How to remove Phishing from MacBook Pro

No, you're not infected. Those are email messages being reported. May have come from a PC. I would not worry about them.

Do not use two anti-virus programs. Uninstall one or the other.

Did it label them as warnings, cautions or dangerous?

Those are email warnings. ClamAV should have given you some idea of what, if anything, it did about them...

Follow the instruction at ClamXav forums on how to delete only the infected message/email:

http://www.markallan.co.uk/BB/viewtopic.php?t=118

4907.emlx Heuristics.Phishing.Email.SpoofedDomain

6824.emlx Heuristics.Phishing.Email.SpoofedDomain

Am I infected?

No.

what is this Phishing?

Messages you received with a link to a misleading domain name, making it seem to point to a different domain.

is it safe to open my emails and do online banking?

It's pretty common, I'm told, to receive email that purports to come from a bank, telling you that there's a problem with your account and you need to go to a certain website and enter your credentials. Of course, the website belongs to the phisher. If your bank's domain is, say, MyTurgidBank.com, then the phishing site's name would be something like MyTurgidBank.bogus.com. As long as you're intelligent enough not fall for that kind of scam, you're safe.

It doesn't really matter whether you delete them; they can do no harm. If you leave them, you'll keep getting the warnings when you run the scan. If you delete them, you probably have to rebuild the index of the mailbox they're in.

If I were you, I'd lay off the virus scans. They're a waste of time. If you just can't resist, only scan your downloads folder. Viruses, which don't exist anyway, aren't going to appear by magic anywhere else.

Hi Linc

I have a similar problem to the person you have replied to. I have just run a ClamXav scan because I had my brain off this morning and stupidly did fall for one of those scams!

I am not sure if my 'heuristics.phishing.email.spoofeddomain' are from me opening a fraudulent email, or not at this stage ..

But my question to you is - if you did happen to clink on the attachment (which tried to open a web page .. but didnt work) .. what would the next steps be?

I am running ClamXav which so far has only given me the above reports .. and I checked in my Applications folder, and no new apps have been added ..

Would you recommend buying a Norton Virus or McCaffee software ... or is there something else I can do to make sure that the "phisher" isnt accessing all my passwords and taking money out of my accounts.

Appreciate any help you can give!!

But my question to you is - if you did happen to clink on the attachment (which tried to open a web page .. but didnt work) .. what would the next steps be?

If you didn't enter any information on a fraudulent web page, you're OK. Check your downloads folder and delete anything you don't recognize. Optionally, clear your browser cache and cookies.

Would you recommend buying a Norton Virus or McCaffee software...

Absolutely not. All commercial "anti-virus" products for the Mac are worse than useless. They cost, by my estimate, thousands of times more in wasted money and lost productivity than actual malware.

...or is there something else I can do to make sure that the "phisher" isnt accessing all my passwords and taking money out of my accounts.

This particular phisher failed in his attempt to victimize you. Human intelligence is the best protection, and ultimately, the only protection. If you want the (mostly false) feeling that software is protecting you, open Safari preferences, go into the Security tab, and check the box labeled "Warn when visiting a fraudulent website." It may slow down your browsing a little.

No nothing entered on the page .. by then my brain had started working and I rang the bank to check if it was legit.

Appreciate your help!

HI

I have discovered the same Virus problem. I opened a posst called 8399.xmlx. I remove the file but it comes back. I believe this is an intentional attack.

macfrombrampton wrote:

I have discovered the same Virus problem.

No, you haven't.

I opened a posst called 8399.xmlx.

That's irrelevant to anyone else. "8399" is the number assigned by Mail.app to this message on your computer, and ".emlx" is the file name extension which indicates it's an email message managed by Mail.app.

I remove the file but it comes back.

That's because you have an IMAP mail account and you didn't delete from the server. I believe that, in a different thread, you were told that you needed to remove it from the server, otherwise it would keep showing up.

Linc Davis wrote:

Viruses, which don't exist anyway, aren't going to appear by magic anywhere else.

A slip of the keyboard, I believe. I think Linc is saying, "Mac viruses, which don't exist anyway". There are plenty of viruses in Windows.

itsjaff wrote:

any idea what to do with the files (quarantine or delete) or leave it like that

First and foremost, read the (very short) ClamXav documentation.

<http://www.clamxav.com/documentation.php>

especially the "Dealing with Infected Files" section.

If the item is an email message (.emlx), choose Reveal in Finder, then, in Finder, double-click on it to open it in Mail, then, in Mail, delete it (do not delete it in Finder). Once you've deleted all suspicious email messages, choose Mailbox > Erase Deleted Items. If your email account is IMAP (rather than POP), you will likely need to delete it from the server as well.

@macfrombrampton,

I wrote out detailed instructions last night in the other thread explaining exactly how to get rid of it. Did you try that?

I have deleted the mail and Clamxav has removed the Virus but it keeps coming back.

macfrombrampton wrote:

I have deleted the mail and Clamxav has removed the Virus but it keeps coming back.

Inthese instructions I specifically told you not to use ClamXav to remove the message. You have to use Apple Mail and perhaps your Browser to permanently get rid of it.