How can I find .emlx file which corresponds to email infected with Email.Trojan-31?

Joined
Jan 23, 2012
Messages
43
Reaction score
0
Points
6
Location
Guerrero, Mexico
Your Mac's Specs
Mac mini 2.3GHz Intel Core i5 2GB RAM 500GB HD OS X Lion 10.7.3
On April 20th I changed the settings of my computer per the "What security steps should I take?" and the "Why am I being redirected to other sites?" as per this guide: Mac Virus/Malware FAQ - Mac Guides

Then I downloaded ClamXav (love this app!), to scan my Mac Mini. It found 6 infected files. I right-clicked on each file and moved them to the trash. Then emptied the trash securely (Secure Empty Trash), and scanned again. It found the same six files again, in the same location of my computer.
So I changed the Preferences in ClamXav to delete them, and scanned again. It said it moved them to the trash. Then I Secure Emptied Trash, and five of the six files come up again as being in the computer. I have tried also after it finds the files to right-click and show me the file in the finder, and manually moving them to the trash, then emptying the trash securely, and still in the next scan they appear again.

The only file which I did manage to erase successfully from my Mac was a Worm-Autorun-3571 (called javatmp2665542262960398524.exe).

The five files which I can't erase are all .emlx files, located in:
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/0/3/Messages/30113.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/7/2/Messages/27781.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/9/2/Messages/29852.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/2/Messages/2721.emlx (The infection name of this one is Worm-Autorun-945)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/3/Messages/3305.emlx (The infection name of this one is Email.Trojan-31)

Searching I realize that it finds the .emlx file on my computer again because I am using imap, and the email has not been erased off of my email server, so they appear again in my computer automatically. My question is HOW TO DO I FIND OUT WHICH EMAIL CORRESPONDS TO EACH FILE SO I CAN DELETE THEM FROM MY EMAIL SERVER??

I am not so concerned with the "Heuristics.Phishing" but I would like to delete the one that contains the Trojan-31 and Worm Autorun-945... I have been searching on internet but I cant find the answer. Any help would be greatly appreciated! Thank you!!
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Those are all Windows trojans which no impact or effect on your Mac. If the trojans exist on the server, it's up to your ISP to remove them not you.
 
OP
T
Joined
Jan 23, 2012
Messages
43
Reaction score
0
Points
6
Location
Guerrero, Mexico
Your Mac's Specs
Mac mini 2.3GHz Intel Core i5 2GB RAM 500GB HD OS X Lion 10.7.3
I figured out I find the file using the Finder -> Go -> Go to folder -> ~/Library and finding the file, clicking on it and it opens the email.

The one that is supposed to have the Email.Trojan-31 infection is this one which included information and links about Trojans and how to erase and repair them:
From: VSAntivirus.com <[email protected]>
Subject: VSantivirus No. 2201 Año 10, jueves 27 de julio de 2006
Date: July 27, 2006 2:14:35 AM CDT
To: VSAntivirus <[email protected]>

The one that is supposed to have the infection Worm-Autorun-945 is this one which included information and links about Worms and how to erase and repair them:
From: VSAntivirus.com <[email protected]>
Subject: VSantivirus No 2272 Año 10, miércoles 18 de octubre de 2006
Date: October 18, 2006 12:32:34 AM CDT
To: VSAntivirus <[email protected]>

The Heuristics.Phishing supposed infections corresponded to the following emails:
From: Monster.com.mx <[email protected]>
Subject: El lenguaje corporal en las entrevistas.
Date: April 26, 2011 5:54:48 PM CDT
Reply-To: [email protected]

From: Monster.com.mx <[email protected]>
Subject: Sueldo. ¿Cuánto valgo?
Date: February 29, 2012 1:21:13 PM CST
Reply-To: [email protected]

From: Monster.com.mx <[email protected]>
Subject: Expande tus oportunidades laborales con el Networking
Date: June 21, 2011 11:55:23 AM CDT
Reply-To: [email protected]

I've deleted them all from my email server and my Mac, and will scan again to see if now they don't show up. :)
 
OP
T
Joined
Jan 23, 2012
Messages
43
Reaction score
0
Points
6
Location
Guerrero, Mexico
Your Mac's Specs
Mac mini 2.3GHz Intel Core i5 2GB RAM 500GB HD OS X Lion 10.7.3
Those are all Windows trojans which no impact or effect on your Mac. If the trojans exist on the server, it's up to your ISP to remove them not you.

Thank you very much for your reply.

I suspect the infection notice was a false positive and those emails weren't really infected, but still it bothered me to have them show up in the scan, and they were emails I could delete as they were not important to keep, so I did. Now I hope they don't show up again now that I have deleted them! We'll see! :p
 
Joined
Mar 11, 2013
Messages
1
Reaction score
0
Points
1
Opening the email doesn't seem wise

I'm concerned that your answer to this problem was to open the email.. If it was targeted to OSx that's usually how you actually get the infection.
 
OP
T
Joined
Jan 23, 2012
Messages
43
Reaction score
0
Points
6
Location
Guerrero, Mexico
Your Mac's Specs
Mac mini 2.3GHz Intel Core i5 2GB RAM 500GB HD OS X Lion 10.7.3
I'm concerned that your answer to this problem was to open the email.. If it was targeted to OSx that's usually how you actually get the infection.

Dear JFerguson,
Thank you for your concern. :) I opened the emails because I knew what they were, and the sender. It was a newsletter I subscribed to from vsantivirus.com, and it had no attachments so I felt confident in opening them. After I deleted the emails from my email account the scan came out clean, and I haven't had any problem with my Mac (not that I would as they were Windows viruses anyway, but just saying that nothing bad happened! :)

Kind Regards,

Tamara
 
Joined
Aug 14, 2013
Messages
2
Reaction score
0
Points
1
Your Mac's Specs
27" iMac 2.8 GHz i7 8GB 10.7.5, 21.5" iMac 3.06 GHz Core 2 Duo 4GB 10.6.8, 13" Macbook Core Duo 2GHz
tamaras82, I'm glad you've sorted your problem but I am still left with the same problem and agree with jferguson that opening potentially harmful emails is exactly what the sender wants/requires you to do. So does anybody know how to find which file (most of my scan result emlx files are just numbers) are for which email so I can at least see the header(?) info in the mail program so I have a shot at discerning the sender or subject?
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top