For fastest, most efficient answers to questions such as these, always start at the ClamXav Forum.
klahaye wrote:
Now worried about my MAC since the ClamXav app shows I have several infections, including
Psx.Adware.Geonei-9
Win.Trojan.Genieo
I suspect the first is actually Osx.Adware.Geonei-9 which tells me you have accidentally installed Genieo adware. The fastest, most effective way to identify and optionally remove all currently known adware is by using AdwareMedic, developed by thomas_r. this Forum's malware guru, owner of TheSafeMac and a colleague of mine.
To understand why this happened and how to avoid such things in the future read John Galt's How to install adware.
The "Win" normally means Windows only, but in this case I'd have to guess it's part of your Genieo installation.
Email.Phishing.Bank-34
The signature for this one is "we have detected a slight error in your billing" in an e-mail message.
HTML.Phishing.Bank-162
has an HTML signature of "now_need_you_to_re-confirm_your_account_information_to_us._if_this_is_not_comp leted" except that I substituted underlines "_" for spaces to keep my entry from being identified as infected.
Since you already said you are aware of such things, then chances are you have already decided to deal with it as Junk or Deleted Mail. In such a case, it's always best to go through your Junk/Spam and Trash/Deleted Mail folders and empty them before running a scan so you don't have to re-discover them.
Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.
When possibly infected e-mail files are found:
- Highlight the entry in the ClamXav window's top pane that needs to be dealt with.
- Right-click/<Control>-click on the entry.
- Select "Reveal In Finder" from the pop-up menu.
- When the window opens, double-click on the file to open the message in your e-mail client application.
- Read the message and if you agree that it is junk/spam/phishing then note the date and subject of the message and close the e-mail window. Now, using your e-mail client, locate that message in whatever mailbox folder it was found in and delete the message using the delete button. Reading it is especially important when the word "Heuristics" appears in the infection name.If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.
- If this is a g-mail account and those messages continue to show up after you have deleted them in the above manner, you may need to log in to webmail using your browser, go to the "All Mail" folder, find the message(s) and use the delete button there to permanently delete them from the server. Then check the "Trash" folder and delete them there.
