Currently Being ModeratedSep 16, 2012 9:29 PM (in response to donnyfromharker heights)
donnyfromharker heights wrote:
I ran clamxav on my imac and suspects trojan & bredozip I need help.
click in the ClamXav window and Type Command-A and Command C to select and copy exactly what it told you and then come back here and paste it into a reply.
Currently Being ModeratedSep 17, 2012 4:15 AM (in response to donnyfromharker heights)
Bredozip (more commonly known as Bredolab) is Windows malware. Although it cannot affect your Mac, it would still be a good idea to delete it. Follow MadMacs0's directions, and don't delete anything until you've gotten a reply from him. I believe bredolab/bredozip is frequently attached to e-mail, and deleting an e-mail message from ClamXav will corrupt the mailbox that message resides in.
Currently Being ModeratedSep 17, 2012 2:16 PM (in response to MadMacs0)
Mad mac thank you for getting back w me .I couldnot figure out how to type in the window but took a pic last night of what it said ,,DHL_Document.exec Suspect.Trojan.G...
Currently Being ModeratedSep 17, 2012 3:26 PM (in response to donnyfromharker heights)
donnyfromharker heights wrote:
I couldnot figure out how to type in the window
You just needed to make sure that ClamXav was the active application by clicking it's window, then those two keystrokes would have automatically copied everything in it to your clipboard so you could paste it here. You can do the same thing from ClamXav's "Edit" menu with "Select All" and "Copy."
but took a pic last night of what it said
And as you found it didn't copy the full Infection name, but since none of them contain the letters "OSX" it means that none of them can impact your Mac directly.
The first one is one of 15 that start with "Suspect.Trojan.Generic."
The second is one of 16 that start with "Suspect.Bredozip-zippwd-"
Although both are only suspected, I doubt that they would be of any interest to you and are probably enclosures to the next two e-mail messages. They are almost certainly Windows malware and you can safely delete the first two by right-click / control-click on the file or infection name and selecting "Delete File" from the pop-up menu.
The next one contains the phrase "dear*customer.*the*parcel*was*send*your*home*address.*and*it*will*arrice*withi n*7*bussness*day." except that I substituted "*" for spaces so that this entry won't be falsely identified.
The last one is one of several types that do not match a particular signature, rather something about the way the message was formatted caused the scan engine to flag it to your attention as a warning. It probably contains a URL that may or may not take you to the site indicated. Phishing involves directing a user to a fake site in order to attempt to obtain privacy information (e.g. username and password). It can easily be a false alarm and should be read before deciding whether to delete or retain.
So for the last two you need to use Apple Mail to delete the files. Here's my standard guidance for handling all infected e-mails:
Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.
So, if you choose to "Scan e-mail content for malware and phishing" in the General Preferences, make sure you do not elect to either Quarantine or Delete infected files.
When possibly infected e-mail files are found:
- Right-click/Control-click on either the infection or file name in the ClamXav window.
- Select "Reveal In Finder" from the pop-up menu.
- When the window opens, double-click on the file to open the message in your e-mail client application.
- Read the message and if you agree that it is junk/spam/phishing then use the e-mail client's delete button to delete it (this is especially important when the word "Heuristics" appears in the infection name).
- If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.
- If this is a G-mail account and those messages continue to show up after you have deleted them in the above manner, you may need to log in to webmail using your browser, go to the "All Mail" folder, find the message(s) and use the delete button there to permanently delete them from the server.
To fix a corrupted mailbox index(es), highlight each one that was corrupted and choose Rebuild from the appropriate menu.