How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Daniel Your Own Question
Daniel, Mac Genius
Category: Mac
Satisfied Customers: 4770
Experience:  Apple certified on desktop and portable, help desk qualified. Have owned and used Macs since 1989.
Type Your Mac Question Here...
Daniel is online now
A new question is answered every 9 seconds

I am on a Dual 1.8 GHz PowerPC running OSX 10.5.8 On Nov

Customer Question

I am on a Dual 1.8 GHz PowerPC running OSX 10.5.8

On Nov 2, 2009 I received 2 copies of a email that was titled with a heading from a form on our company site. It was from a customer. All the email from this day took a while to arrive due to the email servers at our ISP being down which was very strange. When I called to inquire as to why, I believe I remember them mentioning some sort of viral attack.

When the emails did start to come in they came in in pairs - two copies of the same post. Hence, my mention of 2 copies from the same person. Upon clicking on them I discovered both emails contained no visual information. No text or attachments.

Soon after, when using my finder window I would get a blinking or flashing of the windows which was not normal. I checked my user preferences folder and found a cryptic folder whose name was made up of all kinds of symbols, letters, etc. I deleted it and went back and found the emails in question in both my email client and
in the user preferences folder and deleted those. When Mail was relaunched the emails returned. They cannot be deleted!

Subsequently, I have traced the cryptic folder creation to the launch of photoshop. If I open the user preferences and then launch photoshop I can see a folder created with the cryptic characters for a name. There is never anything in it that I can see. So for the last year year I have learned to live with this. Launch photoshop, delete creepy folder get on with work.

About 2 weeks ago I started to notice my search feature no longer worked in any app that was tied to the OS. So if I looked up a customer order with an order number in Mail, nothing was returned. Same for the Spotlight search feature.

Yesterday I arrived at the office and the computer would not power on. Dead. I moved it to a different outlet and it did start. But when I moved it back to it's original location, it didn't, though there were other devices running off the same power strip. I checked the cords, they were OK. I pulled the drive out an took it home where I have another Apple tower to install it in. I used the home drive as the started up drive and the office drive as a secondary drive. The office drive booted up and I was able to backup all the files just in case the drive died. I installed the office drive as the start up drive and restarted. I got the blue screen. Everyone once in a while the bars spinning in a circle came up as if it was trying to launch or access the OX but it could not.

I put the home drive in as the start up drive and the office drive as the secondary drive and took the whole thing back to work where I was able to get up and running so orders can be shipped. Unfortunately, the mysterious twin emails that started all of this are now in my in box in the email client despite the fact that all the emails for 2009 were deleted. I have not clicked on them. If I launch photoshop off what was the home drive, no cryptic folder is created in the user preferences folder as has been the case. I am hoping this means that because I have not clicked on the twin emails in question, the virus has not been activated.

So my questions are -

How do I delete these non deletable emails and rid this virus from my system once and for all?
What could have caused my office machine not to be able to power on?
Could the virus have damaged the hardware/ mother board?
What would you suggest to repair the machine? Take it in for service? Apple store? Best buy?
How can I best restore my office drive so I can make sure it's virus free and stable?
Again the drive seems OK as it's functioning fine as secondary drive.

Please advise.
Submitted: 6 years ago.
Category: Mac
Expert:  Daniel replied 6 years ago.
Hello, my name is Dan.
I will do my best to help you, the only stupid question is the unasked one.
That is a quite detailed synopsis, and indeed I do believe that you have been infected but it has not done much more damage your Adobe software, Adobe likes to put things in places where they do not belong in the Macintosh operating system.
Hence the problems you are having.
Since you have backed up your important data I would suggest wiping the drive and installing a fresh new copy of your operating system.
This will eradicate any and all corrupted system files. It also means that you will have to reinstall your third-party software such as Adobe Photoshop. You cannot safely transfer the old Photoshop to the new system without corrupting the new system.
The same may also be true of some of your data but there is a smaller chance.
I do not think that an Archive and Install would do you a lot of good especially since you have had this problem for some time.

That said, there are a few things that you can try before you go to the extreme of doing this scrape and pave.
One is called a fcsk, this is a terminal command that checks through your hard drive and repairs a lot of different things.

1. Reboot/Startup holding your Command-S key down.

2. At the command line type the following and hit 'Return.'

/sbin/fsck -fy (space between the k and the -)

3. If it finds a problem and repairs it, immediately run fsck again until the drive checks OK.

4. After it has check/repaired your disk, type 'reboot' and hit 'Return' again.

Try doing that and that will certainly help with getting it to boot.
The next thing I suggest you do is called repairing the permissions, this PDF will explain how to do that.
Because you are running 10.5.8 the permissions repair would take quite some time.

I suggest trying those and see what happens, that may put things back in order or it may not, it depends upon the damage.
Please keep me posted. If that doesn't work then we will continue.

Customer: replied 6 years ago.

Sound like a plan. The only problem I have at this point is that the office tower that the office drive was in will not power on when the office drive is installed as the start up drive. If I cant power on the machine I cannot run the fcsk, correct?

Can I run the fsck on the office drive if it's the secondary drive in the home tower that I now have it installed in?

Please advise.

In addition, if I do clean all this up, am I still at risk for continued infection do to the presence of these emails that I cannot delete? Can I do an import into a fresh, clean version of mail of my old messages and not bring the viral post in with them? Maybe go in and do it by hand? Let me know.

Expert:  Daniel replied 6 years ago.
If you are using the Mac mail application then you can set a rule to automatically delete those e-mails so that they are no longer a threat.
One way to do this so that you don't even see what is contained in these e-mails is to disable the automatic opening of mail.
This is done by dragging the bar that has a small dot in the center all the way to the bottom of the window.
By doing this you have to double-click or deliberately open the e-mail, that way nothing automatic happens.
However, I am assuming that you are using the Mac Mail application.
I recommend this utility to repair that drive, DiskWarrior 4, it will cost you approximately $100 but I use it a lot and like it a lot.
Or, since you have your stuff backed up you might want to just wipe it and start over.
Another way to avoid this is to turn off any automatic installation of anything including software updates.
Customer: replied 6 years ago.

>If you are using the Mac mail application then you can set a rule to automatically delete those e-mails so that they are no longer a threat.

I did this and nothing happened. The posts are still there. I have been trying to delete this posts for a year and they just come back. I throw them away from inside Mail, I drag them to the trash from the user pref folder, and they come back.

>I recommend this utility to repair that drive, DiskWarrior 4, it will cost you approximately $100 but I use it a lot and like it a lot.

Which drive? The office drive that won't boot up?

I do not have auto install on. I have OK all updates, etc.

Please advise.


Expert:  Daniel replied 6 years ago.
That utility will not run on the disk it is installed on, which means that with the drive as secondary in your tower is a good set up to use it.
You may need to trash the Mail preferences to get rid of those, this will require that you set the accounts back up from scratch. It is very possible that they are on the server and deleting them from your machine will not be rid of them.

Customer: replied 6 years ago.
>It is very possible that they are on the server and deleting them from your machine will not be rid of them.

If I go to the server and they are there and delete them there that should get rid of them?

Expert:  Daniel replied 6 years ago.
Should. Give it a try.
Customer: replied 6 years ago.
Ok It's going to take a while for me to implement these other solutions. How does this work? Do I keep the "channel" open with you until the solutions are worked out and the problem is solved? It may take a few days as I have the continue to run my company during the day.

Expert:  Daniel replied 6 years ago.
Bookmark this like a site you want to return to.
Then keep me posted.
Customer: replied 6 years ago.
Ok Dan.
Much appreciated.

Expert:  Daniel replied 6 years ago.
Let me know.