AuthorYves ArchivesCategories |
Back to Blog
Avast For Mac Os10/19/2021
Avast's free software provides three shields to protect your computer: a file system shield, an e-mail shield, and a Web shield. With all three representing a door to your computer, Avast does a great job of watching these entrances.However, this comes at a cost, and we don't mean money: as soon as you launch the app, you'll notice a slight drop in your computer's performance, which is due to Avast being at work scanning your entire computer for infected files. Secondly, it affects your browser's performance, as it also scans the pages you attempt to navigate to for viruses through the extensions it installs in Safari, Firefox, and Chrome browsers. We did find its notification feature handy, as it informs the user about its actions, so you'll always know what the software is up to.Overall, Avast Antivirus for Mac is a nice addition to your Mac toolbox. It's free and very easy to use.I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. Therefore the virus is re-creating the file every restart of the laptop.I want to avoid wiping the laptop and re-installing everything, so that is why I am here. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. The file reappeared in the same location. I found nothing, until I restarted my macbook pro today. The file's location is : /private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64Avast categorizes the infection file as : JS:Cryptonight So, after deleting the file I did several more full system scans to check to see if there were any more files.I have no clue what to do.My Avast runs full system scans every week, so this just recently became an issue this week. So if something is mining in the background, I can't tell at all. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data.
![]() Avast Free Software ProvidesAs this article explains:The first file path ( /var/db/diagnostics/) contains the log files. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.Pretty sure there is no virus, malware or trojan at play and his is all a highly coincidental false positive.It’s most likely a false positive since /var/db/uuidtext/ is related to the new “Unified Logging” subsystem that was introduced in macOS Sierra (10.2). But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. Can someone please help me out.I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. So I have no clue where this has came from to be honest and I have no clue how to get rid of it. So when you reboot, it sees it is missing and recreates it in /var/db/uuidtext/.As for what to do now? Well, you can either tolerate the Avast alerts or you can download a cache cleaning tool such as Onyx and just force the logs to be recreated by truly purging them from your system not just that one BC8EE8D09234D99DD8B85A99E46C64 file. Congratulations! Your Mac has magically created a filename that matches a known vector that has been primarily seen on Windows systems… But you are on a Mac and this filename is just a hash that is connected to the “Unified Logging” database system’s file structure and it is completely coincidental that it matches that malware filename and should not mean anything.And the reason that specific file seems to regenerate is based on this detail from the above explanation:The second file path ( /var/db/uuidtext/) contains files that are references in the main *.tracev3 log files.So you delete the file in /var/db/uuidtext/, but all it is is a reference to what is in /var/db/diagnostics/. The second file path ( /var/db/uuidtext/) contains files that are references in the main *.tracev3 log files.But in your case the “magic” seems to come from the hash: BC8EE8D09234D99DD8B85A99E46C64Just check out this reference for known Windows malware files that references that one specific hash. This directory contains some other files as well including additional log *.tracev3 files and others that contain logging metadata. These files are binary files that we’ll have to use a new utility on macOS to parse them. How much storage is needed for revit mac 2018Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.(The "rude" texts are probably just names of malware. The content of the file is debugging information extracted from the library. The report is created because Avast uses the CPU heavily during the scan.The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections.Now what is really odd about this statement is the phrase, “ …MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner.”What? Is this implying that someone on the core macOS software development team at Apple somehow “accidentally” setup the system so it generates neutered fragments of a known malicious cryptocurrency miner? Has anyone contacted Apple directly about this? This all seems a bit crazy.UPDATE 2: This issue is further explained by someone Radek Brich the Avast forums as simply Avast self-identifying itself:Hello, I'll just add a bit more information.The file is created by MacOS system, it's actually part of "cpu usage" diagnostic report.
0 Comments
Read More
Leave a Reply. |