# my mac has a malware



## exiarchogia (Apr 30, 2014)

Hi,

I think my mac has a virus. my professional email account has been suspended because it has been used to sent thousands of spams.
The IT support centre said that I have been attacked and that I can only access my emails if I clean my mac.

Could you please help me with this?

Thanks
Eleni


----------



## exiarchogia (Apr 30, 2014)

*Mac infected*

Hi, 

I think my mac has a virus. my professional email account has been suspended because it has been used to sent thousands of spams. 
The IT support centre said that I have been attacked and that...


----------



## joeten (Dec 4, 2008)

Threads merged please do not make multiple threads on the same issue it can lead to confusion on where people are posting and lead to conflicting advice.
The usual steps for help with infection is found here NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum


----------



## sinclair_tm (Mar 11, 2005)

That link will be of no help on a Mac running OS X.

As for your Mac having a virus, it really doubt it, and the IT center is being dumb. You're account is web based I'll guess, and spammers have most likely spoofed your email address to make it look like yours is the bad egg. If it was your Mac, you'd be able to see all the emails in your out going mailbox.

You need to post more info for more help if you are unable to talk to the IT people.


----------



## NY24 (May 2, 2014)

What Mail App are you using? Apple Mail, GMail, HotMail, YahooMail, AOL Mail etc. HotMail and Yahoo are famous for being hacked / compromised. I've been using GMail for years now without incident. I used to use Apple's Mail App but, that kept getting "difficult" and, AppleMail didn't "play nice" with GMail (in my experience). 

You really need to provide more details in order to get meaningful help. Post: 
What computer you have (ie:2012 15" MacBook Pro)
Specifications of that computer (ie:Running Mac OS X, 10.8.2; 2GB RAM)
Specific App (ie:Apple Mail Version 7.3 (1878)
Exactly what (if any) Error Messages are you getting. 

If you are using HotMail (a Microsoft product) or YahooMail, do yourself a favor and switch to a free GMail account. Also, when you install ANY new software, LOOK CAREFULLY at just what that software wants to install. By default, many programs will add "bloatware" to your computer (a proprietary Search Bar, Desktop Icons, Automatic Updates etc) Generally, these "extras" are not needed and will often cause problems. Uncheck boxes for "stuff" you don't want added to you computer BEFORE you complete the Install (scroll to the bottom of the EULA; that's where those pesky boxes are often hidden and checked by default).

If you're running a Windows OS on your Mac (either via Apple's Boot Camp or through a Virtual Machine), that alone could be your problem. Once you run ANY Windows OS, even on a Mac, you're subject to all the crap and problems that every WinOS computer is famous for. I hope this helps!





exiarchogia said:


> Hi,
> 
> I think my mac has a virus. my professional email account has been suspended because it has been used to sent thousands of spams.
> The IT support centre said that I have been attacked and that I can only access my emails if I clean my mac.
> ...


----------



## MartyF81 (Jan 23, 2013)

I am in agreement with Sinclair. Your email is being spoofed. It is highly unlikely this has anything to do with your Mac.

Here is the thing, in order for for your computer to send THOUSANDS of emails it needs to connect a service that allows that to happen. Sending an email requires them to be routed through a "RELAY". Most hosting providers limit relays to 250 emails per account per DAY. I suspect even internal business email servers have a similar limitation on Relay counts (they are crazy if they don't do this).

This means in order for your actual computer to have sent thousands of emails... they would have to go through their servers. Which also means your company should be able to see a history of ACTUAL outbound emails going through the server.

I would ask them to show where the emails actually were sent through the servers, and to look at the HEADERS to see where it originated from. You should be able to see the originating IP addresses in the email headers and track the IP to probably somewhere you have never even been.




NY24 said:


> If you're running a Windows OS on your Mac (either via Apple's Boot Camp or through a Virtual Machine), that alone could be your problem. Once you run ANY Windows OS, even on a Mac, you're subject to all the crap and problems that every WinOS computer is famous for. I hope this helps!


This is not "exactly" correct. Running Windows on a Mac (In bootcamp or in a VM) only subject WINDOWS to the Windows bad things..... and it only happens when the Windows OS is actually running. It does not have any affect on the Mac itself.... Mac's cannot run Windows software, including Malware or Viruses.


----------



## exiarchogia (Apr 30, 2014)

Hi all,

Many thanks for the replies and the support.

For the university email account I am using outlook for mac because I could not synchronize the university account with Mac mail and did not get any support for this. It would be very hard for me to convince them that there is something wrong with the server. I tried to do this before because I had some emails lost while trying to archive them and they were quite aggressive about it. I just need to be sure that it will not happen again because they threaten to eliminate my email account…So I was wondering if there is a way to be sure about this. 

I run bitdefender that I got for free from i-store and it found that one malicious item that cannot be deleted. It is an .exe downloaded from the internet. It was initially in downloads so I went there and deleted that. then it appeared in trash, so I emptied the trash folder. But it still comes up when I run the antivirus and again the location is the trash folder.

My Mac is:
MacBook Pro
13-inch, Early 2011
Processor 2,3 GHz Intel Core i5
Memory 4 GB 1333 MHz DDR3
Graphics Intel HD Graphics 3000 384 MB
Software Mac OS X Lion 10.7.5 (11G63).

Do you need anything else?


I received the email I quote below which I was stupid to answer and I think this is what instigated the spoof:

Dear User,
Please validate your account. To perform this action CLICK HERE

Thank you..
University of Brussels
--------------------------------------------------------------------------------------

Cher utilisateur,

S'il vous plaît valider votre compte. Pour effectuer cette action CLIQUEZ ICI

merci
Université Libre de Bruxelles


----------



## MartyF81 (Jan 23, 2013)

An EXE file cannot even be run on a Mac, that is a Windows executable. It would not be able to do anything on your Mac.

It is highly unlikely your Mac sent these emails. I would tell them you have run your Malware scan and it says your Machine is clean.

The only way your going to be able to be sure is if they can prove that the emails actually originated from your computer. Since it sounds like you are connecting to a MS Exchange server to handle emails.... they should be able to see all of the outbound emails. Ask them when the first emails started going out? Ask them how many were sent? These are all questions they should be able to answer definitively because all the emails would have had to have been sent through their server if they really came from your computer.

Ask them what the originating IP address was in the DETAILED HEADER for these emails? Are all of the IP addresses the SAME. If they all came from your computer they should all be IP's that belong to the University. If they differ... how can that be other than spoofing? Where do the originating IP addresses trace to? Was your computer even connected to the network or turned on when this happened?

The reason I am saying these things is:

Malware doesn't typically employ use of the infected machines email addresses. It installs a bot that allows a hacker to send spoofed emails FROM your computer using other peoples addresses or made up ones. They want your "clean" IP address to send from, not your email. Because if they were using the infected machines email address... the user would immediately know something was going on because you would be getting undeliverable emails bouncing back almost instantly.

2. The response your University is giving you is what I call "Lazy IT Department 101". They don't want to actually investigate it.


----------



## sinclair_tm (Mar 11, 2005)

If you replied to that email, I'm sure they asked for your user name and password, which means that they used your account to send the email from their computer, not yours. You need to contact IT right away about that email and let them know that you did reply to it. Then they will need to see what computer the mass emails came from and I'm sure the headers will show it wasn't yours. It also means you need to get a new password. Never reply to an email asking you to verify your account, they are always spam. If you have a question, contact the place that says they sent the email via their website, not using any links of info from the email.


----------



## trish manson (Sep 17, 2014)

exiarchogia said:


> Hi,
> 
> I think my mac has a virus. my professional email account has been suspended because it has been used to sent thousands of spams.
> The IT support centre said that I have been attacked and that I can only access my emails if I clean my mac.
> ...



I have also experienced that before even my Social media accounts have been hacked by someone for email solicitation. I used mac cleaner to clean up my files and retrieve my email account.


----------

