Antivirus and copy conflict

Well I would have to agree with that advice and bail on Sophos. Safe computing is really not all that hard without an antivirus program bogging you down

 

If Sophos didn't find your Mac infected with malware/trojan/viruses/keyloggers (per the suggestion above) two years ago when this happened, then it's likely the password was brute-forced "guessed", or stolen from a different machine.

The only Mac folks I know that have Macs with antivirus are folks with work machines where it's mandated by their company (based on their interoperation of Sarbanes-Oxley, HIPPA, PCI-DSS, etc requirements).

If you want to keep running it, maybe see if there's a way to disable real-time protection, and run it manually once a week or something.

 

Dump Sophos and see if it resolves the problem.
Then try a different AV and see if it's any better. Avast and Avira both have free versions for Mac.
Your ISP should be placated and the problem will be gone.

 

1) Remove Sophos and any other 3rd part security products from all of your Macs. Anti-virus on a Mac currently has no benefit whatsoever, yet has potentially many downsides including introducing vulnerabilities and/or conflicts with the OS and other applications.

2) Disable FTP everywhere you have been using it. FTP sends credentials in the clear over the wire unencrypted and should have been abandoned a decade ago.

3) Abandon Wordpress and move to Drupal for a much more modern and less vulnerable CMS solution that doesn't require weekly patching.

 

I certainly agree with 1) and 2). I don't know enough about Wordpress vs Drupal to comment on 3).

I would add one further thing though, and that's to dump the web hoster. Anyone advising you to install antivirus on a Mac should make you raise a Spock-like quizzical eyebrow and wonder whether they know what they're talking about.

 

If you interact with other PC users then running antivirus on your Mac is simply being a good citizen.
You could catch and clean an infection before passing it onto others.

 

True. But anyone running a PC without antivirus is, frankly, nuts.

 

I recommend avoiding Sophos, as it can actually increase a Mac's vulnerability, as described here and here.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.

​

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

Also, if you want to make a bootable clone, I recommend Carbon Copy Cloner. Unlike SuperDuper, it also clones the OS X Recovery partition.

 

Second the recommendation of Carbon Copy Cloner.

 

... even if you have an AV installed. I completely agree that safe computing habits are essential.

No antivirus app has a 100% detection rate, so even if you have one installed, you could carelessly install a Trojan that may go undetected by your AV app. Practicing safe computing with no antivirus app installed protects better than having an antivirus app, but not practicing safe computing.

 

I've run into a similar problem.

I use bootcamp. I back up my windows partition with winclone. Now, a WinNT partition isn't writable from MacOSX,,,

Every so often, my mac antivirus program detects a virus that my bootcamp installation has picked up. It then removes the offending file (which usually has a two hundred character pathname because it's been deposited in a cache subdirectory.)

Now, the Bootcamp partition isn't writable, which means that I have to go back to windows to delete the offending file, and it usually ends up being stashed away in some hidden subdirectory...

Aughh. Such a nasty cycle.

 

I'd suggest that Sophos isn't the most accurate AV for mac, use Avira if you want flawless accuracy.
Then after a full scan with Avira, install 1password (get it from the mac app store if you have multiple macs).
Then generate long passphrases for your critical passwords, and store them in 1password.
(If you have multiple macs, or iOS devices and macs, then just setup 1password team account.)

 

Your ISP is "programmed" to tell everyone they need antivirus software. On Windows systems, where actual viruses exist in the wild, such antivirus apps are needed for protection. However, no true viruses exist in the wild that can affect OS X. There are OS X Trojans, but they can be successfully avoided without the need for antivirus apps. You may elect to run antivirus apps on OS X, but if you practice safe computing, such apps are not necessary to keep your Mac malware-free.

The Recovery Partition is an important tool to aid in certain troubleshooting, system restoration, etc. It is a separate partition from the one where OS X and your data resides. When cloning your drive, CCC will also clone the Recovery Partition. SuperDuper! will not.

 

Drop antivirus, as we ( researchers ) can push code through the pathways opened up by the antivirus software. Previous versions of windows were in such sad shape it was better have a little protection than none at all, which is why antivirus was recommended. Windows10 has done a much better job and I would not recommend 3rd party antivirus solutions for it either.

The best guess is old version of WP not updated and script attacked. Very easily done. Set WP to update automatically and you are good to go. As an aside for drupal, it had the worst / best attack a couple of years ago that would get your IP banned via google search due to the 'hidden' injected code. Different versions of CMS do not matter as much as keeping it up to date.

The second and often seen, but rarely reported, is the ISP was hacked and script code was injected into all hosted sites. This is much easier than hacking a thousand individual sites and more lucrative. The ISP doesn't want this to go public and will fork over the $10K to 'release' the attack. They then patch their error and report to all hosted sites, politely and not so directly blaming each of them for the breach. They ask you to increase your security, blah, blah, blah all to keep the lawyers happy.

So full circle, drop the antivirus on Win10 or OSX. Occasionally run something like Malwarebytes ( https://www.malwarebytes.org/antimalware/mac/ ) to clean up any zero day browser attacks that you unfortunately searched into.

Remember, don't click on any unrequested links in email, always visit the site you want by typing it in the browser directly.
Always be very wary of requested links in email ( password resets, ect ) as you could just get the coincidental hit.

--- Post Merged, May 8, 2016 ---

Or better, use the 'save password' in safari. I cannot see the password entered if I man in the middle attack your system or directly watch you through a VPN tunnel if the password is saved in the browser.

 

It is much better and faster to clone it with CCC, but it can be re-created, if needed.

http://www.macworld.co.uk/how-to/ma...os-x-el-capitan-yosemite-backup-free-3636717/