My first virus HELP!

Discussion in 'General Mac Discussion' started by brobson, Sep 8, 2004.

  1. brobson macrumors 6502

    brobson

    Joined:
    Aug 13, 2004
    Location:
    Dallas
    #1
    I got an email with the title:
    Returned mail: Data format error

    "Dear user
    We have found that your email account has been used to send a large amount of junk e-mail during the last week.
    Probably, your computer was infected by a recent virus and now contains a trojaned proxy server.

    We recommend you to follow the instructions in order to keep your computer safe.

    Have a nice day,
    aol.com user support team."

    I very stupidly downloaded an attachment called aol.com.mim

    Now I am getting 4 messages saying:

    To: <jjensen@1800pharmacy.com>
    Subject: Re:
    Date: Wed, 08 Sep 2004 18:18:30 +0000

    Problem: Virus found
    MIME type: application/octet-stream
    File name: Cat.com
    Virus name: W32/Bagle.ai@MM
    Antivirus: McAfee Scanning Engine (4389/4.3.20)

    All invalid attachments of the message were deleted and the message was
    delivered to the recipient.

    ANd an email from www.newpicturesloginmemebers.biz
    and someone cursing me inside.

    WHat do I do!?!?!
    Brenda
    Mac OSX
    333 iMac 256/60 HD
     
  2. iLikeMyiMac macrumors 6502a

    iLikeMyiMac

    Joined:
    Jul 17, 2004
    Location:
    St. Louis
    #2
    Perhaps you had a windows attachment that was infected with a virus.
     
  3. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #4
    Is this on a PC?

    Because it shouldn't be an issue with Mac mail unless you forward an infected email to someone else - then the virus can get forwarded.
     
  4. angelneo macrumors 68000

    Joined:
    Jun 13, 2004
    Location:
    afk
    #5
    It could be that your email hijacked by spammers? It's really easy to spoof other people email identity. I have not used AOL email before so I am not sure of how high is this possibility
    Are you using your Mac to check your email? If you are, I don't think that virus can infect a Mac.
     
  5. Mudbug Administrator emeritus

    Mudbug

    Joined:
    Jun 28, 2002
    Location:
    North Central Colorado
    #6
  6. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #7
    This is a well known hoax. It has been around for months. This thing spoofs your email address and your ISP. Now remember this: There are no Mac viruses. If there is ever a Mac virus, you will not be its first victim. If you ever get another email which claims that you have a virus, just ignore it. If you are afraid to ignore it, don't do anything silly. Post a copy of the scary correspondence here and someone will help you. In the meantime, if you are a .mac subscriber, install Virex. Otherwise, buy and install Virex, Norton, or another antiviral utility.
     
  7. brobson thread starter macrumors 6502

    brobson

    Joined:
    Aug 13, 2004
    Location:
    Dallas
    #8
    Thanks everyone!! It is so nice to have a place to turn. Everytime I got on live with apple tech, my computer froze.
    Looking forward to my G5!
    I guess I should put the Norton software on first? before I transfer my harddrive to the new imac?
    Brenda
     
  8. brobson thread starter macrumors 6502

    brobson

    Joined:
    Aug 13, 2004
    Location:
    Dallas
    #9
    I really should use the preview button before I push send. I meant to say AOL live tech support froze, not apple.
    Thanks again
     
  9. bostonwhaler1 macrumors member

    Joined:
    Aug 4, 2004
    Location:
    Toronto, Canada
    #10
    ...

    Norton tends to cause more problems than it solves. As far as a disk utility is concerned, the Mac Disk Utility in OS X is more than enough for most users. If you really want virus protection, get Virex, as mentioned above. If you're concerned about something on your current iMac "infecting" your new iMac, don't be. You don't have a virus, so there's nothing to worry about. Just link the two via firewire and transfer away!

    Enjoy the new iMac, I'm jealous! :)
     
  10. brobson thread starter macrumors 6502

    brobson

    Joined:
    Aug 13, 2004
    Location:
    Dallas
  11. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
    #12
    you know there is an edit button, where you can change what you posted or put more in it.

    edit: <-- This is to say I added to it using the edit function.
     
  12. buzzfgo macrumors member

    buzzfgo

    Joined:
    Sep 9, 2004
    Location:
    Up State NY
    #13
    New guy here. If you can't get a virus on a mac do you really need antivirus software?
     
  13. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #14
    no. the antivirus companies just try to take advantage of Mac users who dont know better by trying to sell them antivirus software for the Mac.


    If you're really worried, just think reasonably. Don't open attachments unless you know the person, make sure you have a decent alphanumeric password that you change once in a while, dont run things as root, you get the idea.

    Now for a little bit of funny geeky humour, well...i find it funny lol. I found this in my apache access log. This is on my powerbook. :p

    67.119.233.191 - - [04/Sep/2004:23:30:02 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 279
    67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 277
    67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
    67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
    67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
    67.119.233.191 - - [04/Sep/2004:23:30:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318
     
  14. Dr. Dastardly macrumors 65816

    Dr. Dastardly

    Joined:
    Jun 26, 2004
    Location:
    I live in a giant bucket!
    #15
    HAHAHA this stuff cracks me up! :p
     
  15. buzzfgo macrumors member

    buzzfgo

    Joined:
    Sep 9, 2004
    Location:
    Up State NY
  16. fugeelama macrumors member

    fugeelama

    Joined:
    Oct 23, 2002
    #17
    It means that someone's pee-cee virus was trying to access critical Windows files on a Mac... something that doesn't affect us Apple owners :)
     
  17. buzzfgo macrumors member

    buzzfgo

    Joined:
    Sep 9, 2004
    Location:
    Up State NY
  18. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #19
    Ten bucks says the mail system is from Kerio.
    We get dozens of those a day, and it spoofs. Often times it says "from the mchs tech team". Our users are pretty wise now that we told them about the virus warnings and capabilities of Kerio Mail Server. (An EXCELLENT product by the way)
    Kerio has the ability to either silently delete the mail, or send the message stripped of the virus. I decided to "send" since we have a few users with an old Melissa virus infecting some of their Word files. Macs can carry, and Melissa DOES affect the Mac by opening as read only, and forcing you to "disable macros". Doing a virus scan then locking the "normal template" will stop further Mac infection. (Or getting rid of Word altogether, which is my dream!)
    Bottom line: the virus writer has forced you to waste time and worry for nothing!
     
  19. 7on macrumors 601

    7on

    Joined:
    Nov 9, 2003
    Location:
    Dress Rosa
    #20
    Some people think it's necessary because you can get let's say a humorus picture from Uncle Bob in an email. You want to forward this picture to others, however, you didn't notice the "2 Attachments" thing in Mail. You send it, affecting PCs. Of course you need common sense to be able to notice a weird .pif attachment doesn't belong in a mail message - something which anti-virus owners lack.
     
  20. King Cobra macrumors 603

    Joined:
    Mar 2, 2002
    #21
    Sometimes it's fun to get the most bizzare email messages:


    From: "Bounced mail" <my isp>
    Date: July 29, 2004 6:41:29 PM EDT
    To: ----
    Subject: DELIVERY REPORTS ABOUT YOUR E-MAIL

    ˝ôFLf◊öHR≠{u´˙Í≥uπfl…À9≥Æ\]«Z] ùˆÉo<¯√ê„Ï
    â¿∏‡ê«e
    “ÒÑ≥°ÚF$ÌÔıŸø∑üQ‚-LPfi2≤x‘Ç8Î◊ÑÌØÌ˘,œ
    „flQ€û≠Y>πÀÍ©Êƅ4»Èo–◊OMx˘’
    l1·0⁄
    ÎÇÎ*◊SÏ
    ›‚¸„w◊Áx˙¯$ë^ ≈IÚÎ∞»¿ÅzÙ¶œ-[8”ï-‚
    ƒ(ïeÑu'<û
    H ˜óºrw≠∑ʗ∆™}h∏ëz¬B.Ӌ∂¸ìß8ôlÓ¶Ib>
    ˆ›‹‘Ÿffi%ǃfiı'Yr
    }뉪hmIn◊S›B´≠:∞°“c8â®,ˇ
    fi¬“`_'JfiÜ7ì^·%)
    ^X√R¯æ˜O¶QõúìÂî≤á;’”Op¶nºJö"(?|ÔRßBP]m¶u"∞;¶«∂§˚’QÃA^ÎÍê úº
    1
    ‘ÚĢ‡ªa
    ßeng:r`ÕVÑüÒŘæ¯ßº¢)¢[ë‹çpU„›g›ŒÓ*}fi.“w®ü‹˛kµl∂Q´˛¶%eA‰∂h’*4ü˙e€‡Ã4%¨(P&ÍG˝\‘«ınˇŸ≤ÔgmƒÊ…◊™6u¶-QÃfi ‡Ñt*≤á\µïa#.ìxπp[:9æ∆-Yn∆I6F˝´
    JY\p≥úha`[{≠ñ»8À8%EûSëß~.–ZáJo™{8¤ÈÜ"ªº∂ÈpgÏ2›uFf◊MK9Bòë0Ó°Ú¸§¯í}wôE´⁄K_\‰hØ´#fiRññS¤usñîa∏˛^-ËR±l„cRԇìjvTº0È}
    ®Pɢ.§IîÄNûͺeîùõ∞Ïi$Ì&¸û;÷ϓ1ü‡ 㛪¶n?"ïP‘
    µ}‰ê9”ôÇT¨ è/ÀµΩNzõÌR‘àflµ¬µÎ\,”·7g2Ô˝©TN)ü4Ϙ‚Qî„5Æ[A˛eÂÌˇı0pRkòı∑¥Ç
    z€ñ\*„PÂJΩRœãpöV9†∂LÃè'Qä˝f<c(¨öœ˝¬†^¤I8gWÑouÊ%rt¬`õù‘9y∞7.NÀ
    ÙÉcœH5ÂJö©…ÁäΩX*‡
    ¥Q≠;^ùˇ¸Öåø%Õ~*0ÒŸ€$0v[Ï}M}‰sAÇ¢ëJ˘nZ∂NY*Ì˙;Ïr¶^û¤ØÉDRåB·´ÔÙvn¬2Y6/ïi…∏–¥a°8W7'—a
    nlè£7ê<τdt?◊ÅÜ©i¯IEõ‰∑y
    ‘õJnπ\>Æ9ökVu≈¨ô.Á5*Pôwv.»§åih[ŔyŒ∑[ñ¡vQ)t˚HÄÒ8Qvkoœòyg©¿Ó«D)«e∆€ñUæ◊∞µ^Ïñ;çêöeä6
    ^≤≤À¢pé”8|\îѓç∆«ƒ§©∂ıe5iK®à()0”Vögh\¥y¤⁄‹1¢ ‹ËtM§¡RÂ∂ÆVVˆRÌ°Wi|„–ÊX`C:_Pëèd˜Aƒá{·ópÕUıµÔ™Fyí÷»àÌYø%҄¤ÑÉthg√ãÌ≥/∆∫¢Sr:fi…gٖÚ∂∞
    Ù_Ó¥£doí‰öuäE5`77ûˇ˚¥·†„≤˚(ÏV`±wN Œflbü‘e¯˝`û0√lZgêÂôœ»b"\˝vHxäπ0¡.Ô∞Î ı!éõ
    /ÀO‡NhT÷÷πE€ˇC6ù1·˙»
    7–wıx8éñé
    ˛Õ6#∆µQõÍ{™zÎlüåv[í®∏[(ˇkr]ѪQ¢KÃYŒTÅÄX˚fi"Ü≤©«Ñ5≤3˙Eov8'Zúßûq¢Hæüñ¢¥ùH›A!Åm7ȧ
    †ÁfiW!‹A<ßTJjLU¬¨CØԆ;≈‡≤#†I™òn¶¢Ãe¯bflN D`ï%˙ü§ú!ÇTQ&w‚—äè∂≠Kò˜Ê¬%¯≠*Ò∏Ï¢U»ú«—ÃnB∫≤´ÅˇÅ®)^œt5€ØØ)∂u◊`⁄Ø-GƒójÃêéƔZÒ©XArÑ\˚w ˚%¬◊sI§ K∂h#2úfl{O2¡(ë©≠J:ÉS0ˆHÒäúmä™;Fvfl°L¨{µbµ^˘ŸÖ°ƒßF¥OÉäÙ$€E°√¥ó¿Í”„™.'fiYÂAºl{√¥‚uÑ(nMy˛£tT√÷Õ˙◊”üBY ˝∂Añ˝d^≤b
    l·Å¢f˚W˛`èÌ8-Ìñ¥6ôàÒè1ö∂n∂Ï≥BlÇ&´h[$΃3%OE¡ôü
    ¸!∑◊x>È`ùÉJ<˜
    ßÈv≠û?b˜y7\jÇ÷ŸùO”îi…bı˚ACÁˇ€p·◊‹ßåÅ>
    Sπä.<oâ™≥oÕH‰õ9d<◊lH¶<Ì˛¡,ÚÜvXé5-ߡ)ZÚîh/fÕ±≈œÔî)IƒçZ,d]òM†±áw»dl<É##ÌÂØflüc‡˙op7”
    ©≥*Ø'Ï8¬LQcÕsÅ°ºeûÖF].Ø«%¿…≤rZ
    ’Àπ˝ä‰≠Îh˚ù$^Sµ∞£-ô‹ôÅ®E∑ä¬X«‚9f¬¡ Ô_h5sz∏ÖÅ`xÒ&ø̵oJpGváéiÚzÏ∂©flcçÖsDßí≠û¥π'Ïz±8ı¿vd´Œ?Ïǒ÷.éÜ ˙ı¨S∞Z’ÜÙ#Ω˝€]Òz“¸˙ïÒÈ«
    NX—ã“Ó±Ç≠AöôLŸ/mHë”è)¯[H#-≈Ԙ
    !Çıæıáz&0€NɌ:1»Á’o∑!¸∞µÄ≈çfi}ùüºdF°ñ¸˝å≈πtöD’≈°
    kçtH»oXK)^`¤®"π>]ê>
    F˜q¢ıQk‘á©EWˇ£GföÕ?ı∑›®πäàe¯GXõ[î®O^܅ŒÚ£ü!hT‡∂ÊAƒì¡Ω"î¤?E0!OѤ1‚f¸†3ßtèJKÌo√ƒ–÷¡¢wÓ5~,L'<?LÁ_ﮘMÂÚ$PExÁ≈DŽ'1̀‚ô…©úölÄZ´ì¯≥l≈0dª‹»Øå*]Èb±_óıi®K™H¨Ó1„#Øm.Vu¥t¿"ÆlßÃ#-õ>„CìÀ”¯˛\⁄°Ç6ObZ%z¿}≠∆Ω3uï$óïÇ«Á;ızTFèY˜∫_XÁöÆIπRŸflyõ)B2U⁄x}BJ˜a∞U



    Then have a text attachment at the bottom saying that my ISP deleted the following virus from the email using Norton Antivirus:


    Norton AntiVirus removed the attachment: TRANSCRIPT.SCR.

    The attachment was infected with the W32.Mydoom.M@mm virus.



    Makes you feel right at [127.0.0.1] sometimes.
     
  21. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #22
    Do you have any evidence--much less, proof--that people who use antivirus software lack common sense?
     
  22. brobson thread starter macrumors 6502

    brobson

    Joined:
    Aug 13, 2004
    Location:
    Dallas
    #24
    AOL shut me down

    Well whatever it was, AOL shut me down.
    SOmeone apparantly got my password so I had to get them on the phone to even check my email! Only a 25 min wait to change my password!
    anyway here's what one message board on AOL for Mac said:

    X-WinProxy-AntiVirus: Removed W32/Bagle.AW.worm

    The same thing has been happening to me and the above is what it says in the scan. >>

    The Bagle/Beagle family does not infect Macs. You got the warning because the infection on someone's Windoze box spoofed your email address. Here is probably more than you wanted to know.

    The Bagle family of Trojans/worms has gone entirely through the alphabet with variants, and most of the way through a second time. These all infect Windows 95 and more recent releases of Windows. They do not infect Macintosh, Linux or Unix. In fact, there are more Bagle variants than there are Macintosh trojans - total.

    Different Antivirus software companies use somewhat different names for the same family or for variants within the same family. A search on McAfee's Windows side turned up 64 records matching "W32/Bagle". http://us.mcafee.com/virusInfo/default.asp?id=alphar

    Symantec calls the entire family "Beagle" instead of Bagle. A typical description is at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html (for Beagle.AO) or here:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html for Beagle (Bagle) AP.

    Bagle.AW may be something that McAfee and Symantec assigned a different letter suffix. OR it may be something that has so far only appeared in Eastern Europe. A Google search for "Bagle.AW" turned up a lot of posts in what appears to be Polish. http://www.idg.pl/ftp/pc_2905/Szcze...Sp.z.o.o..W32.Netsky.A.T..W32.Bagle.A.W..html

    At any event, your Mac cannot be infected by any known Bagle or Beagle worms. All of these Windows worms spoof email addresses, so that bounces and Mailer Daemon warnings go to the spoofed address, not to the infected computer.

    Yikes that's a lot of words.
    Brenda :confused: :eek:
     
  23. Baron58 macrumors 6502

    Joined:
    Feb 19, 2004
    #25

    mmm... what you meant to say was "Makes you feel right at ~ sometimes"
     

Share This Page