Jump to content

quarantined sisinfo.plist


Recommended Posts

Sounds like you might have a new Genieo variant and since the weekend has started, I doubt you'll get any feedback before next week, so I'll go out on a limb and offer a suggested approach:

  1. Make sure you are using the latest version of Malwarebytes for Mac, downloaded from here, and not any previous version:
  2. Scan with Malwarebytes for Mac, remove anything detected, and restart the computer
  3. If you have done all this and you're still seeing sysinfo.plist detections that are appearing on their own, not in response to something you're trying to install, please submit a support ticket here:
    • https://support.malwarebytes.com/community/consumer/pages/contact-us
    • Be sure to select Malwarebytes for Mac as the product
    • Run the Get System Profile script that is attached to this message and attach the file it creates to your support request
    • Do not post the output of that script directly here, as it may contain information that you don't want made public; this is why I ask that you submit via a support ticket instead

Get System Profile.zip

 

Edited by alvarnell
Link to post
Share on other sites

I unfortunately have the same issue. The malware was masquerading as a Safari Flash extension update. As soon as it started I could tell it wasn't an authentic Flash update. It added an annoying Yahoo search extension to all of my browsers called PlayTime and a Bookings.com app to my applications bar. I thought I'd cleaned up everything and found a link recommending Malwarebytes; however, I'm still getting the sisinfo.plist about every 15 minutes (3-4 an hour).

Edited by RGrimes
Link to post
Share on other sites

  • Staff

We found a new Genieo variant on Monday afternoon, thanks to help from someone who did what alvarnell recommends above. That variant should now be detected. If you're finding that, at this point, Malwarebytes for Mac is still not detecting anything other than sisinfo.plist, and it continues to reappear, please follow those instructions to file a report. (This should be done privately. The information in the system profile generated by that script is not highly sensitive, but you still may not want it posted publicly.)

Link to post
Share on other sites

  • 1 month later...
On 2018-01-24 at 11:06 AM, treed said:

We found a new Genieo variant on Monday afternoon, thanks to help from someone who did what alvarnell recommends above. That variant should now be detected. If you're finding that, at this point, Malwarebytes for Mac is still not detecting anything other than sisinfo.plist, and it continues to reappear, please follow those instructions to file a report. (This should be done privately. The information in the system profile generated by that script is not highly sensitive, but you still may not want it posted publicly.)

sisinfo.plist - just found this topic and comments - was able to remove Safe Finder over the weekend. However Malwarebytes is continuing to scan, find threat files sisinfo.plist and quarantine (see screen shot) multiple times a day. Is there any updated info you can provide or must I file a private report? Would like to stop this altogether if possible. Thanks!5aa6eae871c02_ScreenShot2018-03-12at4_52_14PM.thumb.png.e1a9a3d9554345f697bd500df7e01ddd.png

Link to post
Share on other sites

  • 7 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.