28, 2014, 02:13:13 PM »
In my case the malware in the sparse bundle was also found by Antivirus Essentials on my Synology. I was thinking of the same solution Taregreen used as Avast only gives warnings on a full system scan with my NAS disconnected. No infections are found in this case.

On my Mac I also run up-to-date Windows 7 & 8 under Parallels. Most malware seems Windows related.

Now I'm afraid the only solution is to format and/or reset my NAS, backup my documents, photo's, mail, etc to a HD - scan this too - and do a Mavericks clean install from USB. In the future I plan to run just OSX with changed network setting and use an account with limited user rights.


Offline Taregreen

  • Newbie
  • *
  • Posts: 2
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #6 on: March 05, 2014, 02:05:14 PM »
Okay, sorry this took me so long to get back to, but I did delete my entire back up, then rescanned. The rescan found nothing. I have since re-backed up my machine using time machine and as expected Avast found several viruses in the sparsebundle. Looks like I'll be getting rid of Avast if a fix isn't found. Oh and when I click on "move to chest," that doesn't work. Avast can't move them. It says "Failed to chest /Volumes/Data/Taregreen's iMac.sparsebundle/bands/116d: No such file or directory."

Offline kayj

  • Newbie
  • *
  • Posts: 2
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #7 on: March 05, 2014, 06:16:16 PM »
I am having a similar problem. My Mac has been inundated with viruses (mostly Wimad mp3 files, and Malware) and once I downloaded avast! I found quite a few on my hard drive. Since I performed numerous Time Machine back ups I plugged in my external and ran the antivirus program. They found 25 files infected, mostly duplicated viruses from the ones I erased before, although some new ones were present. When I clicked to move these files to "Virus Chest" it did appears with a pop up window saying "Failed to chest /Volumes/.Trashes/Directory name.../Location/iTunes/File Name. No such file or directory." I can then only select Cancel, Skip All or Skip.

I am confused why this does not let me move the files into the Virus Chest. If they were detected on the hard drive is it not the same process to rid of them, as it worked on my Hard drive? Can someone help? I desperately need my computer back and functioning properly without all these viruses (including in my backup files)! I have a Mac 10.9.1 Maverick Operating system.

Thanks in advance.

Offline krahulik

  • Avast team
  • Sr. Member
  • *
  • Posts: 277
Re: Viruses in Volumes Time Machine Sparsebundle
« Reply #8 on: March 13, 2014, 03:00:38 PM »
Hello,
  I'm affraid you cannot chest/delete files directly at a Time machine backup folder. Even if you have succeeded, I don't know how the Time machine would behave in a case you would need to do a restore.

As long as the viruses are only in a Time machine backup, they are harmless and I would personally leave them there.

To Taregreen: If you deleted the backup, rescanned the computer and it was clean and after a new backup you can detect viruses in a sparse bundle again, it looks as a false positive. Viruses are detected based on their signatures and cetain backups/virtual machine images can sometimes hit the signature as well (unfortunatelly, not deterministically).

Martin