You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Good morning everyone,
I'm writing here because this morning I've accidentally opened an attachment from an e-mail that I have discovered is the Ursniff trojan. Can you calm me please ? Is it a windows trojan only ? Is there the possibility I infected my iMac? Let me know please. Sorry for my bad english and thank you.
iMac 27" 5K, macOS 10.14
Ok. Done. Thank you very much for your instructions. I deleted the file Normal.dotm and after emptied the trash I relaunched word again. Now, there is a new normal.dotm created into the previous destination. Fortunately I didn't create any other word documents. Now, Do you think there could be other risks? I could reset the hard drive if necessary. Or maybe I'm just too paranoic :) I just want to be sure to be safe. I always use my iMac also to do bank operations...
Ok. Done. Thank you very much for your instructions. I deleted the file Normal.dotm and after emptied the trash I relaunched word again. Now, there is a new normal.dotm created into the previous destination. Fortunately I didn't create any other word documents. Now, Do you think there could be other risks? I could reset the hard drive if necessary. Or maybe I'm just too paranoic :) I just want to be sure to be safe. I always use my iMac also to do bank operations...
Up to you, but it's unlikely you'd get the same spam from the same sender address.
Though that depends on how the spam filter works. If it's only looking for the sender address, you're unlikely to get that particular junk from the same sender address, and the next, otherwise identical spam would end up in your Inbox anyway.
Ok I'm gonna delete it. I was really worried because I opened the .doc attachment inserting the password indicated in the email (received from the administration of my company) and I clicked on the macro button. But if you confirm me that the iMac cannot be infected I trust you. Thank you again.
Okay, you didn't say before what it was you got the file as. I assumed a typical Windows attachment such as an .exe or other item that works only with Windows.
An Office macro is pretty much the only Windows malware that can infect a Mac, so to speak. And it still can't unless you allow the macro to run after Word or Excel warns you the document has one. Unfortunately, you did.
The good news is the infection still can't do anything to a Mac. The bad news is any macro that's run becomes part of the Normal.dotm template. What happens then is every single Word document you save after that will now include this Windows macro virus.
Back to the good news, it's easy to get rid of. Close Word. Assuming you're running Office 2016 or newer, go to this folder in your user account:
/Users/your_account/Library/Group Containers/UBF8T346G9.Office/User Content/Templates/
Delete the file, Normal.dotm .
Launch Word. It will be forced to create a new default template and the macro virus will be gone. Unless, that is, you open any Word document you've created since infecting the previous template and once again allow the embedded macro to run (don't do that).
If you have created any infected documents, open a new blank document. Open the infected document and do not allow the macro to run. Copy/paste the document content into the blank document. Close and delete the infected file. Save the new file as the previous name. Repeat until all Word documents you many have created that include the macro have been replaced with clean versions.
Windows only. Just delete the email.
Thank you very much! Do you think is it better to move the email into the spam ? Or is it better to delete it directly?
Nope, there's nothing else to do. Even it you hadn't cleaned up the template, the macro only works in Windows.
ursnif infection
