Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Email virus

I have a MacBook Air running Yosemite and have received an email that I cannot delete with a virus identified by FortiClient as WM/Argentitr. Any suggestions?

MacBook Air, OS X Yosemite (10.10.2)

Posted on Feb 23, 2016 3:18 AM

Reply
6 replies

Feb 24, 2016 12:10 AM in response to Linc Davis

Thanks for responding, Linc


I get the alert:


FortiClient detected viruses on your Mac!

Process /Applications/Mail.app/Contents/MacOS/Mail

Item: /Users/Alfred/Library/M...4/3/Messages/34523.emix

Virus: WM/Agentitr

Status: Access Denied


If I try to delete it, I get a mail message:

The message "invoice 05100297" could not be moved to the mailbox "Trash – POP Account"


"34523.emix" couldn't be copied because you don't have permission to access "Messages".

Feb 24, 2016 5:43 AM in response to alf_ed

Please back up all data before proceeding.

This procedure will unlock all your user files (not system files) and reset their ownership, permissions, and access controls to the default. If you've intentionally set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it, but you do need to follow the instructions below.

Step 1

If you have more than one user, and the one in question is not an administrator, then go to Step 2.

Triple-click anywhere in the following line on this page to select it:

sudo find ~ $TMPDIR.. -exec chflags -h nosappnd,noschg,nosunlnk,nouappnd,nouchg {} + -exec chown -h $UID {} + -exec chmod +rw {} + -exec chmod -h -N {} + -type d -exec chmod -h +x {} + 2>&-

Copy the selected text to the Clipboard by pressing the key combination command-C.

Launch the built-in Terminal application in any one of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.

You'll be prompted for your login password, which won't be displayed when you type it. Type carefully and then press return. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.

The command may take several minutes to run, depending on how many files you have. Wait for a new line ending in a dollar sign ($) to appear, then quit Terminal.

Step 2 (optional)

Take this step only if you have trouble with Step 1, if you prefer not to take it, or if it doesn't solve the problem.

Start up in Recovery mode. You may be prompted to select a language, then the OS X Utilities screen will appear.

If you use FileVault 2, select Disk Utility, then select the icon of the FileVault startup volume ("Macintosh HD," unless you gave it a different name.) It will be nested below another drive icon. Click the Unlock button in the toolbar and enter your login password when prompted. Then quit Disk Utility to be returned to the main screen.

Select

Utilities Terminal

from the menu bar. A Terminal window will open. In that window, type this:

resetp

Press the tab key. The partial command you typed will automatically be completed to this:

resetpassword

Press return. A Reset Password window will open. You’re not going to reset a password.

Select your startup volume ("Macintosh HD," unless you gave it a different name) if not already selected.

Select your username from the menu labeled Select the user account if not already selected.

Under Reset Home Directory Permissions and ACLs, click the Reset button.

Select

Restart

from the menu bar.

Feb 27, 2016 6:12 AM in response to alf_ed

Unless you're required by an institutional policy to use "Fortinet," you should remove it according to the developer's instructions. Back up all data before making any changes. Never install any "anti-virus" or "anti-malware" software again.


If you are required to use it, refer to its developer or to the IT staff of your organization for support.

Email virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.