Previous 1 2 Next 19 Replies Latest reply: May 20, 2012 9:43 AM by iheartprint
itsjaff Level 1 Level 1 (0 points)

thank you every one so far helping me and so many others who are New in Mac or New in Virus world

I installed ClamXAV and it detected the followings tow things

 

4907.emlx Heuristics.Phishing.Email.SpoofedDomain

6824.emlx Heuristics.Phishing.Email.SpoofedDomain

 

Am I infected? what is this Phishing? is it safe to open my emails and do online banking?

 

did i get anything else that the ClamXav does not show or this is the only issue?

 

now what to do with them, Should I remove or delete them or put them in Quarantine

 

if I have remove or delete them please let me know how?

 

the computer is working normally and there is not any problems with the speed and internet so far "ThankGod"

 

and what to do with the sophos anti virus do I need to keep it or uninstall it


MacBook Pro, Mac OS X (10.6.7)
  • Kappy Level 10 Level 10 (257,675 points)

    No, you're not infected. Those are email messages being reported. May have come from a PC. I would not worry about them.

     

    Do not use two anti-virus programs. Uninstall one or the other.

  • K T Level 7 Level 7 (23,700 points)

    Did it label them as warnings, cautions or dangerous?

     

    Those are email warnings. ClamAV should have given you some idea of what, if anything, it did about them...

     

    Follow the instruction at ClamXav forums on how to delete only the infected message/email:

    http://www.markallan.co.uk/BB/viewtopic.php?t=118

  • Linc Davis Level 10 Level 10 (169,220 points)

    4907.emlx Heuristics.Phishing.Email.SpoofedDomain

    6824.emlx Heuristics.Phishing.Email.SpoofedDomain

     

    Am I infected?

     

    No.

     

    what is this Phishing?

     

    Messages you received with a link to a misleading domain name, making it seem to point to a different domain.

     

    is it safe to open my emails and do online banking?

     

    It's pretty common, I'm told, to receive email that purports to come from a bank, telling you that there's a problem with your account and you need to go to a certain website and enter your credentials. Of course, the website belongs to the phisher. If your bank's domain is, say, MyTurgidBank.com, then the phishing site's name would be something like MyTurgidBank.bogus.com. As long as you're intelligent enough not fall for that kind of scam, you're safe.

  • itsjaff Level 1 Level 1 (0 points)

    this is the message from ClamXav scan

    any idea what to do with the files (quarantine or delete) or leave it like that

    thanks all

     

    ----------- SCAN SUMMARY -----------

    Known viruses: 972011

    Engine version: 0.97

    Scanned directories: 163514

    Scanned files: 498782

    Infected files: 2

    Total errors: 588

    Data scanned: 32179.47 MB

    Data read: 72942.54 MB (ratio 0.44:1)

    Time: 8578.945 sec (142 m 58 s)

     

    One or more infected files were found, but were left where they are.  You can either deal with them yourself, or scan again with the preferences set to move them into a different folder.

  • Linc Davis Level 10 Level 10 (169,220 points)

    It doesn't really matter whether you delete them; they can do no harm. If you leave them, you'll keep getting the warnings when you run the scan. If you delete them, you probably have to rebuild the index of the mailbox they're in.

     

    If I were you, I'd lay off the virus scans. They're a waste of time. If you just can't resist, only scan your downloads folder. Viruses, which don't exist anyway, aren't going to appear by magic anywhere else.

  • carolinecaz Level 1 Level 1 (0 points)

    Hi Linc

     

    I have a similar problem to the person you have replied to.  I have just run a ClamXav scan because I had my brain off this morning and stupidly did fall for one of those scams!

     

    I am not sure if my 'heuristics.phishing.email.spoofeddomain' are from me opening a fraudulent email, or not at this stage ..

     

    But my question to you is - if you did happen to clink on the attachment (which tried to open a web page .. but didnt work) .. what would the next steps be?

     

    I am running ClamXav which so far has only given me the above reports .. and I checked in my Applications folder, and no new apps have been added ..

     

    Would you recommend buying a Norton Virus or McCaffee software ... or is there something else I can do to make sure that the "phisher" isnt accessing all my passwords and taking money out of my accounts.

     

    Appreciate any help you can give!!

  • Linc Davis Level 10 Level 10 (169,220 points)

    But my question to you is - if you did happen to clink on the attachment (which tried to open a web page .. but didnt work) .. what would the next steps be?

     

    If you didn't enter any information on a fraudulent web page, you're OK. Check your downloads folder and delete anything you don't recognize. Optionally, clear your browser cache and cookies.

     

    Would you recommend buying a Norton Virus or McCaffee software...

     

    Absolutely not. All commercial "anti-virus" products for the Mac are worse than useless. They cost, by my estimate, thousands of times more in wasted money and lost productivity than actual malware.

     

    ...or is there something else I can do to make sure that the "phisher" isnt accessing all my passwords and taking money out of my accounts.

     

    This particular phisher failed in his attempt to victimize you. Human intelligence is the best protection, and ultimately, the only protection. If you want the (mostly false) feeling that software is protecting you, open Safari preferences, go into the Security tab, and check the box labeled "Warn when visiting a fraudulent website." It may slow down your browsing a little.

  • carolinecaz Level 1 Level 1 (0 points)

    No nothing entered on the page .. by then my brain had started working and I rang the bank to check if it was legit.

     

    Appreciate your help!

  • macfrombrampton Level 1 Level 1 (0 points)

    HI

     

    I have discovered the same Virus problem. I opened a posst called 8399.xmlx. I remove the file but it comes back. I believe this is an intentional attack.

  • fane_j Level 4 Level 4 (3,660 points)

    macfrombrampton wrote:

     

    I have discovered the same Virus problem.

    No, you haven't.

    I opened a posst called 8399.xmlx.

    That's irrelevant to anyone else. "8399" is the number assigned by Mail.app to this message on your computer, and ".emlx" is the file name extension which indicates it's an email message managed by Mail.app.

    I remove the file but it comes back.

    That's because you have an IMAP mail account and you didn't delete from the server. I believe that, in a different thread, you were told that you needed to remove it from the server, otherwise it would keep showing up.

  • fane_j Level 4 Level 4 (3,660 points)

    Linc Davis wrote:

     

    Viruses, which don't exist anyway, aren't going to appear by magic anywhere else.

    A slip of the keyboard, I believe. I think Linc is saying, "Mac viruses, which don't exist anyway". There are plenty of viruses in Windows.

  • fane_j Level 4 Level 4 (3,660 points)

    itsjaff wrote:

     

    any idea what to do with the files (quarantine or delete) or leave it like that

    First and foremost, read the (very short) ClamXav documentation.

     

    <http://www.clamxav.com/documentation.php>

     

    especially the "Dealing with Infected Files" section.

     

    If the item is an email message (.emlx), choose Reveal in Finder, then, in Finder, double-click on it to open it in Mail, then, in Mail, delete it (do not delete it in Finder). Once you've deleted all suspicious email messages, choose Mailbox > Erase Deleted Items. If your email account is IMAP (rather than POP), you will likely need to delete it from the server as well.

  • MadMacs0 Level 5 Level 5 (4,605 points)

    @macfrombrampton,

     

    I wrote out detailed instructions last night in the other thread explaining exactly how to get rid of it. Did you try that?

  • macfrombrampton Level 1 Level 1 (0 points)

    I have deleted the mail and Clamxav has removed the Virus but it keeps coming back.

Previous 1 2 Next