Author Topic: False Positives - ELF:MiraiDownloader-OG [Drp]  (Read 5846 times)

0 Members and 1 Guest are viewing this topic.

Offline marthacolli

  • Newbie
  • *
  • Posts: 1
Re: False Positives - ELF:MiraiDownloader-OG [Drp]
« Reply #15 on: November 16, 2022, 01:07:58 AM »
I have/had? the same problem two days ago and again yesterday after running several deep scans with the scan for tools option checked.  If you look at one of the files that is reported as infected (dyld_shared_cache_arm64e), it seems whatever it was overwrote an original and named it arm64e1.  But if you note the creation date of the newer file then look for any apps installed/updated on that same date you may notice a whole host of Apple apps with that exact same time stamp.  None of the many other apps I installed had that particular time stamp so I'm putting it down to Apple updating some system file/s while also updating their apps at the same time or should that be whenever they downloaded to my mac.  If it's resolved that is great to hear! I'll run another deep scan to see if I come up with the same result you guys got!

Offline markebeast

  • Newbie
  • *
  • Posts: 1
Re: False Positives - ELF:MiraiDownloader-OG [Drp]
« Reply #16 on: February 17, 2023, 08:40:40 AM »
I am having the same problem, as every scan I make I get either 1 or 3 of these alerts. They get resolved and if I run another scan, it shows up again.  vidmate 2014 mobdro app
« Last Edit: February 22, 2023, 01:24:46 PM by markebeast »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33746
  • malware fighter
Re: False Positives - ELF:MiraiDownloader-OG [Drp]
« Reply #17 on: February 20, 2023, 06:43:41 PM »
Do you recognize anything with these endings conmnecting lately?
Look here:
Mirai-all-sorts: https://urlhaus.abuse.ch/browse.php?search=Mirai

Also probably AVG detections/FP's involved here as well:
https://support.avg.com/answers?id=9065p000000kF91AAE

And the coarse reply here on Apple's discussions: https://discussions.apple.com/thread/254371312?page=2

We have seen posts like this from just about every A/V product over the years where users panic when they see these false positives.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!