Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: AvastUser_0 on November 12, 2022, 10:35:13 PM
-
My avast seemed to have updated when i opened the program at 4:30 today as my last scan at midnight came up with nothing. After doing a deep scan I have a threat ELF:MiraiDownloader-OG [Drp]. I'm not able to describe where it says the infected path is other than it is /private/var/db/uuidtext/dsc/A9EB0E63BFA0348AAB0E09181597B.
I ran a scan on two of my other macs and I am getting the same thing however these two have 3 threats showing up with simular file paths in addition to /system/library/dyld_shared_Chache-arm64e.
I'm more than positive that it is a false Positive as I haven't used two of the computers in almost a week and I always scan frequently. Has any one else had this happen after updating?
-
I am unsure if it is false positive but am experiencing the same phenomenon.
-
Did a scan this morning and I'm finding the same three threats. They only show up when I do a deep scan, though. Smart scan shows "no threats found."
-
I am finding a similar detection of the same malware/virus on two different MacBook Air M1 Apple silicon computers, one running Monterey 12.6 and one running Monterey 12.6.1, except that for me it is in SIP protected file that online forums say is necessary for the macOS:
dyld_shared_cache_arm64e
in this directory:
/System/Library/dyld/
The full path is: /System/Library/dyld/dyld_shared_cache_arm64e
The file dyld_shared_cache_arm64e has a different creation date on 12.6.1 than 12.6 after a system update.
That file is 1.5GB and too large to upload to online scanners but I used Terminal to split the file into maximum 600MB segments, and scanned each segment on VirusTotal and no threats detected. I then split the file into 637MB segments (in case a virus was just at the "edge" of the split) - same, no detection. So my assumption is this is a false positive. I am using free Mac Avast Security so no way to report this to Avast except posting here.
-
My avast seemed to have updated when i opened the program at 4:30 today as my last scan at midnight came up with nothing. After doing a deep scan I have a threat ELF:MiraiDownloader-OG [Drp]. I'm not able to describe where it says the infected path is other than it is /private/var/db/uuidtext/dsc/A9EB0E63BFA0348AAB0E09181597B.
I ran a scan on two of my other macs and I am getting the same thing however these two have 3 threats showing up with simular file paths in addition to /system/library/dyld_shared_Chache-arm64e.
I'm more than positive that it is a false Positive as I haven't used two of the computers in almost a week and I always scan frequently. Has any one else had this happen after updating?
Same results today. Upon research the files/folder are part of MacOS Rapid Respond and Encryption.
It seems a false positive, hope some experts confirm.
-
Further discussion here:
https://discussions.apple.com/thread/254371312
polonus
-
I am having the same problem, as every scan I make I get either 1 or 3 of these alerts. They get resolved and if I run another scan, it shows up again. From that Apple thread, I got that Avast should be uninstalled? Is that the solution here?
-
Also just got the same threat showing upon doing deep scan today - three files were identified and resolution by moving to quarantine was successful for two - but the third could not be moved to quarantine and indicated perhaps file was protected. Location of that one showing as others report: dyld_shared_cache_arm64e
Am not using a free AVAST so will try to report for checking as false positive.
Update Nov 14: While I haven't yet had a response from AVAST, the situation appears to have been resolved as virus definitions were updated. Just ran a deep scan and no threats detected.
-
I am in the same situation. It's an M1 macbook pro.
Maybe it's a false positive limited to the M1macbook pro?
-
I am in the same situation. It's an M1 macbook pro.
Maybe it's a false positive limited to the M1macbook pro?
It happened on my old Intel Macbook as well. However that only got 1 report and the M1's got 3
-
Update: It looks like this issue has been fixed
I updated and scanned on all 3 mac's and no results were found
-
Resolved for me too.
-
Thank you for the reports, it should already be fixed.
It is however usually better to use
https://www.avast.com/false-positive-file-form.php#mac
than the forums, the response is significantly faster.
Kind regards,
-
Hello Ondrej,
That's only thanks to that forum I found the solution for the same problem I have had on my Mac.
Best regards
-
Hello Ondrej,
That's only thanks to that forum I found the solution for the same problem I have had on my Mac.
Best regards
Hello,
while the forum is a great way for the people to get to know about various issues, the thing is that if a false positive is reported properly, it is usually fixed within minutes, while forums are mostly managed by volunteers and are not closely watched most of the time.
Kind regards,
Ondrej Kolacek
-
I have/had? the same problem two days ago and again yesterday after running several deep scans with the scan for tools option checked. If you look at one of the files that is reported as infected (dyld_shared_cache_arm64e), it seems whatever it was overwrote an original and named it arm64e1. But if you note the creation date of the newer file then look for any apps installed/updated on that same date you may notice a whole host of Apple apps with that exact same time stamp. None of the many other apps I installed had that particular time stamp so I'm putting it down to Apple updating some system file/s while also updating their apps at the same time or should that be whenever they downloaded to my mac. If it's resolved that is great to hear! I'll run another deep scan to see if I come up with the same result you guys got!
-
I am having the same problem, as every scan I make I get either 1 or 3 of these alerts. They get resolved and if I run another scan, it shows up again. vidmate 2014 (http://"https://get-vidmateapp.com/vidmate-2014-download-dl/") mobdro app (http://"https://get-mobdroapk.com")
-
Do you recognize anything with these endings conmnecting lately?
Look here:
Mirai-all-sorts: https://urlhaus.abuse.ch/browse.php?search=Mirai
Also probably AVG detections/FP's involved here as well:
https://support.avg.com/answers?id=9065p000000kF91AAE
And the coarse reply here on Apple's discussions: https://discussions.apple.com/thread/254371312?page=2
We have seen posts like this from just about every A/V product over the years where users panic when they see these false positives.
polonus