Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 13764 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Phish-A recurring on Mac - Help on permanent removal

MicMac

Does one know how to permanently remove recurring Mal/Phish-A on Mac? (Detected by Sophos on Mac OS X 10.6.8 when the Mac Mail app 4.5-1084 is launched, provided AirPort is ON.)

Accessing same Zimbra mail account through the web browser does not trigger an attack.

Launching Mail app with AirPort OFF does not trigger an attack.

Recurring attack when launching Mail app with AirPort ON.

Removing the Mail app and reinstalling is useless.

Removing the Mail app + All related folders in the Mail Library is useless.

Changing master password after removing Mail app + Library is useless.

Scanning disk through'n through is useless.

All of this done without reconnecting to external Time Machine disk, in order to avoid any contamination from past backups.

Running out of ideas. Suspecting remorphing, or source malware having promoted itself to some regular status and cannot be detected anymore. 

Please restrain yourself if you do not have a solid opinion: facts and verified infos are welcome.

:1005617


This thread was automatically locked due to age.
Parents
  • 0
    leinestein wrote:

    Hi thanks for the help!

    The thing is: I can delete the mail through the methods you suggested, but I get the same new phishing mails every day. Can I prevent this virus-containing mail from being saved to my Mac automatically? Otherwise everyday I have to login on webmail/gmail before opening mail on my computer, search for spam en delete it, which is a very annoying thing to do.

    Depends; the easiest thing to do is set up a mail filter on your webmail that automatically tosses it in the junk folder so that it doesn't get downloaded locally in the first place.  If the subject line stays the same, this should be fairly easy.  If the From stays the same and you don't actually do business with the faked sender, you could just filter everything from that From address.

    If you're using Gmail, most phishing should already be filtered; if it isn't, please report it to them to improve their spam filtering.

    :1015385
Reply
  • 0
    leinestein wrote:

    Hi thanks for the help!

    The thing is: I can delete the mail through the methods you suggested, but I get the same new phishing mails every day. Can I prevent this virus-containing mail from being saved to my Mac automatically? Otherwise everyday I have to login on webmail/gmail before opening mail on my computer, search for spam en delete it, which is a very annoying thing to do.

    Depends; the easiest thing to do is set up a mail filter on your webmail that automatically tosses it in the junk folder so that it doesn't get downloaded locally in the first place.  If the subject line stays the same, this should be fairly easy.  If the From stays the same and you don't actually do business with the faked sender, you could just filter everything from that From address.

    If you're using Gmail, most phishing should already be filtered; if it isn't, please report it to them to improve their spam filtering.

    :1015385
Children
No Data