An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
infection
#58506 04/12/21 06:57 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
OS 10.12.6

Half hour ago, this appeared on my screen: "Mac OS is infected with spyware and other malicious applications. Spyware must be removed and system damage repaired ( n nIt ) is necessary to call Apple Support
+1- 888-227-7849 and follow Virus removal procedure immediately."

"Please proceed"

**If you leave this site your Mac OS will remain damaged and vulnerable ** I shut off the power immediately and when I rebooted, the same warning occurred which I again shut down.

I ran ClamXAV and Antivirus Zap-Virus scanner neither of which found any infections. I doubt if anything is wrong but is there anything I can do to prevent this re-occurring?



jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: infection
jaybass #58507 04/12/21 07:03 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Looks like a spurious warning to me. That phone number does not belong to Apple and a quick search gave me this.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: infection
jaybass #58508 04/12/21 07:42 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
You have encountered relatively common dodge intended to induce you to spend a lot of money on un-needed repairs and malware in the guise of anti-malware software products. Not only will you be out the money you paid, the fraudsters will have all they need to max out your cr3edit card and get additional credit cards in your name, and the biggest insult will be the time and/or money you will spend getting rid of the malware you helped them install on your system.

While you may get a legitimate notification from the App Store or System Preferences > Software update notifying you of a software or OS update which may direct you to open the App Store or System Preferences > Software update, Apple notifications will never — ever — tell you to contact any person or entity by any means!.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: infection
joemikeb #58510 04/12/21 08:12 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Joe, I checked on the internet and was advised to download combo cleaner for free. Their scan found 4 infections, 3 of which are Library/ApplicationSupport/ClamXAV/quarantine/player dmg files. The other is
/users/admin/downloads/judy-c50fb6ae.iso which I couldn't find or have ever heard of. I trashed the other 3.

combo cleaner wanted me to upgrade...not free, which I declined.



jaybass.


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: infection
jaybass #58511 04/13/21 12:37 AM
Joined: Aug 2009
Likes: 5
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 5
Stop following random advice found on the internet!!!! It looks like your Combo Cleaner has effectively crippled ClamX AV by calling those files you removed "BAD"....

FWIW, This thread on Apple Discussions has more details.

MalwareBytes is what should have been recommended.


Freedom is never free....thank a Service member today.
Re: infection
jaybass #58512 04/13/21 03:00 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by jaybass
Joe, I checked on the internet and was advised to download combo cleaner for free. Their scan found 4 infections, 3 of which are Library/ApplicationSupport/ClamXAV/quarantine/player dmg files.

The files found in the Library/ApplicationSupport/ClamXAV/quarantine/ folder were malware that had been detected and quarantined by ClamXAV. Quarantine pulled their fangs and prevented their operation. So Combo cleaner did nothing other than confirm ClamXAV's identification of those files as malware.

Originally Posted by jaybass
The other is
/users/admin/downloads/judy-c50fb6ae.iso which I couldn't find or have ever heard of. I trashed the other 3.

You cannot easily see or access files in another user's account, so unless you are logged onto your system as the user named "admin" you would not be able to find judy-c50fb6ae.iso. If you are logged onto "admin" (that is an account ID, not a privilege level) and still can't find it, there are a number of ways the file may be hidden from Finder. One way of getting rid of the file would be to Launch Terminal then Copy the following and paste it at the Terminal prompt.
Code
sudo rm -i /users/admin/downloads/judy-c50fb6ae.iso
Press enter then enter your admin password (you will not see any response not the screen) Press enter and if the file actually exists it should be removed.The .iso extension identifies the file as a type of disk image file, equivalent to a .dmg, that could contain almost anything including malware. A google search for judy-c50fb6ae.iso came up empty, a DuckDuckGo search on the other hand turned up an variety of disparate hits mostly in Russian.

Originally Posted by jaybass
combo cleaner wanted me to upgrade...not free, which I declined.

It appears the paid version includes the option for the app to delete the files it identified as malware. The reviews on Combo Cleaner are mixed. Personally it appears ClamXAV has been diligently doing what it purports to do and keeping your Mac safe. It also appears you probably need to be more judicious in where you are going on the web to be exposed to so much malware.

FWIW I use the paid version of MalwareBytes on all my madOS, iOS, and iPadOS devices. I am a firm believer in the old adage you get what you paid for and that is particularly true where security is involved.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: infection
joemikeb #58513 04/13/21 04:56 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I pay an annual subscription for ClamXAV. I never knew if it was working, because it's never found anything. So, good to hear a positive comment about the app.


iMac (19,1, 3.1 GHz i5, 12.7.4, 40 Gb RAM); MacBook Air (1.8 Ghz, 8 Gb RAM, 10.14.6, 256 Gb SSD) Vodafone router and Devolo Wi-Fi Extender, Canon TS8351 printer/scanner.
Re: infection
joemikeb #58514 04/13/21 05:07 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
As regards to Combo cleaner confirming what ClamXAV had already detected, I figured that to be the case.

I thought why should I pay to have those 3 files deleted when I could delete them myself.

Regarding that 'Judy' file, I will follow your instructions to remove it.

One thing I now do is to run ClamXAV prior to shutting down.

Thank you for your response.

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: infection
jaybass #58517 04/13/21 08:07 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by jaybass
One thing I now do is to run ClamXAV prior to shutting down.
Running ClamXAV, or any such app, as a sometimes batch process is more likely to close the vault door after the bad guys have stolen the valuables and are long since gone. Whatever anti-malware app you use, I urge you in the strongest terms to INVEST in a paid version that automatically updates itself at least daily and either runs at frequent intervals or continually monitors the input streams for malware in order to catch the bad guys before they have done their harm (which can and often does include disabling anti-malware apps or hiding itself from their scans). At $29.95 a year, ClamXAV seems a reasonable investment for the level of protection it offers.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.026s Queries: 32 (0.020s) Memory: 0.6140 MB (Peak: 0.7015 MB) Data Comp: Zlib Server Time: 2024-03-28 22:41:42 UTC
Valid HTML 5 and Valid CSS