Jump to content

treed

Staff
  • Posts

    2,228
  • Joined

  • Last visited

Everything posted by treed

  1. So, that means you won't get notifications about things like detections, files getting quarantined, etc. That should provide temporary relief from this issue, but is really not the best thing to do long-term, as it could cause you to miss important information. Just to be clear, I didn't ask for your password. The script needs you to authenticate to allow it the level of permissions it needs, but it never sees the password. macOS displays the password request and handles the authentication. It's wise to be skeptical of something sent to you by random folks on a forum, but in this case I'm not some random guy. You can see from my profile that I'm a member of the Malwarebytes staff.
  2. That's not going to help with this problem. I sent you, and several others, a script to run to get more information so we can figure out what's going on here.
  3. No, those are completely separate systems, and even have different pricing. It's not possible to convert one to the other. However, you could cancel your subscription on Google Play: https://support.google.com/googleplay/answer/7018481?co=GENIE.Platform%3DAndroid&hl=en The subscription will continue to be good for the remaining duration of the time you have paid for with the previous subscription payment. Once that subscription runs out (or is close to running out), you can make a new purchase through our website and activate the app with a license key.
  4. Those symptoms are not symptoms of malware. It's entirely possible that there could be something on your machine, but it wouldn't be related to those symptoms. If you continue to see that, I'd recommend that you contact Apple support.
  5. The process you're referring to resides at the following path, which is entirely controlled by Apple, and resides on a read-only volume that (in theory) cannot be modified by an attacker without physical access to the machine. /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService As Al mentioned, I have the same process installed here, and it is validly signed by Apple. It is a legitimate part of macOS, and is not spying on you. % codesign --verify --verbose=4 /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService: valid on disk /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService: satisfies its Designated Requirement % codesign --display --verbose=4 /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService Executable=/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService Identifier=com.apple.AccountProfileRemoteViewService Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20100 size=634 flags=0x0(none) hashes=12+5 location=embedded Platform identifier=9 VersionPlatform=1 VersionMin=659200 VersionSDK=659200 Hash type=sha256 size=32 CandidateCDHash sha256=2946bf831d0f20f39814db8f95d22b498e859ab2 CandidateCDHashFull sha256=2946bf831d0f20f39814db8f95d22b498e859ab2369bfd7803441171bbad8ddd Hash choices=sha256 CMSDigest=2946bf831d0f20f39814db8f95d22b498e859ab2369bfd7803441171bbad8ddd CMSDigestType=2 Page size=4096 CDHash=2946bf831d0f20f39814db8f95d22b498e859ab2 Signature size=4547 Authority=Software Signing Authority=Apple Code Signing Certification Authority Authority=Apple Root CA Info.plist entries=23 TeamIdentifier=not set Sealed Resources version=2 rules=13 files=82 Internal requirements count=1 size=92
  6. In that case, 1 GB is very unusual memory usage, so I'd recommend that you contact support directly: https://support.malwarebytes.com/community/contactsupport/pages/home-support We'll need to collect some information from you, but you wouldn't want to post that info in a public forum.
  7. Please make sure that you're running the current version of the software. There was a memory issue in a previous version, but that was fixed some time ago. If you open the Malwarebytes app and choose Check For Updates from the Malwarebytes menu, that will let you know if an update is available.
  8. It's very unlikely that Malwarebytes for Mac is interfering with Google, but try turning off the real-time protection options within the Malwarebytes for Mac app. In the main window in the app, click the text that reads "On" next to "Malware protection" and "App Block" under Real-Time Protection. That will change each to "Off." (If it says "Premium only", then Malwarebytes for Mac is in Free mode and you do not have real-time protection capabilities enabled.) If turning off those features does not make a difference, the problem isn't due to Malwarebytes. If it does, please let us know, as that's something we'll want to investigate.
  9. I didn't say you need to do a clean install. Just install macOS right over your existing installation, and it should repair the damage to your system that is causing the problem. Be aware that restoring the entire system from a third-party backup is one theoretical way for this folder to get damaged.
  10. Although it's not officially supported on the Mac, that's just a technicality based on the fact that it hasn't been heavily tested on Mac. In practice, I've seen no indication it doesn't work in Chrome and Firefox on Mac. Most of us have been using it on our Macs for some time.
  11. This is likely due to an issue related to a bug in Catalina relating to incorrect settings on the folder at /Library/StagedExtensions/. (I can't say for sure, since I have no idea whether the requested information was actually received by anyone here, who it was received by, or what you have submitted.) We're still investigating possible solutions, and have been talking to Apple about it. Supposedly, this bug is fixed in the macOS Catalina supplemental update that was released on Monday, but also apparently that update does not fix the problem on already-affected machines. So far, we believe that the easiest solution is still to reinstall your system, which should fix the damaged folder. Since that folder, and the required settings, cannot be changed directly by the user or by any third-party software, our hands are tied when it comes to other solutions. Be aware that this issue will affect most other security software as well, so deleting Malwarebytes and installing something else is not likely to be a solution.
  12. Sounds like it could be a variant of the malicious configuration profiles mentioned here: https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-others/ Try the solution for the profile issue mentioned there. If that doesn't help, try the other suggestions, and if it still won't go away, let us know.
  13. /usr/sbin/ is on the system volume in Catalina. See: https://eclecticlight.co/2019/10/08/macos-catalina-boot-volume-layout/
  14. The issue described below has been fixed in Malwarebytes for Mac 4.0. If you are still seeing the issue where Malwarebytes Protection does not show up under Full Disk Access, make sure that you have upgraded to 4.0. You can download the latest installer from here: https://malwarebytes.com/mac-download Original problem If you have upgraded to macOS Catalina and have installed the corresponding update to Malwarebytes for Mac 3.9.32, you may see a problem where the app will tell you that you need to enable Full Disk Access. However, when you follow the directions provided, you will not see Malwarebytes Protection in the list where the directions say to look for it. We are still unsure exactly what changed, and whether this is a Catalina bug that will be fixed in a future release, or whether we need to change something. We are investigating. In the meantime, you can fix the problem by downloading the Malwarebytes for Mac installer and reinstall it manually. There is no need to uninstall Malwarebytes for Mac first, you can simply install on top of your existing copy. Once you have done this, you should see Malwarebytes Protection on the list of apps to give Full Disk Access to. Download the Malwarebytes for Mac installer here: https://malwarebytes.com/mac-download Technical background It seems that something changed between the Catalina betas and the final release, and it is triggered by installing the Malwarebytes for Mac update via the installer process located at /usr/sbin/installer, as opposed to the Installer app located at /System/Library/CoreServices/Installer.app. When installing via the former, Malwarebytes Protection will not appear on the list. When installing via the latter, it will. We have also observed cases where Malwarebytes Protection will disappear from the list, even though it has already been given Full Disk Access. Despite not appearing on the list, it will nonetheless continue to have Full Disk Access, and will remain capable of detecting and removing threats from locations that are not accessible without Full Disk Access. This is definitely a Catalina bug, which leads us to believe the other problem may also be a related bug.
  15. That is not supposed to be necessary. The instructions work as written... or, at least, they did. It looks like something may have changed between the Catalina betas/GM and the official release, but we're not sure what yet. We're investigating.
  16. The updater does work, and is working as intended. In the initial stages of a new release, it's throttled so that only a limited number of people get the update. Checking manually overrides the throttling and gives you the update now.
  17. From the information provided, that does appear to be a legitimate copy of the installer.
  18. That has never been a feature of Malwarebytes for Mac, and our free browser extension (now called Browser Guard) has never yet been available for Safari. If you were running something in Safari that was using a Malwarebytes logo, I'd be very interested in finding out what that was.
  19. As Al pointed out, Malwarebytes for Mac never has done ad blocking, and it has never had a Safari extension. You mentioned that "Malwarebytes is no longer present on search windows," but I don't know what that means, as Malwarebytes should not show up in any way on your search windows in Safari (unless you're searching for something Malwarebytes-related and it shows up in the search results). Another alternative to Ka-Block that should work on Catalina is 1Blocker. It's a bit pricey compared to other ad blockers, but IMO is worth the cost.
  20. I'm not sure what might have happened, other than to say that it's exceedingly unlikely to be due to malware. The last time I can think of that malware actually caused a machine to become unable to start up was with the Genieo adware nearly ten years ago, and in that case it was only caused if you removed it incompletely. (In fact, it was that incident that caused me to start working on automated ways of removing all traces of such things.) My advice, if you continue to have problems, would be to talk to Apple support about that. It may be some kind of hardware issue, for all I know.
  21. None of this sounds like malware. It actually sounds more like the encrypted partition was damaged. Yosemite has a small - and shrinking - install base, and is unlikely to be a target for malware. However, it's also worth pointing out that Yosemite cannot be considered a secure system any longer, so if someone did want to target Yosemite users, it wouldn't be hard to do so. If that happened, though, it wouldn't be likely to look like what you saw.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.