Yesterday I ran a full system scan using my Avast antivirus software and it found a infection file. The file's location is :
Avast categorizes the infection file as :
Avast Free Mac Security had a moderate impact on system performance, which we assessed by running our custom OpenOffice benchmark test that matches 20,000 names and addresses on a spreadsheet.
So, after deleting the file I did several more full system scans to check to see if there were any more files. I found nothing, until I restarted my macbook pro today. The file reappeared in the same location. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. Therefore the virus is re-creating the file every restart of the laptop.
I want to avoid wiping the laptop and re-installing everything, so that is why I am here. I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. I've been monitoring my CPU usage, Memory, and Network and I haven't seen a single odd process running. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data. So if something is mining in the background, I can't tell at all. I have no clue what to do.
- Sep 18, 2017 Avast Free Mac Security had a moderate impact on system performance, which we assessed by running our custom OpenOffice benchmark test that matches 20,000 names and addresses on a spreadsheet.
- Easily Uninstall Avast Free Mac Security 2016 (Recommended) Wish to get rid of Avast Mac Security within a few clicks? Among numerous tools that support to uninstall applications on macOS, Osx Uninstaller stands out as a professional, reliable and handy utility.
My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1). So I have no clue where this has came from to be honest and I have no clue how to get rid of it. Can someone please help me out.
I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.
JakeGould1 Answer
Pretty sure there is no virus, malware or trojan at play and his is all a highly coincidental false positive.
It’s most likely a false positive since /var/db/uuidtext/
is related to the new “Unified Logging” subsystem that was introduced in macOS Sierra (10.2). As this article explains:
The first file path (/var/db/diagnostics/
) contains the log files. These files are named with a timestamp filename following the pattern logdata.Persistent.YYYYMMDDTHHMMSS.tracev3
. These files are binary files that we’ll have to use a new utility on macOS to parse them. This directory contains some other files as well including additional log *.tracev3 files and others that contain logging metadata. The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.
But in your case the “magic” seems to come from the hash:
Just check out this reference for known Windows malware files that references that one specific hash. Congratulations! Your Mac has magically created a filename that matches a known vector that has been primarily seen on Windows systems… But you are on a Mac and this filename is just a hash that is connected to the “Unified Logging” database system’s file structure and it is completely coincidental that it matches that malware filename and should not mean anything.
And the reason that specific file seems to regenerate is based on this detail from the above explanation:
The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.
So you delete the file in /var/db/uuidtext/
, but all it is is a reference to what is in /var/db/diagnostics/
. So when you reboot, it sees it is missing and recreates it in /var/db/uuidtext/
.
As for what to do now? Well, you can either tolerate the Avast alerts or you can download a cache cleaning tool such as Onyx and just force the logs to be recreated by truly purging them from your system; not just that one BC8EE8D09234D99DD8B85A99E46C64
file. Hopefully the hash names of the files it regenerates after a full cleaning won’t accidentally match a known malware file again.
UPDATE 1: It seems like Avast staff acknowledges the issue in this post on their forums:
I can confirm this is a false positive. The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections.
Now what is really odd about this statement is the phrase, “…MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner.”
What? Is this implying that someone on the core macOS software development team at Apple somehow “accidentally” setup the system so it generates neutered fragments of a known malicious cryptocurrency miner? Has anyone contacted Apple directly about this? This all seems a bit crazy.
UPDATE 2: This issue is further explained by someone Radek Brich the Avast forums as simply Avast self-identifying itself:
Hello, I'll just add a bit more information.
The file is created by MacOS system, it's actually part of 'cpu usage' diagnostic report. The report is created because Avast uses the CPU heavily during the scan.
The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The content of the file is debugging information extracted from the library. Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.
(The 'rude' texts are probably just names of malware.)
JakeGouldJakeGouldprotected by Community♦Nov 26 '17 at 20:07
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Not the answer you're looking for? Browse other questions tagged macosmacvirusanti-virusavast or ask your own question.
Today's best Avast Free Mac Security deals
Avast Free Mac Security doesn't break a lot of new ground. As is the case with most free software, it does an OK job and — like popular free-to-play games — aims to pull money from your pockets after it's installed.
The one major perk of Avast Free Mac Security is that it can identify attacks in your email inbox, a feature that we'd like to see in all Mac antivirus services. At the end of the day, though, Avast's Mac malware protection rate isn't quite as good as its competitors', which is the most important part of antivirus software.
Avast Free Mac Security costs and what's covered
Avast Free Mac Security is free. It supports Macs running any version of macOS, as long as they have 128MB of RAM and 750MB of available disk space.
Antivirus protection
Avast Free Mac Security keeps Macs free of malware using traditional signature-based detection by unpacking Mac-specific file formats and scanning them for malicious content. It also uses its artificial-intelligence system to apply lessons from its user base to train its software.
Avast also thwarts PC malware on Mac, to prevent it from spreading on networks, and scans unopened ZIP files. It performs system protection scanning in the background, permits both on-demand and scheduled scans, and can scan your router to protect you against DNS hijacking and other threats.
Antivirus detection
Avast Free Mac Security's on-demand malware-scanning engine has a mixed record in recent lab tests. It stopped 100% of malware in tests conducted by Austrian lab AV-Comparatives in July 2018 and June 2019.
Results from German lab AV-Test were less consistent: 100% of Mac malware was detected by Avast in June 2018 and June 2019, but Avast caught only 96.3% of malware in December 2018.
That means Avast tied with Bitdefender Antivirus for Mac and Kaspersky Internet Security for Mac on the AV-Comparatives test (both hit 100%). However, it failed to match Bitdefender, Kaspersky and Norton 360 Deluxe on the AV-Test study, in which all three earned 100% scores.
Of all the Mac antivirus programs we tested, Avast Free Mac Security was the only one that flagged items already on our system as threats. Specifically, it found three email messages in my old, inactive, Outlook database that contained links to phishing websites.
Security and privacy features
Avast Free Mac Security includes Avast's Online Security browser extension, which automatically installs itself in Chrome unless you opt out, while Firefox provides a confirmation prompt to make sure you approve the extension. The Avast extension appears as a button that is green when you're safe and red if a site is potentially harmful. Similar flags will appear next to search results.
If you're wary of sites that monitor your actions, the Avast browser extension also displays a counter badge that tallies the number of activity trackers found in a website and provides an additional option to block social network-based tracking.
Not only does Avast scan activity on your hard drive and web browsers, but it also monitors POP3 and IMAP email clients, including Apple Mail, Thunderbird, Postbox and Airmail, and scans email attachments as well as email messages.
Avast monitors your computer and its network connections in the background, scans new files upon installation and lets you schedule scans. However, Avast Free Mac Security doesn't have any of the extra features offered by paid competitors, such as parental controls, a VPN service, firewalls or webcam blockers.
Performance and system impact
Avast Free Mac Security had a moderate impact on system performance, which we assessed by running our custom Excel VLOOKUP benchmark test, which matches 60,000 names and addresses on a spreadsheet. Our test machine wasa 2017 MacBook Air with a 1.8-GHz Intel Core i5 CPU and approximately 54GB of data stored on a 128GB SSD.
With Avast Free Mac Security installed on our MacBook, but without any active scans running, the VLOOKUP test finished in an average of 3 minutes and 38 seconds, 1 second longer than without any antivirus software installed. That's a passive system hit of less than 1%, and not something you would likely perceive.
MORE: Hackers Say They've Breached Three Antivirus Companies
Other antivirus products' passive system impacts ranged from 5% (Sophos Home Premium) to zero percent (Bitdefender). This is overall great news for Mac users: Most of the time, you'll never notice that you've got antivirus software running.
You would be more likely to notice the slowdowns created by Avast's active scans. During full-system scans, the VLOOKUP test finished in an average of 4 minutes and 59 seconds, resulting in a big performance dip of 37 percent. That's not as bad as McAfee AntiVirus Plus' 47% fall (the worst offender), although it wasn't as good as Sophos' 7% full-scan system hit.
Avast's full-scan completion time, which took an hour and 11 minutes on average, was on the longer end of scores but was not the longest we found — Sophos' 2-hour-and-56-minute time was the longest. Malwarebytes for Mac Premium's full scan took a miraculous 16 seconds, while Bitdefender closed its full scan in 4:25. Kaspersky (41:20) and Norton (25:49) fell in the middle of the pack.
Interface
Avast Free Mac Security may not be the prettiest antivirus app, but it provides a number of functions and options. Its main window shows users a Protected status, as scans are enabled by default. All other features, including on-demand scans, are located in a menu bar on the left.
Avast's main window presents users with their status — Protected or otherwise — and a 'Run scan' button that pushes you to Avast Cleanup Pro. You'll be confused by this abrupt switch of apps if you weren't paying attention to the fine print, and you'll soon realize that Cleanup Pro is a paid product that looks to tidy up your hard drive and costs between $2.99 or $3.99 per month.
MORE: Best Free Antivirus Software
After you click that Run scan button once, it changes to an Upgrade button for Avast Security Pro, which features anti-ransomware protections and Wi-Fi and network scanning. To avoid further confusion, click on Scans in the left-hand menu, which opens that section as well as other sections of the app, such as Reports, Virus Chest, Shields and Preferences.
In Scan, you can select from a number of different types, such as scans of custom directories, scans of removable volumes and scans of your home network. Avast also includes scheduled scans, an increasingly rare option these days.
Clicking on New Scan presents a Start button for activating a Quick Scan and a Change Scan Type button to switch to a full-computer scan.
You'll find database updates and analyses of scans performed on your system in Avast's Reports. Avast places files it flags as malicious into the Virus Chest quarantine section, where you can delete or restore them (if you think Avast is mistaken).
Open the Shields section to see real-time analysis of scanned files. Annoyingly, if the file directory is especially long, Avast won't give you the full directory, so you can't go look up the offending file for yourself. You may not need to, but we'd prefer to have the option.
In the Preferences tab, you'll find options to change the frequency of notifications, system updates and scans. Here, you can also disable hard-drive, email and web protection, although Avast wisely makes you enter your system password first. Additionally, you can disable Avast's menu-bar icon from this window (it's under Miscellaneous).
If you create an account with Avast, you can check the status of any systems you've logged into in the Account tab as well as at my.avast.com. Avast's menu-bar button provides links to open the main interface window, see current activity and application information, and review previous notifications.
Installation and support
To install Avast Free Mac Security, you open Avast.com and click Download, which will place the installer DMG on your Mac. (Thankfully, you won't have to go through download.com anymore, an annoying part of the previous model.) After you click through the end-user-license agreements, the installer will download more files and install Avast.
No restart is required, and the whole process took about 2 minutes for me, which felt about normal. In the middle of the installation, you get the option to not install Avast's unlimited Password Manager and the company'sSecureLine VPN client. The Avast Online Security browser plug-in is free, but you get only a seven-day trial of SecureLine VPN service, which otherwise starts at $60 per year.
To get technical support, click Help in the menu bar, select Avast Technical Support and then select Contact Help to open Avast's Support site. Here, you can find a FAQ, ask for help in the forums and call a customer-support line that will provide free advice for installing, configuring, updating and removing Avast.
MORE: How to Buy Antivirus Software
If you need more help than that, Avast offers paid support starting at $79 for any call that isn't related to removing a virus or malware, or at $119 per call for virus-related calls. For more support, you can spend $199 for a year of unlimited service, or $10 per month plus a $99 setup fee.
Where Is The System Log In Avast For Mac Review
Bottom line
Avast's email scanning gives it an edge over competing Mac antivirus products. It needs such an advantage when the rest of its package is such a mixed bag.
Not only does Avast's software continually push you to spend money on additional services (unlikely if you've already chosen to use free antivirus software), but its malware detection rates aren't great overall.
System Log Vista
If you're going to pay, you should instead choose Bitdefender Antivirus for Mac, which gives you excellent protection and a low system impact for $40 a year. If
System Log Definition
you'd rather not pay, then Avast is the best free option, but only because Sophos Home, which has a more full-featured free tier, has undetermined malware-protection abilities on Macs.