Previous 1 2 3 4 Next 58 Replies Latest reply: Apr 26, 2012 6:41 PM by eww Branched to a new discussion.
macfrombrampton Level 1 Level 1 (0 points)

I have a virus that continues to appear but gets detected by ClamXav. The identified virus is 8399.emlx and it is found in my

/Users/(Mydirectory)/Library/Mail/IMAP-(My email)@imap.gmail.com/[Gmail]/All Mail.imapmbox/Messages/8399.emlx:

 

After it is found it reappears and the only function I am performing is Web browsng with no downloads. Anyone have any experience or knowledge of the virus?


MacBook Pro, Mac OS X (10.6.8)
  • fane_j Level 4 Level 4 (3,660 points)

    In ClamXav, choose Help > ClamXav Help, or go to

     

    <http://www.clamxav.com/documentation.php#infected>

     

    and read Dealing with Infected Files. Heed the warning about deleting or putting in quarantine e-mail messages. So use Reveal in Finder to show the respective file, double-click on it to open it in Mail, and delete it. Then make sure to delete the message from server, otherwise it will show up again.

     

    As to the malware itself, it's not going to affect your Mac in any way. But, by finding and deleting it, you made sure you wouldn't pass it on to a Windows-using friend or acquaintance, who might very well have been affected. You've done your good deed for the day. You can now go to sleep with a clear conscience.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    macfrombrampton wrote:

     

    I have a virus that continues to appear but gets detected by ClamXav. The identified virus is 8399.emlx and it is found in my

    /Users/(Mydirectory)/Library/Mail/IMAP-(My email)@imap.gmail.com/[Gmail]/All Mail.imapmbox/Messages/8399.emlx:

    Actually, that's the name of the e-mail message file that may be infected. It's not a virus nor is it the infection name.

    After it is found it reappears and the only function I am performing is Web browsng with no downloads. Anyone have any experience or knowledge of the virus?

    You don't say how you are trying to get rid of it, but there is only one way to safely process an infected e-mail and that is from within the e-mail client (Apple Mail in your case).  Otherwise you will most certainly corrupt the mailbox index (which can usually be fixed by rebuilding the mailbox), could cause you to lose additional e-mails and as you found, sometimes does not delete the file from the server, so it comes to your computer again the next time you check for new mail.

     

    You can either navigate to the location shown above or the next time ClamXav finds it, Right-click / Control-click on the file or infection name and select "Reveal In Finder" from the contextual pop-up menu.  Once the file appears in the "Messages" window, double-click on 8399.emlx and read the message. If you agree that it is an infected message that you don't need, make note of the date and subject of the e-mail (you will need this in the step below) then use the Mail delete button to trash it, then if you have elected to move deleted message to the trash, be sure to empty the trash mailbox. If it appears to be a false alarm and is an e-mail you want to retain, write down the number so that you can ignore it during future scans.

     

    With gmail accounts, there is sometimes an additional step to permanently delete the message. Log into your gmail account in webmail using your favorite browser. Go to the "All Mail" mailbox, search for that message using the subject and date copied above. Use the webmail delete button and again make sure to empty the trash if there's anything there.

     

    And in the future I would encourage you to visit the ClamXav Forum where you will find the answer to most situations and usually a faster response if you don't find it.

  • macfrombrampton Level 1 Level 1 (0 points)

    MadMacs0 you are correct. I placed the filename the name of the Virus that Clamxav found is "Heuristic.Phishing.email.SpoofedDomain" the file 8399.emlx was removed several times but it keeps coming back. Any ideas?

  • MadMacs0 Level 5 Level 5 (4,500 points)

    macfrombrampton wrote:

     

    MadMacs0 you are correct. I placed the filename the name of the Virus that Clamxav found is "Heuristic.Phishing.email.SpoofedDomain"    

    Heuristic means there is a chance that it guessed incorrectly and there is nothing wrong with the message. Phishing and SpoofedDomain means that as long as you don't click on the link and enter privacy information on the web site it takes you to, the message is harmless.

    the file 8399.emlx was removed several times but it keeps coming back. Any ideas?

    Huh? I spent about half an hour outlining detailed instructions on how to take care of it. Have you tried all of it?

  • macfrombrampton Level 1 Level 1 (0 points)

    I belive this is a valid virus. I noticed that when I sent an Email in some cases the Email was not sent. Once it was removed the Email message when through.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    macfrombrampton wrote:

     

    I belive this is a valid virus.

    There are no known viruses that effect Macs unless they are running Windows. "Heuristic.Phishing.email.SpoofedDomain" e-mails do not affect e-mail in any way. If valid the only way it can hurt you is if you click on the spoofed domain link which will open in your browser. There they will ask you for privacy information in an attempt to steal it (e.g. login and password, credit card number).

    I noticed that when I sent an Email in some cases the Email was not sent. Once it was removed the Email message when through.

    Coincidence.

     

    How far did you get in the process I outlined above for permanently deleting this?  WHat is the subject of the email? Who is it supposedly coming from? How long has it been in your email? If you don't do what I suggested it will be there forever.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    I got a report tonight that Google has fixed the problem with gmail remaining in the All Messages folder after deletion. Have not had a chance to check it out yet, but if you delete the message again and make sure it's not in your trash, it should be gone for goo now.

  • macfrombrampton Level 1 Level 1 (0 points)

    This is a Virus as it has appeared in the same spot after more than 10 deletions and i noticed other posts.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    macfrombrampton wrote:

     

    This is a Virus as it has appeared in the same spot after more than 10 deletions and i noticed other posts.

    Listen to me.  There are no Mac viruses, period, and a phishing email is not a virus.  That message is still on Google's gmail server and gets downloaded to your hard drive every time you check for new mail.

     

    As I said last night, Google reportedly has a fix for that, so it perhaps it will now go away.

     

    If you want it to be gone for good then you I strongly recommend you log onto Google gmail using your browser, not Mail and delete the message there, but to find it you must know the subject and date it was sent out.  If you haven't opened it up to find that information then you may be stuck with it forever.

  • macfrombrampton Level 1 Level 1 (0 points)

    This is a virus for 2 reasons

     

    1) Clamxav finds this virus even though it has showed up with 3 different file names

    2) I removed the file from mail and the Gmail server and it still shows up

  • MadMacs0 Level 5 Level 5 (4,500 points)

    macfrombrampton wrote:

     

    This is a virus for 2 reasons

     

    1) Clamxav finds this virus even though it has showed up with 3 different file names

    2) I removed the file from mail and the Gmail server and it still shows up

    OK, I see your point, but since it's only showing up on your Mac because it keeps showing up on the Server (as a new message, if I understand what you are saying) it's not spreading by itself, which is what a virus can do.

     

    Are all these messages from the same source? Does it appear to be from an organization you deal with or just junk mail?

     

    The reason I ask is that in my mail I have 20 or so e-mails that have been identified as heuristic.phishing and they are all newsletters from my credit union that contained a link to FaceBook. It was flagged because it didn't come from FaceBook. When I complained that I didn't think FaceBook deserved to be protected as a financial institution and that it would be referenced by hundreds of organizations looking to be "liked" they removed it. I still get a few similar hits, but in every case both the e-mail and the link have checked out and I want to keep them. I just make note of the file names and ignore the hits.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    Just to satisfy my curiosity, I scanned all my email last night and found three labeled as "Heuristic.Phishing.email.SpoofedDomain". All three were credit union newsletters with a real link to the IRS, which is one of the clamav protected sites.

  • cornelius Level 6 Level 6 (17,825 points)

    This is a virus for 2 reasons

     

    1) Clamxav finds this virus even though it has showed up with 3 different file names

    2) I removed the file from mail and the Gmail server and it still shows up

    Repeat: There are no known viruses for Mac OS X in the wild. If it were a virus your who HD would by now be erased or affected in some other way. ClamxXav and other AV software can raise false alarms. If it were a virus it would be so new that it would not even be in ClamX database.

  • macfrombrampton Level 1 Level 1 (0 points)

    This virus appears to be coming from false Google alerts emailed to me. I would like to know from any other Macbook OS snow leopard if they know the function of this virus. If Clamav is able to identify it as "Heuristic.Phishing.email.SpoofedDomain" then there must be a function for this virus.

Previous 1 2 3 4 Next