You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: enzo_
enzo_ Author
User level: Level 1
8 points

.zip file virus?

I opened a .zip file I downloaded from a seemingly okay site with extra features for a video game. Immediately upon opening it, my computer started opening up a bunch of random programs and files on my computer like word documents, pictures, and iTunes. Panicked, I force restarted my computer and everything seemed normal when I logged back in. I threw the file away and emptied the trash. I've been using it for about an hour now and it seems completely fine. I downloaded a virus scanner and nothing came up, but I'm still paranoid. Is it likely that there are still lasting effects and, if so, is there a good way for me to check?

MacBook

Posted on Aug 25, 2019 2:46 PM

Reply

Similar questions

5 replies
User profile for user: Kappy
Kappy
User level: Level 10
361,831 points

Aug 25, 2019 3:45 PM in response to enzo_

No way to know. If you are concerned then you should consider changing passwords that you often use. In the future do not open files unless you know what is in the file.


About Email and Other Scams


Apple always addresses you by your name or the name they have on file for you.  The Email will be from apple.comor itunes.com. Email addresses can be spoofed. You can go to Mail > View > Message > Show all Headers to see more. Apple Emails will never contain an attachment. Apple will never request personal information such as Social Security numbers.


An exception to the above is when you order something from the Apple Store. The receipt will be addressed to Dear Apple Customer.


Avoid Scams


  1. Identify and report phishing emails and other suspicious messages
  2. Annual Reminder- Watch out for email Phishing Scams
  3. Identifying fraudulent "phishing" email
  4. Beware of Browser Pop-Up Tech Support, Phishing Scams
  5. Phishing & Other Suspicious Emails
  6. Avoid phishing emails, fake 'virus' alerts, phony support calls, & other scams
  7. Phony "tech support" - "ransomware" popups and ... | Communities


Report phishing email to abuse@apple.com.


Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,352 points

Aug 25, 2019 4:54 PM in response to enzo_

That file is perfectly safe. I think what happened was that Safari automatically expanded the zip file for you. You didn’t realize this and accidentally navigated into the expanded folder and asked it to open all files and folder inside the zip file. That would explain the "opening up a bunch of random programs and files”.


Safari automatically expanding zip files is the default behaviour. You can turn that off in Safari > Preferences > General > Open “safe” files after downloading. There are those who feel that no file should be considered “safe” and this setting should always be disabled. I generally agree with that. It doesn’t hurt anything to have to manually expand zip files if you need to.


Generally speaking, antivirus apps are not possible in the Mac App Store. There is a version of EtreCheck in the Mac App Store, but it works differently from traditional antivirus apps. This enables it to detect adware and malware in the Mac App Store, but the technical restrictions in the Mac App Store still make it very difficult to properly remove adware and malware.


Unfortunately, you most definitely should NOT have deleted those files in EtreCheck. Virtually anything listed on an EtreCheck report is going to be some system modification that you installed. If you use EtreCheck to remove files, you will break that software. In the case of adware or malware, you want to break it so it will stop working. But for any other file, you really can’t determine whether you need them or not. That is the reason for that big warning dialog in EtreCheck.



If you know what files you deleted, you can find them in the Trash. You can right click on them and choose “put back” to restore them to where they belong. If you still have your EtreCheck report, you can e-mail it to me and I can tell you what software was affected. If you don’t have any of that, I’m afraid you will just have to wait and see what isn’t working anymore.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
50,352 points

Aug 25, 2019 3:47 PM in response to enzo_

How did you “open” it? Were there any dialogs when you attempted to open it? Have you disabled your built-in system security? What virus scanner did you download? Most of them are scams.


Can you provide a link to this file?


Unfortunately, it sounds like you have deleted any useful evidence.


I wrote a little diagnostic program to help show if is installed and the overall status of your machine, including security. Download EtreCheckPro from https://www.etrecheck.com and run it. Create a new reply and use the "Notes" tool below to add your EtreCheck report.


If adware is installed, EtreCheckPro will help you remove it, although you may have to supply a password. If you aren’t comfortable with that, just post the EtreCheck report here and other helpers can tell you exactly what files need to be deleted and how to do so.


Disclaimer: EtreCheckPro is my own app. EtreCheckPro is free to use but has in-app purchases available. Downloading EtreCheckPro or using it could give me some form of compensation, financial or otherwise.

Reply
User profile for user: enzo_
enzo_ Author
User level: Level 1
8 points

Aug 25, 2019 4:15 PM in response to etresoft

When I opened it, I just double-clicked it without thinking. I wasn't even supposed to open it, I was just supposed to drag it into a folder in my game. It said something along the lines of "are you sure you want to open 135(?) files?" and when I clicked yes, that's when it started happening. The only explanation other than some kind of virus I can think of is that it just caused my computer to bug since I wasn't supposed to open it, but I really don't know enough about computers to know how plausible this is.


As far as the safety thing goes, I don't think I've disabled it. I'm usually pretty careful. I downloaded Bitdefender Virus Scanner from the app store because I saw people saying it was safe and effective, and it found a couple of adware things (I think they were genieo) which I deleted even though I think I had already gotten it previously from something else.


I ran your app and other than there being no Time Machine backup, it didn't warn me of any major issues. Everything else seems to be okay. There were a few unsigned files which said they were probably okay that I deleted anyway because I didn't need them.


Here's the link to the file. It's supposed to be a texture pack for Minecraft. I've been too scared to download it again and install it properly to see if works and I just caused a bug.


http://www.mediafire.com/file/707sylt75hqifp9/Wolfhound_Dungeon.zip/file

Reply
User profile for user: enzo_
enzo_ Author
User level: Level 1
8 points

Aug 25, 2019 5:07 PM in response to etresoft

Thanks, that's a huge relief and I'm guessing that's what happened. I'll definitely turn that feature off so this doesn't happen again. The files I got rid of were connected to my old printer which I don't use anymore, so that's why I went ahead and deleted them.


Thanks again for the help, I appreciate it!

Reply

.zip file virus?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up