Do I have a virus/malware problem? Idiot needs help

Allowing Archive Utility to unzip a file is not remotely dangerous. Someone could have e-mailed you the most dangerous Mac malware in the world (currently, that's kind of like saying someone gave you the most dangerous bunny in the world, but bear with me! 🙂) and you could safely unzip it. The only danger would come if you tried to open whatever was inside the .zip file, which you would have to do manually.

So, in other words, you're safe. If you deleted the .zip file and whatever contents Archive Utility extracted into the same folder as the .zip file, all is good.

As for scanning with ClamXav, you can certainly download it from the App Store, though that version is limited to only doing manual scans of specific folders. If that's all you want, great, but if you want the more full-featured version, you need to get it from the ClamXav website:

http://www.clamxav.com

For more information on the topic of Mac malware, see my Mac Malware Guide.

MacHagan wrote:

Hello, Received an email from 'Royal Mail Global' saying that they had failed in delivering a package and to open the attached '.zip' file. Without thinking, I opened the file- it didn't launch anything.

First of all, your Lion OS would have notified you if that was anything currently known to be dangerous. If it was malware it was almost certainly designed for Windows and of no consequence to OS X. If you are certain that the email is spam/junk/hoax then use the delete button in your e-mail client to get rid of it. Check the trash folder and delete it from there, if necessary. If this is a Gmail account, let me know as there may be one more step.

When you say you opended the file, I assume you used an open button or double-clicked the attachment symbol? And then it didn't launch anything, but it should have launch the Archive Utility to unzip the attachment. Did that not happen? Did you see anything after you "opened it"?

Even if it was unzipped, sitting in an attachment folder somewhere and is malware, it won't do anything at all until you attempt to open it. And as I said previously, it's almost certainly for Windows users, anyway.

If you followed the suggestion to use ClamXav (or any other A-V software), there are some special considerations regarding e-mail. Here are my standard cautions:

Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.

So, if you choose to "Scan e-mail content for malware and phishing" in the General Preferences, make sure you do not elect to either Quarantine or Delete infected files.

When possibly infected e-mail files are found:

1. Right-click/Control-click on either the infection or file name in the ClamXav window.
2. Select "Reveal In Finder" from the pop-up menu.
3. When the window opens, double-click on the file to open the message in your e-mail client application.
4. Read the message and if you agree that it is junk/spam/phishing then use the e-mail client's delete button to delete it (this is especially important when the word "Heuristics" appears in the infection name).
5. If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.
6. If this is a g-mail account and those messages continue to show up after you have deleted them in the above manner, you may need to log in to webmail using your browser, go to the "All Mail" folder, find the message(s) and use the delete button there to permanently delete them from the server.

For instructions on how to handle any infections that do not involved e-mail, use the Help menu or go directly to this link Dealing with Infected Files.

MacHagan wrote:

Hi MadMacs0 and thank you for your post. The 'archive utility' did open and try to 'unzip' the file: there was just an empty screen.

In that case it almost certainly succeeded in unzipping it and that is all it's designed to do, it would not have tried to open it.

I have deleted everything and emptied thrash. Where can I look or how can I be sure that nothing is sitting on the system as an attached file.

Depends on what you use for an e-mail client.

No warnings appeared and I did not have to confirm a decision by inputting the system password, also no executable file launched. Is the ClamXav program in the App Store?

Either that or the one that Thomas pointed out.

What is the best way to remove the programme once finished?

What programme?

If you are talking about the potentially infected file then you can find instructions on how to deal with it by using the ClamXav help menu or going directly to Dealing with infected files.

If you are talking about removing ClamXav I'm not sure why you would want to do that. If you use the one from the AppStore then you uninstall it the way all AppStore apps are deleted http://support.apple.com/kb/PH11358. If you choose the one from the web site then follow the instructions in FAQ 22. For any remaining questions about it's use go to the ClamXav Forum for faster, more efficient answers.

The nice thing about eternal is that you will forever be cautious about opening email attachments.🙂

Download the free ClamXav Anti-Virus for OS X. It is compatible with Mountain Lion. Do a full scan.

Then you can remove ClamXav, if you wish. Apple has some anti-malware bits in the OS too.