Author Topic: Pwnet-L  (Read 3853 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Pwnet-L
« on: July 15, 2018, 09:39:59 PM »
So I did a scan of my Mac today and something really weird showed up that I can't find any info on online.

MacOS:Pwnet-L (Trj) that was apparently found in /Applications/Backup and Sync.app/Contents/Helpers/Google Drive Icon Helper?

What is this? I assume it's a trojan but how did it get on my computer? I haven't installed anything since my last scan in June and Backup and sync was installed in may (but I don't remember installing it)

What could it have been doing with my computer? Should I remove Backup and sync???

I removed the trojan itself from my computer but I am really confused. Should I be worried?

Any help is appreciated!

REDACTED

  • Guest
Re: Pwnet-L
« Reply #1 on: July 16, 2018, 11:14:15 AM »
I'm getting that too. I downloaded a fresh InstallBackupAndSync.dmg from Google and it's also flagging malware. My money is on this being a false positive. On another note, I'm having a bitch of a time getting past the CAPTCHA that will allow me to post this reply.

Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 937
  • Product manager of Avast Security for Windows
Re: Pwnet-L
« Reply #2 on: July 16, 2018, 06:49:07 PM »
I tried to check with VirusTotal - and it reports it as clean - https://www.virustotal.com/#/file/c857228cf860221c65844b01cb633c54ebf97125284930d9263a4824b04dd6b5/detection
Would you mind to report as FP if it's still happening? - https://support.avast.com/en-ww/article/Use-Mac-Security-Virus-Chest
Quality is also a feature.

Offline wmrandallAtAvast

  • Newbie
  • *
  • Posts: 4
Re: Pwnet-L
« Reply #3 on: July 16, 2018, 10:05:18 PM »
Infection: MacOS:Pwnet-L [Trj] found in package contents file: /Application/Backup and Sync.app/Contents/Helpers/Google Drive Icon Helper. This date: Jul 14, 2018.
No information from Google. The Backup and Sync.app is a replacement for the Google Drive app, and was downloaded in Googles latest update through this Process: /Library/Google/GoogleSoftwareUpdates.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/
Avast put it into its chest.

This virus is part of a bigger issue with Google's replacing Google Drive with Backup and Sync.app
See https://forum.kaspersky.com/index.php?/topic/389674-how-to-exclude-google-drive-file-stream-from-scan/&page=3
 for example, of other impacts of what may be a deeper problem.  Has anyone seen an impact on MacOS operation?
« Last Edit: July 16, 2018, 10:35:53 PM by wmrandall2 »

Offline wmrandallAtAvast

  • Newbie
  • *
  • Posts: 4
Re: Pwnet-L
« Reply #4 on: July 16, 2018, 11:26:14 PM »
In addition, this is the report of "No Engine Finds this file" from VIRUSTOTAL for the specific file that Avast puts into its Chest:

https://www.virustotal.com/#/file/b31558cedd582e520f21e5d4d32a4b3c9ae26e206c66bf6141fa8ed3dff043a7/detection

The file "10C86BD8" is the file from my installation of Google Icon Helper that Avast moved to its Chest.

Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 937
  • Product manager of Avast Security for Windows
Re: Pwnet-L
« Reply #5 on: July 17, 2018, 12:20:47 AM »
send us the file from Virus Chest please.
And what is your virus definition version? It looks like a FP that may have been fixed already.
Quality is also a feature.

REDACTED

  • Guest
Re: Pwnet-L
« Reply #6 on: July 17, 2018, 08:04:41 AM »
This is a bit confusing, in other posts by Avast, this is considered a false positive.
My macbook shows 6 infections (including 2 timemachine copies) and has been scanning now for 25 hours and has been on 99% for the last 18 hours, still actively scanning. I run a fresh version of Avast, only bought it 2 days ago.

If its a FP, I would appreciate a heads-up and continue with normal life on this machine....

Thanks for any support.

BTW, the captcha is at times indeed above challenging

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Pwnet-L
« Reply #7 on: July 17, 2018, 08:16:16 AM »
BTW, the captcha is at times indeed above challenging
Captcha is only needed for your first 3 posts. (Spam protection)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline lukas.hasik

  • Avast team
  • Advanced Poster
  • *
  • Posts: 937
  • Product manager of Avast Security for Windows
Re: Pwnet-L
« Reply #8 on: July 17, 2018, 11:42:32 AM »
well, if it has been considered as FP by our ThreatLabs guys then it should be fixed within hours after announcement. Your virus definitions should update automatically.

This is a bit confusing, in other posts by Avast, this is considered a false positive.
My macbook shows 6 infections (including 2 timemachine copies) and has been scanning now for 25 hours and has been on 99% for the last 18 hours, still actively scanning. I run a fresh version of Avast, only bought it 2 days ago.

If its a FP, I would appreciate a heads-up and continue with normal life on this machine....

Thanks for any support.

BTW, the captcha is at times indeed above challenging
Quality is also a feature.