Avast WEBforum

Consumer Products => Avast Mac Security => Topic started by: MartinX on February 22, 2017, 04:08:39 AM

Title: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: MartinX on February 22, 2017, 04:08:39 AM
I installed Sierra about a month ago. I have done a few Full System Scan a few times, everything was good.

Today, I logged into one of my macOS accounts. Few Avast popups showed up. Avast detected Malware on files such as:

/Users/<user1>/Library/Containers/com.apple.siri.media-indexer/Data/albumtitlesdataTable.tdb
/Users/<user1>/Library/Containers/com.apple.siri.media-indexer/Data/composernamesdataTable.tdb
and other *.tdb files

I logged out, logged in to another macOS account. Did a manual scan of the account's com.apple.siri.media-indexer/Data directory and Avast detected more malware.

All of them are now in the Virus Chest.

Questions:
1. What is VBS:Malware-gen?
2. Why were the malware detected just now?
3. Are these real malware, or just false positives? Is my system at risk?
4. What should I do next? :(

I am running a full scan again to see if Avast finds anything.

Thank you so much!

Regards,
Martin
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: clownfishman on February 22, 2017, 05:20:32 AM
I have the same issue today also 2017-02-21.   Avast keep on popping up "VBS:Malware-gen" detection. 

I used Malwarebytes and detect nothing. 

Right now doing a full system scan ant currently at 75% complete and detected 98 infections.  Does not seem like there can be that many infection with so many different files.

Looking it up VBS is suppose to be VB scripts (how is Mac going to use VBScript)? 

Might be false positive with the latest update.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: b510c on February 22, 2017, 05:58:11 AM
I'm having this VBS:Malware-gen problem with Sierra as well today.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: poweravas4 on February 22, 2017, 06:10:19 AM
Hey guys I am having the same problem, my computer was just working fine, I was doing some doing some codes and when i tried to run it the inflection blocked pop up started. I ran the avast and it is giving me VPS malware gen or something for things like spotlight imovies and other applications and files. Do anyone know why is this happening?  It's freaking me out
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: hotappl on February 22, 2017, 06:39:11 AM
Having same problem as well.  Anyone have any info to share
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: cal190678 on February 22, 2017, 06:44:10 AM
I am also having the same problem on El Capitan. I did a full scan and it "detected" viruses in everything from .gif files in excel to iphone apps, 423 total. Hoping the next update fixes this.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Tim250 on February 22, 2017, 07:18:32 AM
My web shield is continuously popping up.. extremely annoying!!!

INFECTION BLOCKED!

VBS: Malware-gen

URL: https://clients1.google.com/tbproxy/af/query?client=Google%20Chrome

File: {gzip}
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: t.krantz.alaska on February 22, 2017, 07:20:23 AM
I too am seeing numerous VBS:Malware-gen reports on two Macs running Sierra (OS 10.12.3). I aborted the scans and shut down for the night. I am looking forward to a revision/update to Avast in the morning to correct these apparent false positives. . . unless this is "for real" then I will consider other reactions.  :-[
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Asyn on February 22, 2017, 07:27:32 AM
-> https://forum.avast.com/index.php?topic=197572.0
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: allenergy11 on February 22, 2017, 07:53:58 AM
How do I get all these files RESTORED to their original location from the Virus Chest?   The scan put tons of files in the Chest after finding the VBS:  Malware Gen which is a false postiive Avast glitch! 

Please give clear instructions.  Thank you so much! 
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: bratsche on February 22, 2017, 09:34:20 AM
Me too. Sierra 10.12.3. I did several more scans after the first terrifying one that identified about 90 infected files; I haven't deleted anything, only put them in the chest, but it started out with about 90 and decreased to 9 files each of the last 2 times. A Malwarebytes scan in the middle of all that turned up nothing. I just now got an Avast update, am running another scan, and so far it's not flagging anything.

But what now? What do I need to do with all the files that got moved into the Virus Chest?
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Eddy on February 22, 2017, 09:38:12 AM
https://forum.avast.com/index.php?topic=197620.msg1371153#msg1371153

To restore the files :
- Make sure you have the latest VPS update (with the fix)
- Place the files back from the chest
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Nate123 on February 22, 2017, 09:45:29 AM
How do i get the latest VPS? I tried updating virus definitions through avast and it didn't work?

So just open the chest and restore everything that was put in there today? Doesn't it automatically delete things it can't move?

Thanks for the help.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Eddy on February 22, 2017, 09:51:41 AM
Quote
How do i get the latest VPS?
Wait till avast has released the new VPS version then simply update it.
Quote
So just open the chest and restore everything that was put in there today?
Only those things that are detected as VBS:Mal-gen need to be restored.
If things are deleted because they (for whatever reason) couldn't be placed in the chest, install the application again (or if it has that option, perform a repair of the application)

If data (documents and such) are deleted, either restore them from the chest or retrieve them through recent backup.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Nate123 on February 22, 2017, 09:55:46 AM
When restoring items from chest I received this error.

The file already exists.

Should I overwrite, skip, overwrite all, skip all, cancel?
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Qtmoth on February 22, 2017, 09:58:56 AM
Like others I'm waiting for instructions on how to restore files in the Virus Chest.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Eddy on February 22, 2017, 10:00:39 AM
https://www.avast.com/faq.php?article=AVKB21
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Nate123 on February 22, 2017, 10:05:43 AM
After you restore items from the virus chest do they continue to show up in there?

I tried to restore all 3k-ish files and used overwrite all, windows 10 asked me if i wanted to let avast makes changes to my system, i said yes.

All files are still showing as being in virus chest.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Nihojep on February 22, 2017, 12:43:49 PM
I deleted about 500 files or so... Like I actually pressed delete, not virus chest. I was just scared about what the hell might have happened, so I wanted it all gone... But it seems like it was 500 perfectly good files now? And maybe crucial files for programs?

Any solution advice to getting these files back?
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Eddy on February 22, 2017, 12:49:30 PM
If everything is working as it should, not action is needed.

If you get something like e.g :
- file is missing
- application that is giving a errror

restore the file(s) from the virus chest.

If that is not possible for whatever reason, some options are (not limited to) :
- install the application again
- place a backup of the files back
- run sfc
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: .: Mac :. on February 22, 2017, 01:24:48 PM
I deleted about 500 files or so... Like I actually pressed delete, not virus chest. I was just scared about what the hell might have happened, so I wanted it all gone... But it seems like it was 500 perfectly good files now? And maybe crucial files for programs?

Any solution advice to getting these files back?

You can run some recovery tool if needed, but likely easier to reinstall the applications that give an error on startup of missing files
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: Nihojep on February 22, 2017, 01:56:44 PM
I deleted about 500 files or so... Like I actually pressed delete, not virus chest. I was just scared about what the hell might have happened, so I wanted it all gone... But it seems like it was 500 perfectly good files now? And maybe crucial files for programs?

Any solution advice to getting these files back?

You can run some recovery tool if needed, but likely easier to reinstall the applications that give an error on startup of missing files

Do you have suggestions for a good Data Recovery Tool?
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: lukas.hasik on February 22, 2017, 04:05:35 PM
https://www.avast.com/faq.php?article=AVKB21

Eddy, this is "recovery" for Windows products.

For Mac AV it looks like at attached image.
Title: Re: macOS Sierra - Detected VBS:Malware-gen [Need Help]
Post by: bratsche on February 22, 2017, 05:38:33 PM
Can I safely delete those files which can't be removed from the chest because attempting to do so results in an error message ending in "file exists?" The descriptions of all these files either begin with "System" or "Spotlight."