False Positives - ELF:MiraiDownloader-OG [Drp]

[AvastUser_0]

My avast seemed to have updated when i opened the program at 4:30 today as my last scan at midnight came up with nothing. After doing a deep scan I have a threat ELF:MiraiDownloader-OG [Drp]. I'm not able to describe where it says the infected path is other than it is /private/var/db/uuidtext/dsc/A9EB0E63BFA0348AAB0E09181597B.

I ran a scan on two of my other macs and I am getting the same thing however these two have 3 threats showing up with simular file paths in addition to /system/library/dyld_shared_Chache-arm64e.

I'm more than positive that it is a false Positive as I haven't used two of the computers in almost a week and I always scan frequently. Has any one else had this happen after updating?

[Avast User]

I am unsure if it is false positive but am experiencing the same phenomenon.

[ItsTony]

Did a scan this morning and I'm finding the same three threats. They only show up when I do a deep scan, though. Smart scan shows "no threats found."

[ny-230]

I am finding a similar detection of the same malware/virus on two different MacBook Air M1 Apple silicon computers, one running Monterey 12.6 and one running Monterey 12.6.1, except that for me it is in SIP protected file that online forums say is necessary for the macOS:

dyld_shared_cache_arm64e

in this directory:

/System/Library/dyld/


The full path is:    /System/Library/dyld/dyld_shared_cache_arm64e

The file dyld_shared_cache_arm64e has a different creation date on 12.6.1 than 12.6 after a system update.

That file is 1.5GB and too large to upload to online scanners but I used Terminal to split the file into maximum 600MB segments, and scanned each segment on VirusTotal and no threats detected. I then split the file into 637MB segments (in case a virus was just at the "edge" of the split) - same, no detection. So my assumption is this is a false positive. I am using free Mac Avast Security so no way to report this to Avast except posting here.

[Nerdox]

My avast seemed to have updated when i opened the program at 4:30 today as my last scan at midnight came up with nothing. After doing a deep scan I have a threat ELF:MiraiDownloader-OG [Drp]. I'm not able to describe where it says the infected path is other than it is /private/var/db/uuidtext/dsc/A9EB0E63BFA0348AAB0E09181597B.

I ran a scan on two of my other macs and I am getting the same thing however these two have 3 threats showing up with simular file paths in addition to /system/library/dyld_shared_Chache-arm64e.

I'm more than positive that it is a false Positive as I haven't used two of the computers in almost a week and I always scan frequently. Has any one else had this happen after updating?

Same results today. Upon research the files/folder are part of MacOS Rapid Respond and Encryption.
It seems a false positive, hope some experts confirm.

[polonus]

Further discussion here:
https://discussions.apple.com/thread/254371312

polonus

[ana_mc05]

I am having the same problem, as every scan I make I get either 1 or 3 of these alerts. They get resolved and if I run another scan, it shows up again. From that Apple thread, I got that Avast should be uninstalled? Is that the solution here?

[lokelani53]

Also just got the same threat showing upon doing deep scan today - three files were identified and resolution by moving to quarantine was successful for two - but the third could not be moved to quarantine and indicated perhaps file was protected.  Location of that one showing as others report: dyld_shared_cache_arm64e

Am not using a free AVAST so will try to report for checking as false positive.

Update Nov 14: While I haven't yet had a response from AVAST, the situation appears to have been resolved as virus definitions were updated.  Just ran a deep scan and no threats detected.

[koki2]

I am in the same situation. It's an M1 macbook pro.

Maybe it's a false positive limited to the M1macbook pro?

[AvastUser_0]

I am in the same situation. It's an M1 macbook pro.

Maybe it's a false positive limited to the M1macbook pro?

It happened on my old Intel Macbook as well. However that only got 1 report and the M1's got 3

[AvastUser_0]

Update: It looks like this issue has been fixed

I updated and scanned on all 3 mac's and no results were found

[ItsTony]

Resolved for me too.

[ondrej.kolacek]

Thank you for the reports, it should already be fixed.
It is however usually better to use
https://www.avast.com/false-positive-file-form.php#mac
than the forums, the response is significantly faster.
Kind regards,

[JacekCH]

Hello Ondrej,

That's only thanks to that forum I found the solution for the same problem I have had on my Mac.

Best regards

[ondrej.kolacek]

Hello Ondrej,

That's only thanks to that forum I found the solution for the same problem I have had on my Mac.

Best regards

Hello,
while the forum is a great way for the people to get to know about various issues, the thing is that if a false positive is reported properly, it is usually fixed within minutes, while forums are mostly managed by volunteers and are not closely watched most of the time.
Kind regards,
Ondrej Kolacek