- Joined
- Jan 23, 2012
- Messages
- 43
- Reaction score
- 0
- Points
- 6
- Location
- Guerrero, Mexico
- Your Mac's Specs
- Mac mini 2.3GHz Intel Core i5 2GB RAM 500GB HD OS X Lion 10.7.3
On April 20th I changed the settings of my computer per the "What security steps should I take?" and the "Why am I being redirected to other sites?" as per this guide: Mac Virus/Malware FAQ - Mac Guides
Then I downloaded ClamXav (love this app!), to scan my Mac Mini. It found 6 infected files. I right-clicked on each file and moved them to the trash. Then emptied the trash securely (Secure Empty Trash), and scanned again. It found the same six files again, in the same location of my computer.
So I changed the Preferences in ClamXav to delete them, and scanned again. It said it moved them to the trash. Then I Secure Emptied Trash, and five of the six files come up again as being in the computer. I have tried also after it finds the files to right-click and show me the file in the finder, and manually moving them to the trash, then emptying the trash securely, and still in the next scan they appear again.
The only file which I did manage to erase successfully from my Mac was a Worm-Autorun-3571 (called javatmp2665542262960398524.exe).
The five files which I can't erase are all .emlx files, located in:
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/0/3/Messages/30113.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/7/2/Messages/27781.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/9/2/Messages/29852.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/2/Messages/2721.emlx (The infection name of this one is Worm-Autorun-945)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/3/Messages/3305.emlx (The infection name of this one is Email.Trojan-31)
Searching I realize that it finds the .emlx file on my computer again because I am using imap, and the email has not been erased off of my email server, so they appear again in my computer automatically. My question is HOW TO DO I FIND OUT WHICH EMAIL CORRESPONDS TO EACH FILE SO I CAN DELETE THEM FROM MY EMAIL SERVER??
I am not so concerned with the "Heuristics.Phishing" but I would like to delete the one that contains the Trojan-31 and Worm Autorun-945... I have been searching on internet but I cant find the answer. Any help would be greatly appreciated! Thank you!!
Then I downloaded ClamXav (love this app!), to scan my Mac Mini. It found 6 infected files. I right-clicked on each file and moved them to the trash. Then emptied the trash securely (Secure Empty Trash), and scanned again. It found the same six files again, in the same location of my computer.
So I changed the Preferences in ClamXav to delete them, and scanned again. It said it moved them to the trash. Then I Secure Emptied Trash, and five of the six files come up again as being in the computer. I have tried also after it finds the files to right-click and show me the file in the finder, and manually moving them to the trash, then emptying the trash securely, and still in the next scan they appear again.
The only file which I did manage to erase successfully from my Mac was a Worm-Autorun-3571 (called javatmp2665542262960398524.exe).
The five files which I can't erase are all .emlx files, located in:
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/0/3/Messages/30113.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/7/2/Messages/27781.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/9/2/Messages/29852.emlx (The infection name of this one is Heuristics.Phishing)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/2/Messages/2721.emlx (The infection name of this one is Worm-Autorun-945)
/Users/myuser/Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/3B0EAA9B-2838-4042-AE3E-F385EDA6A001/Data/3/Messages/3305.emlx (The infection name of this one is Email.Trojan-31)
Searching I realize that it finds the .emlx file on my computer again because I am using imap, and the email has not been erased off of my email server, so they appear again in my computer automatically. My question is HOW TO DO I FIND OUT WHICH EMAIL CORRESPONDS TO EACH FILE SO I CAN DELETE THEM FROM MY EMAIL SERVER??
I am not so concerned with the "Heuristics.Phishing" but I would like to delete the one that contains the Trojan-31 and Worm Autorun-945... I have been searching on internet but I cant find the answer. Any help would be greatly appreciated! Thank you!!