Today's Best Tech Deals
Mark Barner (aka Arnold Schwarzenegger voice-over-jokester!) is guiding you to uninstalling Avast completely from you Mac / iMac / MacBook Pro or Mac Pro.
Picked by Macworld's Editors
Top Deals On Great Products
- Download Avast Free Antivirus offline installer for PC and anti-spyware protection for your PC, Mac and Android from FileHorse now. The newest version of the most-trusted security in the world is ready, and it’s completely free.
- Comprehensive fansite about Avast Antivirus 2018 – the World's most popular antivirus. Useful tips & tricks, latest news, free downloads, license keys, activation codes, support, comparison reviews, and much more.All content is focused on the latest 2018 version.
Picked by Techconnect's Editors
Avast Security Pro for Mac
Learn moreAvast Free Mac Security
Learn more
The big friendly “You Are Protected” green checkmark on Avast Security Pro’s home screen is certainly a plausible statement. The software is a rare breath of fresh air in a sea of anti-virus products that haven’t worked hard enough to keep up to date with current threats, or haven’t updated the interface to meet modern expectations of presentation and usability.
Avast is danged good at catching malware. AV Comparables says Avast detected 99.9 percent of macOS malware and 100 percent of Windows malware. In spot testing, the app did splendidly. Immediately on decompression of macOS malware from an encrypted archive, Avast detected it, deleted it, and notified me. It did as well with malicious files on the web, though it didn’t detect some items at the WICAR test site that require active local components to be dangerous. Siccing it on drives loaded with other anti-virus products, Avast found test malware I’d downloaded that had wound up in cached files that the anti-virus software on those volumes missed.
Note: This review is part of our best antivirus roundup. Go there for details about competing products and how we tested them.
Avast’s browser component, Web Shield, doesn’t seem to rely on plug-ins (there are none to configure), but uses the program’s kernel extension to check at a low level. It can be managed from the Avast app, and settings apply to all browsers.
If you’re interested in ransomware monitoring, you need to buy the Pro version ($59.99 for one year/one Mac; $69.99 for one year/three Macs; $99.99 for one year/10 Macs), which relies on folder-based ransomware monitoring. It marks the user Documents and Pictures folders as protected by default, and you can add more folders. By default, Avast allows any Apple and App Store apps to manipulate items in those folders, although you can disable those options. Any other app that tries to modify or delete anything in the shielded folders is blocked, giving you an option to whitelist it.
This is an effective way to protect most users’ critical files, but we prefer Sophos’s active monitoring approach, which looks for patterns of behavior and keeps files from being deleted than one that requires anointing folders. Still, it worked well in testing, and most users keep their most precious documents in a few locations. (Avast could expand the list to include a few more locations by default, too.)
Outside of core anti-virus features, the Pro version also offers a Wi-Fi Inspector. This is unique among anti-virus software we tested, and it looks for devices on a network engaged in malicious behavior. Other anti-virus software packaged with network monitors either whitelist local network activity, or treat it the same as any malicious Internet attacks. This seems aimed at helping users understand if they’ve joined a network, such as at a coffeeshop, that has compromised or attacking devices on it.
Facebook Video Virus Fix
One negative is the soft but distinct upsell of Avast, which is sensible in its Free version, but not necessarily in a Pro. A Tools item on the lefthand navigation bar mostly displays other available products, like VPN service. A one-time message at installation might be acceptable, but mingling features and items for sale is too heavy-handed in a security product.
While you can create an account at Avast Software, it’s optional. Once created, you can use it to add machines to log in from the software for a computer to join the account. Unfortunately, the account provides no remote mangement or configuration, just reporting.
Bottom line
If you’re looking for a free anti-virus program, Avast is the best choice, edging out Sophos by providing more parity between free and paid version.
While we gave Sophos Home Premium and Avast Security Pro the same 4.5 mice rating, Sophos has a slight edge. The combination of active ransomware scanning makes it somewhat more superior to the folder-based method in Avast, while central configuration and remote control in Sophos can help for a disparate set of family or small-business users. We like Avast’s unique Wi-Fi threat detection, and its native app interface, where Sophos leans heavily on the cloud.
Version 13.4
Avast Security Pro for Mac
Learn moreAvast Free Mac Security
Learn more
Yesterday I ran a full system scan using my Avast antivirus software and it found a infection file. The file's location is :
Avast categorizes the infection file as :
So, after deleting the file I did several more full system scans to check to see if there were any more files. I found nothing, until I restarted my macbook pro today. The file reappeared in the same location. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. Therefore the virus is re-creating the file every restart of the laptop.
I want to avoid wiping the laptop and re-installing everything, so that is why I am here. I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. I've been monitoring my CPU usage, Memory, and Network and I haven't seen a single odd process running. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data. So if something is mining in the background, I can't tell at all. I have no clue what to do.
My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1). So I have no clue where this has came from to be honest and I have no clue how to get rid of it. Can someone please help me out.
I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.
JakeGould1 Answer
Pretty sure there is no virus, malware or trojan at play and his is all a highly coincidental false positive.
It’s most likely a false positive since /var/db/uuidtext/
is related to the new “Unified Logging” subsystem that was introduced in macOS Sierra (10.2). As this article explains:
The first file path (/var/db/diagnostics/
) contains the log files. These files are named with a timestamp filename following the pattern logdata.Persistent.YYYYMMDDTHHMMSS.tracev3
. These files are binary files that we’ll have to use a new utility on macOS to parse them. This directory contains some other files as well including additional log *.tracev3 files and others that contain logging metadata. The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.
But in your case the “magic” seems to come from the hash:
Just check out this reference for known Windows malware files that references that one specific hash. Congratulations! Your Mac has magically created a filename that matches a known vector that has been primarily seen on Windows systems… But you are on a Mac and this filename is just a hash that is connected to the “Unified Logging” database system’s file structure and it is completely coincidental that it matches that malware filename and should not mean anything.
And the reason that specific file seems to regenerate is based on this detail from the above explanation:
The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.
So you delete the file in /var/db/uuidtext/
, but all it is is a reference to what is in /var/db/diagnostics/
. So when you reboot, it sees it is missing and recreates it in /var/db/uuidtext/
.
As for what to do now? Well, you can either tolerate the Avast alerts or you can download a cache cleaning tool such as Onyx and just force the logs to be recreated by truly purging them from your system; not just that one BC8EE8D09234D99DD8B85A99E46C64
file. Hopefully the hash names of the files it regenerates after a full cleaning won’t accidentally match a known malware file again.
UPDATE 1: It seems like Avast staff acknowledges the issue in this post on their forums:
I can confirm this is a false positive. The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections.
Best Mac Virus Protection
Now what is really odd about this statement is the phrase, “…MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner.”
What? Is this implying that someone on the core macOS software development team at Apple somehow “accidentally” setup the system so it generates neutered fragments of a known malicious cryptocurrency miner? Has anyone contacted Apple directly about this? This all seems a bit crazy.
UPDATE 2: This issue is further explained by someone Radek Brich the Avast forums as simply Avast self-identifying itself:
Hello, I'll just add a bit more information.
The file is created by MacOS system, it's actually part of 'cpu usage' diagnostic report. The report is created because Avast uses the CPU heavily during the scan.
The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The content of the file is debugging information extracted from the library. Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.
(The 'rude' texts are probably just names of malware.)
JakeGouldJakeGouldprotected by Community♦Nov 26 '17 at 20:07
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?