How Do I Inspect The Chest In Avast For Mac

  

To check which version of Avast Security is installed on your Mac, click the Avast Menu bar icon and select Show program info. A popup displays your Program version and Virus definitions. How do I exclude files or websites from scanning by Avast shields? Do you suspect your computer has a virus? This tutorial shows you what to do it Avast detects a virus and puts it in the Virus Chest. Need help with something? Free Antivirus 2018 License key + Activation Code For [ Windows + MAC ] services and products Avast! Free Antivirus 2018 License key + Activation Code For [ Windows + MAC ] is a household that of security applications developed by Avast Software for Microsoft Windows, macOS, Android, and iOS.

The Virus Chest is a safe place in Avast Antivirus for storing potentially harmful files and completely isolating them from the rest of your operating system. Files inside the Virus Chest cannot be accessed or run by any outside processes, software applications, or viruses.

Access the Virus Chest

Access Virus Chest in one of the following ways:

  • Open the Avast user interface, then go to ProtectionVirus Chest.
  • Right-click the Avast icon in your system tray and select Virus Chest.

Move files to the Virus Chest

Avast Antivirus automatically moves malicious files to the Virus Chest if they cannot be repaired. You can customize the default actions in the individual settings for each antivirus scan or shield. For more information, refer to the following articles:

Inspect

To add files to the Virus Chest from the Virus Chest feature screen:

  1. From the Virus Chest screen, click Add File....
  2. Locate the file you want to move to the Virus Chest ('sample.exe' in the example below) and click Open.
  3. The file now appears in the Virus Chest and can be sent for analysis.

Restore files from the Virus Chest

Restoring files from the Virus Chest poses a high security risk. This action requires advanced user knowledge and is only intended for specific situations (for example, if a critical system file is moved to the Virus Chest).

To return a file to its original location:

This option will restore the file to its original location on your PC. We recommend using this option only if the file is safe from malware.

  1. Tick the box next to the relevant file in Virus Chest.
  2. Click the icon (three dots) next to the Delete button and select Restore from the context menu.
  3. Click Close in the confirmation dialog that appears.

To return a file to its original location and add to exceptions:

This option will restore the file to its original location, and will add an exception to your exceptions list. All exceptions in the list are excluded from all Avast scans and shields.

  1. Tick the box next to the relevant file in Virus Chest.
  2. Click the icon (three dots) next to the Delete button and select Restore and add exception from the context menu.
  3. Click Close in the confirmation dialog that appears.
To check that a restored file is saved as an exception, go to MenuSettingsGeneralExceptions.

Submit files from the Virus Chest to the Avast Threat Labs

Before restoring files to their original locations, it's important to be sure they are clean. To ensure your PC stays protected, send files to the Avast Threat Labs for further analysis. We recommend sending the following file types:

  • Potential malware: files that Avast has not flagged as malware, but you believe may be malicious.
  • False positive: files that Avast has identified as malware, but you believe may be clean.
  1. Tick the box next to the relevant file in Virus Chest.
  2. Click the icon (three dots) next to the Delete button and select Send for analysis from the context menu.
  3. In the form that appears, tick the relevant box and provide any details related to your issue, then click Send.
  4. Click Close in the confirmation dialog that appears.

Delete files from the Virus Chest

This action permanently deletes files from your PC and cannot be undone.

How Do I Inspect The Chest In Avast For Mac Review

  1. Tick the box next to the relevant file in Virus Chest.
  2. Click the Delete button at the bottom of the Virus Chest screen.
  3. Click Delete in the confirmation dialog that appears.

Manage Virus Chest settings

By default, the Virus Chest is allocated a maximum space of 5120 MB, but can be changed in Virus Chest settings. To configure Virus Chest space allocation:

  1. Open the Avast user interface.
  2. Go to MenuSettings.
  3. Click ProtectionVirus Chest.
  4. Click into the text box and redefine the maximum size of your Virus Chest.

The Virus Chest space allocation is now configured.

  • Avast Premium Security 19.x
  • Avast Free Antivirus 19.x
  • Avast Omni 1.x
  • Avast Premier 19.x
  • Avast Internet Security 19.x
  • Avast Pro Antivirus 19.x
  • Microsoft Windows 10 Home / Pro / Enterprise / Education - 32 / 64-bit
  • Microsoft Windows 8.1 / Pro / Enterprise - 32 / 64-bit
  • Microsoft Windows 8 / Pro / Enterprise - 32 / 64-bit
  • Microsoft Windows 7 Home Basic / Home Premium / Professional / Enterprise / Ultimate - Service Pack 1, 32 / 64-bit
Active1 year, 8 months ago

Yesterday I ran a full system scan using my Avast antivirus software and it found a infection file. The file's location is :

Avast categorizes the infection file as :

How Do I Inspect The Chest In Avast For Macbook

So, after deleting the file I did several more full system scans to check to see if there were any more files. I found nothing, until I restarted my macbook pro today. The file reappeared in the same location. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. Therefore the virus is re-creating the file every restart of the laptop.

I want to avoid wiping the laptop and re-installing everything, so that is why I am here. I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. I've been monitoring my CPU usage, Memory, and Network and I haven't seen a single odd process running. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data. So if something is mining in the background, I can't tell at all. I have no clue what to do.

My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1). So I have no clue where this has came from to be honest and I have no clue how to get rid of it. Can someone please help me out.

I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.

How do i inspect the chest in avast for macbookJakeGould
35k10 gold badges109 silver badges151 bronze badges
Lonely TwinkyLonely Twinky

1 Answer

Inspect The Chest And Back

Pretty sure there is no virus, malware or trojan at play and his is all a highly coincidental false positive.

It’s most likely a false positive since /var/db/uuidtext/ is related to the new “Unified Logging” subsystem that was introduced in macOS Sierra (10.2). As this article explains:

The first file path (/var/db/diagnostics/) contains the log files. These files are named with a timestamp filename following the pattern logdata.Persistent.YYYYMMDDTHHMMSS.tracev3. These files are binary files that we’ll have to use a new utility on macOS to parse them. This directory contains some other files as well including additional log *.tracev3 files and others that contain logging metadata. The second file path (/var/db/uuidtext/) contains files that are references in the main *.tracev3 log files.

But in your case the “magic” seems to come from the hash:

Just check out this reference for known Windows malware files that references that one specific hash. Congratulations! Your Mac has magically created a filename that matches a known vector that has been primarily seen on Windows systems… But you are on a Mac and this filename is just a hash that is connected to the “Unified Logging” database system’s file structure and it is completely coincidental that it matches that malware filename and should not mean anything.

And the reason that specific file seems to regenerate is based on this detail from the above explanation:

The second file path (/var/db/uuidtext/) contains files that are references in the main *.tracev3 log files.

How Do I Inspect The Chest In Avast For Mac

So you delete the file in /var/db/uuidtext/, but all it is is a reference to what is in /var/db/diagnostics/. So when you reboot, it sees it is missing and recreates it in /var/db/uuidtext/.

As for what to do now? Well, you can either tolerate the Avast alerts or you can download a cache cleaning tool such as Onyx and just force the logs to be recreated by truly purging them from your system; not just that one BC8EE8D09234D99DD8B85A99E46C64 file. Hopefully the hash names of the files it regenerates after a full cleaning won’t accidentally match a known malware file again.

UPDATE 1: It seems like Avast staff acknowledges the issue in this post on their forums:

I can confirm this is a false positive. The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections.

Now what is really odd about this statement is the phrase, “…MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner.

What? Is this implying that someone on the core macOS software development team at Apple somehow “accidentally” setup the system so it generates neutered fragments of a known malicious cryptocurrency miner? Has anyone contacted Apple directly about this? This all seems a bit crazy.

UPDATE 2: This issue is further explained by someone Radek Brich the Avast forums as simply Avast self-identifying itself:

Hello, I'll just add a bit more information.

The file is created by MacOS system, it's actually part of 'cpu usage' diagnostic report. The report is created because Avast uses the CPU heavily during the scan.

The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The content of the file is debugging information extracted from the library. Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.

(The 'rude' texts are probably just names of malware.)

JakeGouldJakeGould
35k10 gold badges109 silver badges151 bronze badges

protected by CommunityNov 26 '17 at 20:07

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged macosmacvirusanti-virusavast or ask your own question.