My backups are infected!
QOut of the blue, my antivirus software has started informing me that two old documents in my Time Machine backup contain W97M viruses. As they can’t be modified, what can I do? by John Craddock
AThey’re almost certainly spurious false positives. But before assuming they are, ensure that all other storage connected to your Mac is as clean as a whistle. If any viruses are detected there, that could indicate a genuine problem.
Most antivirus products look for files with suspicious signatures. When their definitions are updated, they sometimes gain new signatures that trigger warnings incorrectly in this way. Check with the vendor’s support site and forums to see if other users are reporting similar problems.
Use the app’s settings to exclude the files from scans. Consider switching to a more reliable antivirus tool, such as Malwarebytes (malwarebytes.com/mac) or DetectX (sqwarq. com), which don’t appear to be as prone to such false positives.
If you do think these files might be infected or infectious, you’ll need to delete them using the Time Machine app. Find and select the files there, then click the toolbar’s Action button (a cog) for an option to delete all versions.
As they’re claimed to carry W97M, they’re only a concern if passed to a vulnerable system, not your Mac. Note that macOS’s built-in security only checks for and removes malware that affects macOS, not Windows.
Using the Time Machine app is the only safe way to remove infected files from your Time Machine backup.