Hello. I use Bitdefender and I have a trojan virus on my backups in external drive using Time Machine. How can I delete the files in the backups? I tried and got a message that I could NOT. “The operation cannot be completed because backup items can’t be modified.”
Too hard, unless you know exactly where all the components of that infection were on you boot drive and even then it’s kind of a PITA. You shouldn’t even bother scanning backups for that reason.
Best practice is to simply remember to run BitDefender first thing after restoring anything from backup. Over time, all those files will eventually be removed in any case.
Bitdefender took me exactly to each file in the backup. They’re in the MAIL app downloads. I saw the files and tried to delete when I got that error message previously stated. The file is no longer in my Mac internal drive.
I understood all that and my recommendations stand.
The error message is correct. TimeMachine is protected and won’t allow any external application (including Finder and Terminal) from removing anything as that would permanently corrupt the index and likely render the entire backup useless. The same goes for backups of any kind.
The only way to delete Time Machine files is from within Time Machine, so you would need to “Enter Time Machine”, hunt down each of the files that BitDefender found and use the action menu (gear icon) to delete all copies of those files.
Your only other choice would be to completely erase the Time Machine volume and start from scratch.
As long as you have cleaned the infected Mac itself… then the best approach is to wipe the backup drive and start fresh.
Backups are not for long term archival of deleted files. They are there to get the current version of your Mac back up and running as quickly as possible.
Since we’re all lazy to some extent: is the infected file something that you’re likely to ever restore? If it has been removed/quarantined or deleted on the Mac then it is gone from the most up to date backup, ie, the one that would be restored. So you could just ignore the whole thing and move on
I think both posters above make good points. I would draw from both of them. If your Mac is clean, move on and just get a new disk for TM. I just bought a low-power WD 1TB on Amazon for $35 for TM (bare disk, will use it with one of my SATA docks). In the unlikely event that you need to get something off your old TM disk you can still weigh that risk against the need to restore that file. If you never need that TM disk again, it will remain in its dark corner and you’ll be safe.
The new TM disk will allow you to resume version control. Use a second disk to make a clone. I used to advocate DiskUtility for this since it’s built in, but Apple broke it. Fortunately, SuperDuper offers a free subset that’s perfectly sufficient for this task. With a clone you’ll have a longer-term backup (that’s — unlike TM — also bootable in the very worst case) in case this ever happens again. Set a Calendar reminder so that you copy over a fresh clone on a more regular basis. Doesn’t have to be often, more important is to not forget to do it.
Thank you. I appreciate your wisdom. Al, I did use Time Machine to find the file and I got the same error saying that I couldn’t delete. Nevertheless, since the files are no longer on my mac, I will take care of the external.
It is possible to browser the Time Machine backups using the Finder and manually copy files from the backup this way. I believe like others have suggested that the way BitDefender is taking you to the location where the infected files are is using this approach.
However again as others have indicated it is not possible to modify the backup i.e. delete files from the backup this way.
There is an official method to do this which has to be done via the Time Machine interface. The following is Apple’s official document describing how to do this.
Basically you in the Finder go to the corresponding location, then enter the Time Machine interface, if needed go back in time to when the file is listed in the backup and then as per Apple’s article use the Action menu to tell Time Machine to delete all copies of that file from the Time Machine backup and repeat for any other files.
Thank you to all. And jelockwood, I appreciate your link to Apple’s info.