Norton Virus Alert
For the past couple of weeks I've been getting a Norton Virus Alert stating that "36287.emix is infected and cannot be repaired."
I've gotten similar alerts in the past and have located and deleted the offending e-mail message. However, in this case I can't find the darned thing in any of my mail boxes and Spotlight and Find produce nothing.
Any suggestions?
Thanks
Thanks for both responses folks. I know that these are most certainly Windows virus (most likely embedded in SPAM), so this is more of an annoyance than a worry. I do, however, want to keep using Norton. Its an added level of protection, albiet a flawed one.
As for searching the folders in the mail section of my library, that's how I usually handle these things. (I note the typo on emlx.) The weird thing here is that I just can't find the offending message any where, yet it keeps popping up every week for the last three weeks.
This is hardly a devasting problem, but if anyone out there likes a mystery ...
Similar Messages
-
When using Mail, two of my email messages have "Virus Alert" in the header. Why?
Two times now the header on an email message to me in reply has said "Virus Alert". Does this mean I have a virus or coincidentally two people I sent emails to have a virus? I am using the Mail application.
IMHO and I tell you this a mac tech for 15 years in the corporate world is AV is more trouble than it's worth on the mac and safe browsing habits and education are a far better defense against mac issues. The two biggest threats for mac are 1) scams, and 2) adware.
Adware can be cleaned up using free tools, I highly suggest
http://www.adwaremedic.com/index.php
• stay away from anything that spams ads regardless of how safe the site is where you saw the ad.
• stay off sites that offer anything that seems shady or dodgy.
• file sharing and storage sites are notorious for trying to force things into your downloads but lately sites like softpedia, download.com have been bundling crap ware along with legit software.
• Create two (or more) emails, one for friends and family, one for signing up for stuff. You can always forward the sign up one to the main one and track where the junk is coming from. Many times when you sign up for a service, or forum, or anything they can promise until blue in the face they wont give your email out and many times I've discovered (through disposable email sites) they are full of crap.
• get up-to-date (and intelligent) information on computer threats at sites like
http://www.thesafemac.com/
or cent, or PCworld
Mainstream media is notorious for misinforming and sensationalizing anything they can when it comes to computer hazards. -
Exported Word files set off virus alerts for Windows users.
Work for a communications agency. Many of us prefer to write our copy in Pages, then export to Word files when sending over to clients to review. But, our exported "Word" files set off all our clients virus alerts like clockwork. Is there any way to prevent this besides exporting to RTF or PDF?
I've been told that Pages files exported out to Word files contain benign "macros" under the hood. And that virus alert programs on the Windows side see these macros (however harmless they are) and warn the user to not open, or trash the files.
This is causing hardship for us wanting to switch over to using Pages full-time. To our clients, it makes it seem as if we are careless, or are sending them files with viruses all the time.bkjj40a wrote:
Work for a communications agency. Many of us prefer to write our copy in Pages, then export to Word files when sending over to clients to review. But, our exported "Word" files set off all our clients virus alerts like clockwork. Is there any way to prevent this besides exporting to RTF or PDF?
I've been told that Pages files exported out to Word files contain benign "macros" under the hood. And that virus alert programs on the Windows side see these macros (however harmless they are) and warn the user to not open, or trash the files.
As far as I know, there is no macro in files created by the Pages export process.
I'm on the Pages forums since two years and never read any message about such a behavior.
My guess is that the problem is not in Pages.
Maybe you are using the same anti-virus than my brother.
It rejects all jpegs claiming that they have a virus embedded
Yvan KOENIG (from FRANCE dimanche 14 juin 2009 10:48:07) -
Norton security alert high memory use for a specific file shared by millions
current version microsoft xp. computer frequently goes into a scan type mode followed by a norton security alert high memory usage. causes major slowdown in system use
current version microsoft xp. computer frequently goes into a scan type mode followed by a norton security alert high memory usage. causes major slowdown in system use
-
In >1 applications, e.g. Norton Virus Scan, and Macware DiskToolsPro, the status bar sometimes shows 100% complete but task is still running. Under the status bar, where it says something like "x of y items complete," x is greater than y. This also happens in Windows 7 with Bootcamp. Why does this happen?
In >1 applications, e.g. Norton Virus Scan, and Macware DiskToolsPro, the status bar sometimes shows 100% complete but task is still running. Under the status bar, where it says something like "x of y items complete," x is greater than y. This also happens in Windows 7 with Bootcamp. Why does this happen?
-
My home page keeps changing back to a strange search engine http://search-quick.com/?si=85680&channel=DP2701 and then a virus alert pops up with a phone number to call. It won't let me use the internet. Help!
There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
If you have trouble following those instructions, see below.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
/Library/LaunchDaemons
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
com.something.daemon.plist
and
com.something.helper.plist
Here something is a variable string of characters, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
com.something.agent.plist
where the string something is the same as before.
If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
something
where something is the same string you saw before, drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may an item named exactly
v.framework
It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked. -
I have recently received two virus alerts while connected to the internet. A page identifying itself as Apple Securty Center suddenly pops up with a notice that my iMac is infected with a variety of viruses and trojans. There's a box with a button to click on that will supposedly remove the viruses. Is this a valid alert from Apple, or some nuisance site that is popping up? That fact that it's happened twice in less than a week's time has me concerned.
if you installed anything get rid of it
this is from PC mag
The Sourcefire Vulnerability Research Team (VRT) has a great blog on MacDefender, the rogue antimalware trojan currently spreading on Mac systems. This malware is known by a variety of names, including "Mac Defender", "MacProtector", "Mac Security", "Apple Security", and "Apple Security Center". The blog is filled with excellent technical details and images, and it also has clear and easy procedures for removing it, which I will repeat here:
In Safari under "Preferences", at the bottom of the "General" tab (the first tab), uncheck "Open safe files". This will prevent Safari from starting threats like MacDefender automatically after downloading them.
Open up "Activity Monitor" (this is in your Utilities folder within Applications)
Find "MacDefender" (or whatever the malware is being called, MacProtector, Mac Security, etc)
Highlight it then click "Quit Process" which looks like a big red stop sign at the top right of the Activity Monitor screen.
Next, open System Preferences, and go to "Accounts". When it appears click on the "Login Items" button, select the program, and then click the "minus" button to remove it from Login Items.
Next, navigate to your Applications folder, find the program, drag it to the trashcan, and then empty the trashcan. Yes. It's really that simple to remove
hope this helps
-mvimp -
On ebay i can't send question to sellers.have norton virus program wind.7
I have win.7, norton virus program..norton 360.firefox browser i installed about 2 mo.ago.i use ebay a lot.i can do everything on it except,down at the bottom of the page is a ASK A QUESTION of the seller.the only hitch is when you have to type a number in a box,then click on Send.well,it won't accept the number i enter,goes back to the page,ontop it says: please reenter the area below: its always the numbers in the box.so whats wrong? tks..
Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache.
Note: ''This will temporarily log you out of all sites you're logged in to.''
To clear cache and cookies do the following:
#Go to Firefox > History > Clear recent history or (if no Firefox button is shown) go to Tools > Clear recent history.
#Under "Time range to clear", select "Everything".
#Now, click the arrow next to Details to toggle the Details list active.
#From the details list, check ''Cache'' and ''Cookies'' and uncheck everything else.
#Now click the ''Clear now'' button.
Further information can be found in the [[Clear your cache, history and other personal information in Firefox]] article.
Did this fix your problems? Please report back to us! -
IPhone Message: apple virus alerts
After installing the app downloaded from the itunes store:
instamag-magazine collage (version 2.0; developer: fotoable, Inc)
When selecting from the app the icons corresponding to messages (envelope) and configuration, it open a windows in safari and after automatically jumping through what it seems ads pages and finally redirects to the page "appstore-service.com", then iphone gives the message "apple virus alert" (with sound).
Is this a case of a virus?
Is the app developer breaking the rules of apple?
Please try to act and avoid this anoying situations like the one with the app I mention above (I think apple should try to if they aprove the apps before putting them in the store).
Have any other seen / suffered this issue?iJD2 wrote:
Is this a case of a virus?
No. Contact the App's developer for support. -
Satellite 1415-s105: Virus alert - please help!
Hi,
I'm running XP home edition on a Satellite 1415-S105
The computer is behaving very suspeciously, it says: :your computer is infected" - vist this or that website and we'll fix it for you without me even running browser.
I've reinstalled xp with the recovery drive from toshiba serveral times, but this doesn't help. The virus or whatever it is is still there.
What do I do?
Everything is backed up. I just want to do complete clean up of the hard drive, but the recovery disk doesn't seem to be able to.
Thanks a lot.Hi
Did you use several partitions on the HDD?
Its possible that the virus is placed on the second partition and not on C OS partition.
Sometimes viruses, worms and other danger applications are hidden in the common files like mp3.
In my opinion you should use the anti virus software like Norton antivirus and update the virus file definition. Its very important that your anti virus software is up to date. -
Virus alert and problems with Adobe Exchange Panel latest update
Hello,
just to let you know I downloaded the must recent update to Adobe Exchange Panel and had 2 issues:
Norton Internet security blocks the installation reporting there are high security risks in several .dll files, it won't let me install them.
If I shut down my antivirus the installation works fine, but the panel is blank when opened; it just doesn't work.
According to my antivirus, the "threat" is called "Suspicious.Cloud.7.F" and it finds it in all these files that are installed with the new panel:
poconetssl.dll (Suspicious.Cloud.7.F) c:\program files (x86)\common files\adobe\cs6servicemanager\extensions\adobeexchange\assets\exmanwin32\poconetssl.dll
pocodata.dll (Suspicious.Cloud.7.F) c:\program files (x86)\common files\adobe\cs6servicemanager\extensions\adobeexchange\assets\exmanwin32\pocodata.dll
pococrypto.dll (Suspicious.Cloud.7.F)c:\program files (x86)\common files\adobe\cs6servicemanager\extensions\adobeexchange\assets\exmanwin32\pococrypto.dll
pocozip.dll (Suspicious.Cloud.7.F)...
pocoxml.dll (Suspicious.Cloud.7.F)...
pocoutil.dll (Suspicious.Cloud.7.F)...
poconetssl.dll (Suspicious.Cloud.7.F)...
pocodata.dll (Suspicious.Cloud.7.F)...
pococrypto.dll (Suspicious.Cloud.7.F)...
I'm assuming this a false positive. Anyway, I can not use the panel at all. Hope someone can help.There were a couple of links in the right column that mentioned virus problems. After reading a bit, I solved my problem.
Go to Norton, select SETTINGS, then select COMPUTER SCAN, then set HEURISTIC PROTECTION to OFF. (It will still stay green.)
I then tried to re-install the Adobe Exchange Panel and everything is now working fine. -
My software update to 6.1.6, and now it load a NORTON anti-virus page prompting me to call 8xx number, which will not go away. All drop down boxes are locked, so I cannot access any commands. Is this a known virus?
1.Force Quit .
Press command + option + esc keys together at the same time. Wait.
When Force Quit window appears, select the Safari if not already.
Press Force Quit button at the bottom of the window. Wait.
Safari will quit.
Relaunch Safari holding the shift key down.
2. Safari > Preferences > Extensions
Turn those off and try Safari.
3. Safari > Preferences > Privacy > Cookies and other website data:
Press “Remove all website data” button.
4. Download and run Adware Removal Tool.
http://www.thesafemac.com/art/ -
Virus alerts on my MacBook air screen
I Hate this computer and am at my wits end. bought new in August. Hardware crashed in November. Apple repaired and returned last week. They installed logic board 1.4 GHz 8GB; board I/O; and, cable I/O flex according to the work order. Today I powered up and was going through setup routine. Having trouble with mail setup when suddenly two alert messages popped up today that I had a virus. I'm a medium level computer user so I'm confident I've never ever in 20 plus years Of using computers ever opened anything harmful. How did I get a virus. were the alerts some sort of scam. I shut the computer down and have tried without success to get apple support. Can anyone advise me what to do? Am 76 years old and need my computer to stay in touch with family. Thanking you as I'm nearly in tears over this.
It's not a virus, and the same thing would have happened with any other computer, including a PC. It's a JavaScript scam that only affects your web browser, and only temporarily. There are several ways to recover.
1. Some of those scam pages can be dismissed very easily. Press the key combination command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.
2. Press and hold command-W. You may hear repeating alert sounds. While holding the keys, click the OK button in the popup. A different popup may appear, which you can cancel out of as usual.
3. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Security
and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.
Close the malicious window or tab.
Re-enable JavaScript and close the preferences dialog.
4. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. None of the windows and tabs will reopen.
After closing the malicious page, from the menu bar, select
Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize. -
Conficker, Downadup or Kido April 1, 2009 Virus Alert and Information
Hi everyone,
As you have probably seen, there is plenty of press going on about a new Virus that is reported ready to spring tomorrow on April 1. In an effort to keep our users protected, we are trying to get the word out as well. The following information is provided as some steps you can perform. HP does not endorse, nor recommend any virus application over another, but we do look to the major vendors for guidance.
Target: All users of Windows XP and Windows Vista.
On April 1st the Conficker worm will start taking more steps to protect itself. After that date, machines infected with the “C” variant of the worm may not be able to get security updates or patches from Microsoft and from many other vendors. The creators of the worm will also start using a communications system that is more difficult for security researchers to interrupt.
The Conficker worm, sometimes called Downadup or Kido, has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. Current users of Symantec’s Norton security products are protected.
Symantec has a detailed technical analysis of the threat here:
What does the Conficker worm do? The worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. What will that software do? Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.
How does the worm infect a computer? The Conficker worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.
Who is at risk? Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.
What to do if you are infected 1. Use your anti-virus product to identify which variant of the worm is on your computer.
2. Follow the detailed removal instructions for the specific version of the of the worm. These can be found here:
W32.Downadup.A writeup
W32.Downadup.B writeup
W32.Downadup.C writeup
Advice to Stay Safe from the Downadup Worm:
Run a good security suite, like Norton Internet Security or Norton 360.
Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
Be smart with your passwords. This includes
· Change your passwords periodically
· Use complex passwords – no simple names or words, use special characters and numbers
· Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.
6. Use a passwords management system such as Identity Safe (included in Norton Internet Security and Norton 360) to track your passwords and to fill out forms automatically.
Run an Internet Security Suite, such as Norton Internet Security, or Norton 360.
FAQ Q: Am I safe if I don’t go to questionable web sites?
A: No. The Conficker worm seeks out computers on the same network. You can be in a coffee shop, an airport or in the office and the worm will quietly try to attach to your computer and run itself.
Q: How do I know if I am infected?
A: The best way to know if you are infected is to run a good antivirus product. One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies.
Q: Can’t I just run free antivirus software?
A: Yes, but free products often aren’t thorough or comprehensive. Worse, the internet is overflowing with fake free security scanners that actually infect your computer. Fake scanners such as “Antivirus 2008” are difficult to identify and have plagued hundreds of thousands of users around the world.
HP Product Expert for the Officejet Pro X Series.
Was your question answered? Mark it as an Accepted Solution!
See a great post? Give it a Kudos!All:
We found this link as a resource for more detailed information:http://www.confickerworkinggroup.org/wiki/
There, they have a quick visual test (brilliant!) to see if you might be infected. Conficker Eye Chart
I have to say, the computer security industry has really pulled together on this issue for unprecedented cooperation! "So what happened on April 1," you may ask? According to various anti-virus manufacturer websites the infection was programmed to begin download updates to itself after generating a list of websites on April 1st. Allegedly, the Conficker Working Group thwarted this attempt by pre-registering (owning) a majority of the websites the bug was going to utilize. So April 1st came and went without much incident - but this does not mean we are through hearing about this issue as some experts believe this was only the "activation date."
Stay tuned for more information...
Message Edited by Matthew-GS on 04-03-2009 11:07 AM
Matthew|Community Advocate | Best Buy® Corporate
Visit our Channel on
Private Message -
Firefox recommends I download .exe software to fix threats but I am on a Mac
I received a security alert for a number of high level threats. I want to download the software to erase these items but the firefox software is .exe What can I do?
I am on an iMac using Firefox 3.6.17
My OS is 10.5.8No, that's a scam, do not follow them or download their stuff, go as far in the opposite direction as possible.
Maybe you are looking for
-
Passivation of Application Module before session timeout
Hi, JDeveloper : Studio Edition Version 11.1.2.3.0 Oracle 11g Database WLS - 10.3.5 I have an application (ADF BC and ADF Faces) built with jsff fragment and I have set user session time out in 4 hours. After some time (even before 1 hour of inactivi
-
IDOC Change pointers is table BDCPV still used nowadays
Hi, I got a do something with idoc transfer. I got a document with described what to do. One of the things to do was to get Change pointer data out of tale BDCPV. But in that table hasn't been written anything last year. i have activated changepointe
-
Hi, In my table I've a column holding values like (165, 16, 133:16, 16:133, etc.). Now I want to query for records having '16' in this column. So I'm not very firm in regex I've with the help of some tutorials get the following query: SELECT * FROM M
-
One error i cant seem to figure out
theres one error i can't figure out. its on line 369. i want to set my JTextArea to be blank but the error is: cannot find symbol variable NotesList i'll post my codes here and will be very grateful if somebody could help me out. thanks . import java
-
Re pages 09 upgrade. I downloaded the upgrade, it's in my applications, but I have to drag it to the dock for it to to apply to a file. 09 is still active?