Find and Delete Viruses with ClamXav
Macs have been relatively free of viruses, worms, trojans, and spyware, but they have been affected by phishing scripts. As Macs have become ever more popular, we’ve seen a slow rise in the amount of malware. Apple has been good at releasing updates that defeat other kinds of malware, so the phishing script is the primary kind of malware we see.
If you notice that your Mac is slower than usual, or you begin receiving lots of email bounce messages saying that messages know you never sent couldn’t be delivered, you should suspect that you might have a phishing script on your computer.
What is a phishing script?
Phishing scripts run in the background, without your knowledge, sending out thousands of legitimate-looking email message that appear to come from banks, auction sites like eBay or Amazon, payment processing companies like PayPal, social web sites, shipping companies, and web or email hosting companies.
The goal of a phishing message is identify theft. The messages tries to fool the recipient into clicking a link in the message, which takes them to a web site where they can “take care of” whatever the message was about. Of course the site requires that they enter personal information (for security purposes, of course…) like account numbers, credit card numbers, pin numbers, names, dates, and social security numbers. It all looks very legitimate, except that the site is a fake…the goal is to get you to enter the information so that they can use it to steal your identity, sell your credit card info, drain your bank account, or make purchases using your info.
We haven’t seen a phishing script that does any damage to a Mac or its files, but an infected Mac may be slower than normal because it’s splitting its attention between the work that you’re doing and sending out the phishing messages.
It used to be that the messages would be sent to everyone in your Address Book or Contacts. More recently, however, the phishing script uses outgoing addresses it gets from a huge list of potential email addresses for victims maintained by whoever created the script. Since the script creator doesn’t really know whether those email addresses actually exist, you’ll end up receiving a bounce message for each message that was sent to a non-existent email address.
Antivirus software will identify and delete phishing scripts. Our favorite is ClamXav, a free virus scanner for Mac OS X. It uses the very popular ClamAV open source antivirus engine as a back end and has the ability to detect both Windows and Mac threats.
Download ClamXav at http://www.clamxav.com/download.php.
When the download is done, the following window should appear on your screen.
Drag the ClamXav icon from the window to the Applications folder on your hard disk. Then double-click the ClamXav icon in the Applications folder.
The first time you run ClamXav, an alert box tells you that you must first install the Clam Anti-Virus scanning engine. Click the Install button.
The Installer will launch, and you’ll see the following window. Click the Continue button.
Next is the “license” window. Click the Continue button.
Next is another window asking you to specifically agree to the license. Click the Agree button.
Next is a window for choosing the standard installation or changing the installation location. Simply click the Install button.
Launch ClamXav (by double-clicking its icon in the Applications folder). The main window appears. Click the Update Definitions button at the top of the window to be sure you have the very latest virus definitions.
You can also click on any of the other folders in the source list to run a virus check that’s limited to that folder. You can also drag additional folders or disks into the Source List to check them.
The virus scan will take a while…the bigger the folder or disk being scanned, and the more files within it, the longer it takes.
Any viruses, worms, trojans, and other malware files that are found will be listed in the upper pane of the ClamXav window. To get rid of them, click on one of them to highlight it, then click Select All in the Edit menu…which highlights the entire list. Finally, click the Delete File button at the top of the ClamXav window. That moves all the malware file to the Trash. Now quit from ClamXav. To permanently eliminate the malware files, click Empty Trash… in the File menu.