OS 10.12.6

Half hour ago, this appeared on my screen: "Mac OS is infected with spyware and other malicious applications. Spyware must be removed and system damage repaired ( n nIt ) is necessary to call Apple Support
+1- 888-227-7849 and follow Virus removal procedure immediately."

"Please proceed"

**If you leave this site your Mac OS will remain damaged and vulnerable ** I shut off the power immediately and when I rebooted, the same warning occurred which I again shut down.

I ran ClamXAV and Antivirus Zap-Virus scanner neither of which found any infections. I doubt if anything is wrong but is there anything I can do to prevent this re-occurring?



jaybass

Looks like a spurious warning to me. That phone number does not belong to Apple and a quick search gave me this.

You have encountered relatively common dodge intended to induce you to spend a lot of money on un-needed repairs and malware in the guise of anti-malware software products. Not only will you be out the money you paid, the fraudsters will have all they need to max out your cr3edit card and get additional credit cards in your name, and the biggest insult will be the time and/or money you will spend getting rid of the malware you helped them install on your system.

While you may get a legitimate notification from the App Store or System Preferences > Software update notifying you of a software or OS update which may direct you to open the App Store or System Preferences > Software update, Apple notifications will never — ever — tell you to contact any person or entity by any means!.

Joe, I checked on the internet and was advised to download combo cleaner for free. Their scan found 4 infections, 3 of which are Library/ApplicationSupport/ClamXAV/quarantine/player dmg files. The other is
/users/admin/downloads/judy-c50fb6ae.iso which I couldn't find or have ever heard of. I trashed the other 3.

combo cleaner wanted me to upgrade...not free, which I declined.



jaybass.

Stop following random advice found on the internet!!!! It looks like your Combo Cleaner has effectively crippled ClamX AV by calling those files you removed "BAD"....

FWIW, This thread on Apple Discussions has more details.

MalwareBytes is what should have been recommended.

The files found in the Library/ApplicationSupport/ClamXAV/quarantine/ folder were malware that had been detected and quarantined by ClamXAV. Quarantine pulled their fangs and prevented their operation. So Combo cleaner did nothing other than confirm ClamXAV's identification of those files as malware.


You cannot easily see or access files in another user's account, so unless you are logged onto your system as the user named "admin" you would not be able to find judy-c50fb6ae.iso. If you are logged onto "admin" (that is an account ID, not a privilege level) and still can't find it, there are a number of ways the file may be hidden from Finder. One way of getting rid of the file would be to Launch Terminal then Copy the following and paste it at the Terminal prompt.
Press enter then enter your admin password (you will not see any response not the screen) Press enter and if the file actually exists it should be removed.The .iso extension identifies the file as a type of disk image file, equivalent to a .dmg, that could contain almost anything including malware. A google search for judy-c50fb6ae.iso came up empty, a DuckDuckGo search on the other hand turned up an variety of disparate hits mostly in Russian.


It appears the paid version includes the option for the app to delete the files it identified as malware. The reviews on Combo Cleaner are mixed. Personally it appears ClamXAV has been diligently doing what it purports to do and keeping your Mac safe. It also appears you probably need to be more judicious in where you are going on the web to be exposed to so much malware.

FWIW I use the paid version of MalwareBytes on all my madOS, iOS, and iPadOS devices. I am a firm believer in the old adage you get what you paid for and that is particularly true where security is involved.

I pay an annual subscription for ClamXAV. I never knew if it was working, because it's never found anything. So, good to hear a positive comment about the app.

As regards to Combo cleaner confirming what ClamXAV had already detected, I figured that to be the case.

I thought why should I pay to have those 3 files deleted when I could delete them myself.

Regarding that 'Judy' file, I will follow your instructions to remove it.

One thing I now do is to run ClamXAV prior to shutting down.

Thank you for your response.

jaybass

Running ClamXAV, or any such app, as a sometimes batch process is more likely to close the vault door after the bad guys have stolen the valuables and are long since gone. Whatever anti-malware app you use, I urge you in the strongest terms to INVEST in a paid version that automatically updates itself at least daily and either runs at frequent intervals or continually monitors the input streams for malware in order to catch the bad guys before they have done their harm (which can and often does include disabling anti-malware apps or hiding itself from their scans). At $29.95 a year, ClamXAV seems a reasonable investment for the level of protection it offers.