Phishing email, I stupidly clicked on link, entered only personal details before realising. I deleted email and keep scanning with ClamXav but the infection keeps reappearing in the scan even though I keep deleting to trash.
ChitlinsCC wrote:
If AdwareMedic don't kill it (need a report from the OP) then we'll holler at Thomas - he'll wann know what it is - then figger how to kill it.
I've got to agree with MadMacs0 here... nothing that has been said so far is in any way indicative of adware being installed. A phishing e-mail is just that: an e-mail. No software needs to be installed in order for the user to click a link and enter information on the page the link goes to, and hels2310 didn't make any mention of installing any software. Unless there were also adware symptoms involved, there would be no reason to use AdwareMedic in a case like this.
ChitlinsCC wrote:
Maybe it is just an un-delete-able email. What's THAT!?!
A common occurrence when you let A-V software or the Finder move messages around. The mailbox index contains envelope data on each message, so when a message vanishes the e-mail client may realize that something is wrong and check with the e-mail server to replace it, so it comes right back on the next check for new mail. This happens with IMAP mail or in the case of POP3 when you allow messages to remain on the server until deleted by the client. It can also happen these days if you allow iCloud to sync mail between computers and devices. It stays on the iCloud server until a computer or device tells it to delete.
Another complication comes with Google Mail. All message, sent or received are actually only in one place, the All Mail mailbox. All the other "mailboxes" on the Google server are just additional labels on that message so that it can appear in multiple places, but doesn't take up any additional space. On your computer or device, the message appears multiple times for each mailbox it has been labeled to be in. Deleting that message from your Inbox or Junk or Sent or Deleted folders, leaves the original in All Mail under most circumstances. The only way to completely delete it is to log into the server using webmail on your favorite browser, go to the All Mail folder, delete it from there and then go to the Trash folder and empty it. My recommendation is to go the the Google server in such cases and tell it not to display the IMAP All Mail folder on the client (called Archive in Apple Mail).
I realize that's all pretty complicated and not something I normally attempt to explain to the average user.
I am suffering from dementia AND am a total dumba**! Right below this post in threaded view and WAY above in flat view is your original reply to the OP. You explain this in the very first sentence.
Although this makes perfect sense, it makes me wonder why a modern AV software App developer would not know all this and instead of shuffling the message around simply display an alert stating the likely problem? The issue is probably addressed in the User Guide that nobody ever reads.
I retire to the wilderness for a while to reflect on my relationship to the universe.
Thank you for your patience with an old man. At least I didn't reply to a Zombie thread 😉
Now that I have had a couple cups of coffee, methinks I probably fell victim to the "phantom post" glitch - your post in blue text just does not appear in my memory banks. AND, I am a dumba**.
Dear all
Thank you for all your replies and advice some very useful and some of which is way too technical for me.
Regards
Adware removal/prevention:
Learn how to identify fraudulent "phishing" email:
http://support.apple.com/kb/HT4933?viewlocale=en_US
How to report phishing scams to Apple:
via email to: reportphishing@apple.com
Howdy Klaus
Although I totally agree with using AdwareMedic... in case 'you know who' pipes in, maybe the OP should take a look at Adwaremedic is it safe ? - then proceed. 👿
buenos dias
ÇÇÇ
For fastest, most efficient answers to questions like this visit the ClamXav Forum.
hels2310 wrote:
I deleted email and keep scanning with ClamXav but the infection keeps reappearing in the scan even though I keep deleting to trash.
Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.
When possibly infected e-mail files are found:
Actually, I don't think the OP's problem has anything to do with Adware. It sounds to me that it's only an e-mail message that keeps showing up.
May be... I think the OP was pretty clear that they at least followed the primrose path to the suspect website and entered some several bits of personal info ??? Quite likely not enough info for us to draw ANY conclusion. Who knows what nefarious subterfuge transpired during the click-a-thon thereabouts. If AdwareMedic don't kill it (need a report from the OP) then we'll holler at Thomas - he'll wann know what it is - then figger how to kill it.
ChitlinsCC wrote:
May be... I think the OP was pretty clear that they at least followed the primrose path to the suspect website and entered some several bits of personal info ???
Yes, and that needs to be dealt with, probably by changing some passwords, but doing something like that has never caused Adware to be automatically installed. More likely to see a bank account emptied, credit card charged, iCloud photos compromised, etc. We would need to know exactly what type of "personal details" were compromised.
Like I said - inadequate data from the OP.
... doing something like that has never caused Adware to be automatically installed.
How is that malware gets installed? Clicking on something while in a bad part of town. Any button or link can do the trick, can it not? this button, although benign here could have a booby trap just as easy
I think your getting hung up on the term "Adware" in the title of thomas's App - "Malware" is more apt and is on the 'execute with prejudice' list therein.
Too little data and too little interest from the OP to worry much more at present.
Tiick tock
ChitlinsCC wrote:
How is that malware gets installed? Clicking on something while in a bad part of town. Any button or link can do the trick, can it not? this button, although benign here could have a booby trap just as easy
The last malware that was installed by simply visiting a web site was Flashback in the Spring of 2012 and that's been extinct since shortly after. If the "Reply" button you are referring to is in an e-mail, then it could result in a download, but nothing could be installed without opening it. Same if the "Reply" button is on the website.
I think your getting hung up on the term "Adware" in the title of thomas's App - "Malware" is more apt and is on the 'execute with prejudice' list therein.
I helped a bit with the development and testing of AdwareMedic and correspond with thomas_r. almost every day on Mac Malware matters, so I'm pretty sure I understand the difference.
And yes, like you, I'm awaiting some details from the OP here.
We seem to be taking turns preaching to the choir.... 🙂 mostly for others benefit, it seems
My preaching job would be in jeopardy for my lack of clarity, I fear.
To wit, the [Reply] button example was meant to illustrate that ANY button on ANY page visited (or in the email, as you say) could invoke the chain of events that would result in the downloading and installing of the malware.
If the victim has already fallen for the cleverness of the con, then the install process would also fall into the "trusted by the victim" area
Since you likely live and breathe this stuff, a few illustrations of how the news stories of major "breaches" lately might be in order - which one was it that was publicized that a network admin fell for a phishing email to get the ball rolling?
Back in focus on the title topic - "Phishing email, I foolishly clicked on the link" ....
Most of 'em I see posted copy/paste and screenshot are fairly poorly crafted and easy to spot. I can't remember the title (and can't find with a search - may have been Jailed ? ) of one within the last 6 weeks or so that was VERY Well Crafted. Graphic design was perfect and only the one link that led down the rabbit hole was not to a valid Apple URL.
[it sure would be nice if the search/correlation engine in the JiveWare was better - really get a list of ALL 'phishing' related threads in one list of results]
[[ while I'm wishing for stuff in ASC, a FORM led New Question posting page would solve many problems we see here with regard to lack of data ]]
waiting for Godot
I, of course, defer to you fine expert folk. Wasn't my idea in the first place (Klaus1)... but it can't hurt can it?
Maybe I got thrown off by the OP's own statements:
Phishing email, I stupidly clicked on link, entered only personal details before realising.. I deleted email and keep scanning with ClamXav but the infection keeps reappearing in the scan even though I keep deleting to trash.
maybe I am trying to hard to read between the lines in thinking that the OP must have done more than enter personal data at the website at which he/she arrived to get "the infection keeps reappearing" - and/or got caught up with Klaus1's first piece of advice. I am not ClamXav savvy at all.
All said, what we know is that we know not the full picture - yet. Maybe it is just an un-delete-able email. What's THAT!?!
warmest regards, amigo
ÇÇÇ
Phishing email, I stupidly clicked on the link and now after I scan with ClamXav it keeps reappearing even though I remove it
