Author Topic: INFECTION BLOCKED  (Read 1651 times)

0 Members and 1 Guest are viewing this topic.

Offline WhoKnewIt

  • Newbie
  • *
  • Posts: 5
INFECTION BLOCKED
« on: November 03, 2018, 11:55:54 PM »
I keep getting popup windows saying Infection Blocked. Every time I open a new email two new windows pop up. They are not from a particular email or even an attachment.  It seems that the Win32:Trojan-gen are in the applications/mail.app/contents/MacOS/Mail.

The File Shield repost shows me an email attachment in the library/Mail/Inbox, but the file is not there when I drill down?

Any idea how to stop these pop-ups AND get rid of the file causing the problem?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35662
Re: INFECTION BLOCKED
« Reply #1 on: November 04, 2018, 11:49:29 AM »
access your mail account from webmail, make sure that detected mail is gone/deleted

Then clear sync cache in your mail app and reboot


Still problem?

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline WhoKnewIt

  • Newbie
  • *
  • Posts: 5
Re: INFECTION BLOCKED
« Reply #2 on: November 04, 2018, 10:30:28 PM »
Still have pop ups after cleaning cache of mail and restarting Mail.

The Infection Blocked pop ups do not detect a specific email. 
Here is what they say:

INFECTION BLOCKED!
AVAST Mail shield has blocked a threat.
Infection: Win32:Trojan-gen
File: >PaySlip-MT1031.tar#2587098122
>PaySlip-MT103.exe
Process: Applications/Mail.app/Contents/MacOS/Mail

INFECTION BLOCKED!
AVAST Mail shield has blocked a threat.
Infection: Win32:Trojan-gen
File: >SwiftCopy-MT10312.tar#2587098122
>PaySlip-MT103.exe
Process: Applications/Mail.app/Contents/MacOS/Mail

When I open Avast Shields and History, It Show this File Shield.
And I don't know if this is something else or part of the same problem.
FILE PATH:
/Users/......./Library/Mail/V5/40AD7C75-C9DC-4DCA-A74C-AB2B1C11611A/INBOX..../1234C2A2-DDCD-4FAF-96EB-A7C1C1616530/Data/3/7/7Attachments/773630/2/Sep2018.xls
APPLICATION: Mail
VIRUS NAME: Other: Malware-gen [Trj]

This is the file that doesn't exist when I go there.



Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 797
  • Product manager of Mac AV and Cleanup
Re: INFECTION BLOCKED
« Reply #3 on: November 05, 2018, 03:41:00 PM »
@WhoKnewIt - what is your product version? Would you mind to update to the latest greatest 13.11 version in Preferences > Updates ?
Quality is also a feature.

Offline WhoKnewIt

  • Newbie
  • *
  • Posts: 5
Re: INFECTION BLOCKED
« Reply #4 on: November 05, 2018, 05:02:42 PM »
Yes, I do have the latest version 13.11.
Where do I find the infection and stop the pop ups?

They have been popping up for 2 weeks now.

Do I need to uninstall it and reinstall it?

Offline ondrej.kolacek

  • Avast team
  • Full Member
  • *
  • Posts: 151
Re: INFECTION BLOCKED
« Reply #5 on: November 05, 2018, 06:50:28 PM »
Hello,

the issue is that we do not signal very well where the infection is for the mail detection. I will add this as an improvement for the new GUI we are working on (it could display timestamp and mail's subject for instance). The infection is in an attachment in some mail, but it is quite hard to find the mail in question. It is likely that the mail contains "hollow shell" of the file reported (PaySlip-MT1031.tar).

The second detection is a bit weird; it seems that the infected file has only been caught by Fileshield when mail app tried to save it to the hard drive. There could be a mail containing attachment Sep2018.xls, possibly in some archive.

I would suggest trying to search for these files in your mail; if you have a web UI for the mail, try to search for it there, you will have higher chance of finding these files. You should then delete these mails.

Kind regards,
Ondrej Kolacek

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5047
Re: INFECTION BLOCKED
« Reply #6 on: November 06, 2018, 12:14:22 AM »
Two of the detections are .exe which should really be blocked by most filters today. Ondrej is right, these are likely in an archive file. If you can get to the webmail of your email provider (Assuming IMAP or similar) search for common archive file types like .zip and .rar and see if there are any as attachments
"People who are really serious about software should make their own hardware." - Alan Kay

Offline WhoKnewIt

  • Newbie
  • *
  • Posts: 5
Re: INFECTION BLOCKED
« Reply #7 on: November 06, 2018, 05:23:18 AM »
I have already searched for all possible extensions and names and can not find them.

I have searched on my webmail for both PaySlip-MT103.exe and Sep2018.xls in all Folders and it doesn't find them.
I have searched in Library Mail for any attachments for both PaySlip-MT103.exe and Sep2018.xls

The two pop up windows continue to pop up when each new email comes in to the Inbox AND each and every time I click on a new unread email. Up to 10 pop-up windows are continually on my desktop and it is getting frustrating.

Is the Avast security program actually blocking a threat?  If I uninstall Avast, would I be protected?

Offline ondrej.kolacek

  • Avast team
  • Full Member
  • *
  • Posts: 151
Re: INFECTION BLOCKED
« Reply #8 on: November 06, 2018, 06:13:10 PM »
Hello,

Yes, it is blocking a thread; there is no way how popup can pop unless our scanning engine detects an infection.

Aside from that, the PaySlip-MT103.exe is within SwiftCopy-MT10312.tar archive.

I will investigate if I can at least easily log subject and timestamp of mail detections and if yes, it will be in the new version we are now working on.

Kind regards.,
Ondrej Kolacek

Offline WhoKnewIt

  • Newbie
  • *
  • Posts: 5
Re: INFECTION BLOCKED
« Reply #9 on: November 07, 2018, 12:31:54 AM »
Finally Fixed it!
I finally found the actual email.  The email with the PaySlip attachments showed up in my iPhoneX Mail program, but the email was not on my Mail desktop or in my webmail.

For some reason it was hidden in my Mac Mail program on my desktop.

Thank you for all of your suggestions though!