Previous 1 2 3 4 5 Next 71 Replies Latest reply: Feb 1, 2012 12:19 PM by BDAqua Go to original post
  • V.A.P. Level 1 Level 1 (0 points)

    Hi MadMacs0 , BDAqua-

    Thanks for the help, I have found the emix file that was infected. It was in the sent messages in my mail box, don't see anything for my husband's mailbox.

     

    Not sure what to do now, however.

    What would the next step be?

    v.

  • V.A.P. Level 1 Level 1 (0 points)

    Hi, again.

    I see that the 3668.emix is now listed under source list on clamxav result panel.

    And, just to be clear, I now have that results panel on desktop, the scan log and the 3668.emix file on desktop (from when I tried to drag it from the trash and it jumped to the desktop).

    I am hopeful that you will see my plea, again, and that this will all come to a happy end, and you folks wont have to be bothered by me anymore.

    Thanks,

    v.

  • BDAqua Level 10 Level 10 (119,850 points)

    Quit Mail & ClamXAV, drag that file back into the Mail folder it came out of, then double click on it to have Mail open it, then in Mail move it to the Trash & empty the Trash.

  • MadMacs0 Level 5 Level 5 (4,510 points)

    V.A.P. wrote:

     

    Thanks for the help, I have found the emix file that was infected. It was in the sent messages in my mail box, don't see anything for my husband's mailbox.

     

    Not sure what to do now, however.

    What would the next step be?

    The only thing I can add to what BDAqua has said is that it's a bit unusual to find something like that in your Sent folder. Possibly something you received and have already deleted but forwarded on to somebody else, so you might want to warn that person. As I recall it was labeled as some sort of Phishing infection, but we never identified exactly what type. Just tell them not to follow any link that was included in the message.

  • V.A.P. Level 1 Level 1 (0 points)

    Do you mean drag the file that is sitting on the desktop that I had tried to drag back into the clamxav pane?

    I apologize but I am not sure how to drag that into the Mail folder if I quit mail.

    Should I have the library/mail file open on desktop?

    As you can see, I am in the dark.

  • V.A.P. Level 1 Level 1 (0 points)

    MadMacs0 - how do I know who it was sent to? I did forward (at their request) the suspect emails to security at the insurance company which the emails supposedly came from. Could that have been it?

    The log showed:

    users/___/library/mail/pop-my email/sent messages.mbox/messages/3668.emix:HTML.Phishing.Auction-25 FOUND

     

    I have stopped sending out emails since this all began on 1/10/12. I did forward an email to a mailing list on that day, but not sure if that was before opening the emails in question.

    thanks, v.

  • BDAqua Level 10 Level 10 (119,850 points)

    You have to open the Mail folder in the Finder, not Mail, then drag it, but I'm not sure that is important really, just worried MadMacs0 might know something, but I think you can launch Mail & Rebuild the Index & things would be fine, then we can work on why it won't trash from the Desktop.

  • MadMacs0 Level 5 Level 5 (4,510 points)

    V.A.P. wrote:

     

    how do I know who it was sent to? I did forward (at their request) the suspect emails to security at the insurance company which the emails supposedly came from. Could that have been it?

    The log showed:

    users/___/library/mail/pop-my email/sent messages.mbox/messages/3668.emix:HTML.Phishing.Auction-25 FOUND

    I'm sure that's the case. For that particular infection clamav is looking for "our records indicate your account was involved ********** in activities that violate our policy governing seller non-performance". I added the "*" to keep the AV software from thinking this page is infected when it shows up in your browser cache.  Sounds like you did exactly the right thing.  As long as you don't click on whatever link was included in that message and then fill in privacy information in the form that appeared in your browser, you are in no danger whatsoever from this e-mail.  But you might as well get rid of it so it won't ever show up in future scans.

     

    Are you clear on returning the message to the Sent folder now?

  • MadMacs0 Level 5 Level 5 (4,510 points)

    BDAqua wrote:

     

    just worried MadMacs0 might know something, but I think you can launch Mail & Rebuild the Index & things would be fine, then we can work on why it won't trash from the Desktop.

    That's what my plan B solution would be as it seems to work for most folks that aren't using gmail.

  • V.A.P. Level 1 Level 1 (0 points)

    BDAqa, again, sorry, I don't see mail under the finder menu, and not sure what you mean. You don't mean into the mail icon on the dock, do you?

     

    And, when you say... work on why it wont trash from the desktop, do you mean the 3668.emix one that I tried to drag from the trash, after MadMacs0 had said not to delete? I didn't try anything with it when I couldn't undo the delete from the clamxav result panel. Thought I would mess up the manner of preventing mailbox corruption and the guarantee of deletion from the email server as well as on the hard drive (as per MadMacs0).

     

    So I have succeeded in confusing myself further.

  • BDAqua Level 10 Level 10 (119,850 points)

    Sorry I'm not being clear.

     

    In Finder's Menu, select Go menu>Go to Folder, and go to or paste this in...

     

    ~/Library/Mail/

     

    A Finder Window opens, find your Accounts folder & the inbox folder, or was it the Sent one it came out of in it, open it... do you see other .emlx files there?

     

    But wait, I just tested deleting some .emlx files and starting Mail & rebuilding that account, it took awhile to rebuild since it was huge, (11,241 eMails), but all is well with Mail.

     

    You'd want to first use WebMail to remove it from the Server if IMAP or leaving Messages on a POP server, but then it should be safe to just trash that file & rebuild Mail next time you start Mail.

  • MadMacs0 Level 5 Level 5 (4,510 points)

    V.A.P. wrote:

     

    BDAqa, again, sorry, I don't see mail under the finder menu, and not sure what you mean. You don't mean into the mail icon on the dock, do you?

    I hesitate to barge in on BDAqua here, but it's been a few minutes and I know you are anxious to put this behind you.

     

    He means for you to open a Finder window and navigate to Users/___/Library/Mail/POP-my email/Sent Messages.mbox/Messages/. Then move the window so you can see the email on your desktop and drag it to that Messages folder.

  • V.A.P. Level 1 Level 1 (0 points)

    OK, I have seen how to drag the file as MadMacs0 has indicated. However I now see that BDAqua has said, but wait.

    After that (you'd want to use WebMail...) you lost me

     

    Please don't give up on me. I live in a remote area and not many Mac helpers here (aside from the fact that the eMac weighs many pounds).

    v.

  • BDAqua Level 10 Level 10 (119,850 points)

    I hesitate to barge in on BDAqua here...

    Oh, heck no, never hesitate when help is needed.

  • MadMacs0 Level 5 Level 5 (4,510 points)

    There have been exmples of people loosing other email, as recently as last week, by going through what BDAqua did which is why I don't recommend it as the primary means of deletion, only as a last resort.