Previous 1 2 3 4 5 Next 71 Replies Latest reply: Feb 1, 2012 12:19 PM by BDAqua Go to original post
  • V.A.P. Level 1 Level 1 (0 points)

    At the risk of sounding wacky, I have been thinking about when I opened up safari to get to this forum just after my clamxav experience (I was tired). When the home page url was showing, but had not yet opened, another page opened on top of it. This had a lot of info and graphics about movies and watching a trailer for Rango... I thought I had accidentally clicked on an ad somehow and I closed it to get on with my quest. It was afterward that I realized this happened only once before, yup, the time when everything started going wrong. Will I have another file somewhere now that is infected as well?

     

    I hope one of you computer experts can help someone who is not!

  • V.A.P. Level 1 Level 1 (0 points)

    Oh, I have just seen your post (after I posted another question). I will try this after dinner.

    Will you also explain what to do with the clamxav on the desktop & how to set to only scan incoming mail?

    What to do with it when I get the new iMac also, I guess.

     

    Sorry, I am a pest.

    Thanks,

    v.

  • Klaus1 Level 8 Level 8 (45,510 points)

    Install it properly in your Applications folder, then set it up in its Preferences.

  • BDAqua Level 10 Level 10 (119,655 points)

    Will you also explain what to do with the clamxav on the desktop & how to set to only scan incoming mail?

    I think this is how you do it, after not scheduling any Scan, set a watched folder...

    clamXAVwatchMail.jpg

  • BDAqua Level 10 Level 10 (119,655 points)

    Will I have another file somewhere now that is infected as well?

    Not likely, if using Safari, under Safari menu do you have block Pop-up windows selected?

  • V.A.P. Level 1 Level 1 (0 points)

    Yes, I do. That's correct?

    I will have to wait and attempt these things tomorrow.

    I do so appreciate everyone's help, and I will report back.

    V.

  • BDAqua Level 10 Level 10 (119,655 points)

    Yes, I do. That's correct?

    Yes, I guess they're using javascript or some other method to pop up the windows then.

     

    Would you have a link to the pop up, or what your home page is set to?

  • MadMacs0 Level 5 Level 5 (4,500 points)

    V.A.P. wrote:

     

    I have run the clamxav and it found 3 infected files.

     

    They are

    file: animan.class-5953..., infection name: Exploit.Java.Byte...

    file: ms03011.jar-3847f... , infection name: Java.ByteVerify-1

    file: 3668.emlx, infection name: HTML.Phishing.A...

    Without the complete name of the infection, I can't give you any details on what they might be (you can see the entire name of the infection by dragging the column wider in ClamXav or seaching the Scan Log), but none specifically target Mac OS X, so I would guess you can safely delete them. If you are using TImeMachine or some other backkup software check back here before you delete anything.

     

    The first two appear to be Java code of some sort. To delete them simply Right-click / Control-click on either the file or infection name in the ClamXav window and choose "Delete File".

     

    In the case of the .emlx file, this is an e-mail file which should be handled in a slightly different manner to prevent mailbox corruption and guarantee deletion from the e-mail server as well as your hard drive. Again  Right-click / Control-click on either the file or infection name in the ClamXav window but this time choose "Reveal In Finder". In the window that opens double-click on 3668.emlx to open it in your e-mail client then use the e-mail client applications delete button to safely delete it. If you have chosen to move deleted files to a trash folder, be sure you empty that, as well. If this happens to be from a gmail account, you may find that you have to also log into it using webmail on your favorite browser, check the "All Mail" folder and permanently delete it from there. Kind of a pain, but that's really the only safe and sure way of handling e-mail.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    V.A.P. wrote:

     

    Will you also explain what to do with the clamxav on the desktop

    What is on your desktop, the ClamXav application or the .dmg file you downloaded?

     

    If the Application, you should have followed these Installation instructions. If it's the ClamXav_2.x.x.dmg file and you have properly installed it, then you can throw it away. If you think you might want to uninstall it at some time in the future you may want to either hold onto it, copy the "ClamAV Engine REMOVER" script somewhere or you can just redownload the .dmg at that time.

    & how to set to only scan incoming mail?

    http://www.clamxav.com/docs_sentry.php

    What to do with it when I get the new iMac also, I guess.

    If you migrate from your current computer it should copy everything you need, including your settings.

     

    If you still have questions, please come to the ClamXav Forum and you will probably find a quicker answer.

  • V.A.P. Level 1 Level 1 (0 points)

    BDAqua, Here is what I found in history for yesterday.

     

    http://www.nytimes.com/adx/bin/adx_click.html?type=goto&opzn&page=homepage.nytim es.com/index.html&pos=TopLeft&sn2=ab8a95f5/87622a3f&sn1=

    646ae0af/61e48cc8&camp=Weinstein_2012Awards2_1794123_nyt5&ad=TWC_Awards2_184x90_ L&goto

    =http://ad.doubleclick.net/jump/N6103.276948.NYTIMES5/B6243199.19;sz=184x90;pc=ny t178485A290094;ord

    =2012.01.26.21.30.18?

     

    Please let me know if this is innocent (I could not go to this when clicked in history, only a quick glance and then to opening page,nytimes.com), or if I need to do something about it.

     

    I am going to attempt the instructions you all have sent. I would have marked all entries as helpful, but I can't find the way to do that after marking one of them. Any help on that would also be appreciated.

     

    I will report findings back.

    thanks!

    V.

  • V.A.P. Level 1 Level 1 (0 points)

    MadMacs0, Yikes, I inadvertently (blew it) chose delete on the emix file and then tried to drag it from trash.

    It still says deleted under status on clamxav panel.

    What to do? Help!

    V.

  • V.A.P. Level 1 Level 1 (0 points)

    MadMacs0- correction it says moved to trash. I now have the file on my desktop, along-side the clamxav findings.

    Thanks!

    v.

  • V.A.P. Level 1 Level 1 (0 points)

    MadMacs0 - are you still there? I haven't found how to post question (cry for help!) in a forum for clamxav.

    I need to leave for an appt. in 45 minutes and I have all of this stuff dangling on my desktop.

     

    If anyone else knows how to fix the damage I have done by choosing delete for the file that was in clamxav results for email. I tried to undo the delete, but no way to do it. I dragged the file from trash (the other two are

    still in it) but it didn't go back into that pane, and is now on desktop.

    I realize I am a moron and have created more problems, but please advise on how to fix this so I don't have problems with mail, etc...

  • BDAqua Level 10 Level 10 (119,655 points)

    The emlx file goes in the...

     

    Users/YourUserName/Library/Mail...

     

    path & a bit more deeper with the rest of the numbered .emlx files, at that path you should see other folders to open lkie POPdahdahdah or such.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    V.A.P. wrote:

     

    MadMacs0 - are you still there? I haven't found how to post question (cry for help!) in a forum for clamxav.

    Good morning (at least where I am), sorry I missed you.  You can find the ClamXav Forum here if you need assisstance in the future.

    Yikes, I inadvertently (blew it) chose delete on the emix file and then tried to drag it from trash.

    There is a recovery proceedure for that which usually works, but as you guessed the safest way is to put it back.

     

    Open the Scan Log and seach for the file name "3668.emlx". If you don't find it right away, that just means that the window is only displaying part of the log. In the lower right corner of the window you will see

    ▲ Earlier | ▼ Later. Click the Earlier button until you find it. That will tell you which Mailbox it came out of. I wouldn't be surprised to find that it was "Junk" or "Trash" if you use those.