Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: REDACTED on July 15, 2018, 09:39:59 PM
-
So I did a scan of my Mac today and something really weird showed up that I can't find any info on online.
MacOS:Pwnet-L (Trj) that was apparently found in /Applications/Backup and Sync.app/Contents/Helpers/Google Drive Icon Helper?
What is this? I assume it's a trojan but how did it get on my computer? I haven't installed anything since my last scan in June and Backup and sync was installed in may (but I don't remember installing it)
What could it have been doing with my computer? Should I remove Backup and sync???
I removed the trojan itself from my computer but I am really confused. Should I be worried?
Any help is appreciated!
-
I'm getting that too. I downloaded a fresh InstallBackupAndSync.dmg from Google and it's also flagging malware. My money is on this being a false positive. On another note, I'm having a bitch of a time getting past the CAPTCHA that will allow me to post this reply.
-
I tried to check with VirusTotal - and it reports it as clean - https://www.virustotal.com/#/file/c857228cf860221c65844b01cb633c54ebf97125284930d9263a4824b04dd6b5/detection
Would you mind to report as FP if it's still happening? - https://support.avast.com/en-ww/article/Use-Mac-Security-Virus-Chest
-
Infection: MacOS:Pwnet-L [Trj] found in package contents file: /Application/Backup and Sync.app/Contents/Helpers/Google Drive Icon Helper. This date: Jul 14, 2018.
No information from Google. The Backup and Sync.app is a replacement for the Google Drive app, and was downloaded in Googles latest update through this Process: /Library/Google/GoogleSoftwareUpdates.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/
Avast put it into its chest.
This virus is part of a bigger issue with Google's replacing Google Drive with Backup and Sync.app
See https://forum.kaspersky.com/index.php?/topic/389674-how-to-exclude-google-drive-file-stream-from-scan/&page=3
for example, of other impacts of what may be a deeper problem. Has anyone seen an impact on MacOS operation?
-
In addition, this is the report of "No Engine Finds this file" from VIRUSTOTAL for the specific file that Avast puts into its Chest:
https://www.virustotal.com/#/file/b31558cedd582e520f21e5d4d32a4b3c9ae26e206c66bf6141fa8ed3dff043a7/detection
The file "10C86BD8" is the file from my installation of Google Icon Helper that Avast moved to its Chest.
-
send us the file from Virus Chest please.
And what is your virus definition version? It looks like a FP that may have been fixed already.
-
This is a bit confusing, in other posts by Avast, this is considered a false positive.
My macbook shows 6 infections (including 2 timemachine copies) and has been scanning now for 25 hours and has been on 99% for the last 18 hours, still actively scanning. I run a fresh version of Avast, only bought it 2 days ago.
If its a FP, I would appreciate a heads-up and continue with normal life on this machine....
Thanks for any support.
BTW, the captcha is at times indeed above challenging
-
BTW, the captcha is at times indeed above challenging
Captcha is only needed for your first 3 posts. (Spam protection)
-
well, if it has been considered as FP by our ThreatLabs guys then it should be fixed within hours after announcement. Your virus definitions should update automatically.
This is a bit confusing, in other posts by Avast, this is considered a false positive.
My macbook shows 6 infections (including 2 timemachine copies) and has been scanning now for 25 hours and has been on 99% for the last 18 hours, still actively scanning. I run a fresh version of Avast, only bought it 2 days ago.
If its a FP, I would appreciate a heads-up and continue with normal life on this machine....
Thanks for any support.
BTW, the captcha is at times indeed above challenging