Jump to content
MAXBAR1

Suspected malware: megabackup

Recommended Posts

Good Evening from Italy
I noticed this on my mac:

com.megabackup
with the hidden .autobackup file located in /private /var /run

and surfing the web would seem to be malware. Can anyone tell me what it is, if it is dangerous and if it is better to delete it or if it is defined malware only by software fraudsters who pretend to antimalware?

When I found it the first time, given what they said on the web, I did a clean install of the mac but the file continues to be there.

It is detected by software as a useless remnant, but before today it had never happened to me using the same software.I attach the zipped file

If you need to use Get System Profile or Get Malwarebytes Info, let me know and tell me how to send you the reports created by the two software.

Thank you
Greetings
Massimiliano

.autoBackup.zip

Share this post


Link to post
Share on other sites

That .autobackup file appears to be normal. I have the same file here on both of my Macs, neither of which have ever had MegaBackup installed. It's a zero-byte file, so I'm guessing it's something the OS uses to make decisions based on whether the file is present or not. I'd guess it's something related to Time Machine.

Where are you seeing com.megabackup?

Share this post


Link to post
Share on other sites

It show  me (today for the first time) App Cleaner & Uninstaller by Nektony (I know you do not like this type of app) among the post-removal residual files (I do not know what, because I did not remove any software). Unfortunately, sometimes I’m forced to use apps that do not have an uninstaller and that moving only the app in the trash leave a lot of crap on the disk and I do not know another method to clean that. If you have a better solution for this, I’m ready to listen to.

 

Share this post


Link to post
Share on other sites

Yeah, you really shouldn't use programs like that. In this case, if it's referring to that .autobackup file as com.megabackup, it's flat wrong, and that's the problem with these kinds of generic uninstallers. They either don't remove enough, or they remove too much. Or sometimes some of both!

If the developer of the software you're removing provides any kind of uninstaller or uninstall instructions, you should always use that. In the case of App Store apps, you can simply drag the app to the trash, and no more should be necessary.

The trick is with software that does not provide an uninstaller, but that really should do so. There's no single method that is good for that. If it was installed via an installer, examining the installer with something like Pacifist can give you info on what gets installed where, if you know how to interpret it. Of course, that won't always tell the full story... for example, in recent versions of Malwarebytes for Mac, the kernel extension doesn't get installed by the installer. Instead, the app installs it when the user chooses to activate real-time protection. So in that case, checking the installer isn't sufficient. (Of course, we provide an uninstaller, but that may not be the case for all such software.)

The best thing to do is ask the developer how to remove it. If they don't respond, then as a last resort, it's still best not to use these kinds of generic uninstallers. You'd do better to search for launch agents and daemons related to that software (they should be easy enough to identify in most cases), anything in the Application Support folders that is related, and any kernel extensions that might be part of the software. That should cover most of the bases.

Share this post


Link to post
Share on other sites

and launch agents, daemons and kernel extensions where they are located, as well as in Application Support, to use the manual method you indicated to me?

In which other folders do I have to watch?

Thank you

Share this post


Link to post
Share on other sites

Launch agents and daemons would be in one of these folders:

~/Library/LaunchAgents
/Library/LaunchAgents
/Library/LaunchDaemons

You can locate these folders from the paths using the Go to Folder item in the Go menu in the Finder.

Application Support folders are here:

~/Library/Application Support
/Library/Application Support

Kernel extensions would be here in many cases, though it's not a guarantee:

/Library/Extensions

If it's not there, most likely it would be either inside the application or inside a folder in the Application Support folder, in which case it would be removed when those are deleted.

Share this post


Link to post
Share on other sites

Thanks so much.

I will proceed in this way from now on.

If there is still something you can add it is always welcome.

I add: is there a correct procedure to uninstall Ms Office 2016 (only if there is something more than what you have already written).

Thank you again.

Share this post


Link to post
Share on other sites

Yeah, Microsoft is one of the worst offenders. Microsoft's instructions for removing Office for Mac involve just dragging the apps to the trash. However, this leaves behind items in some of those folders I mentioned. 🤦‍♂️

Share this post


Link to post
Share on other sites

It would not be bad if the procedure that you described to me, making it as complete as possible, would bring it back to an your article on the Malwarebytes blog.

Thanks again

Regard

Massimiliano

Share this post


Link to post
Share on other sites

Containers and caches must be eliminated (office at least has these components, I do not know if the other apps have them)? If so, in which folders are they located?

Share this post


Link to post
Share on other sites

Don't bother with caches, those will get deleted eventually on their own.

Containers will only contain data, and probably not enough to worry about. Some apps never even store anything there. But if you want to look there, the Containers folder is at:

~/Library/Containers

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.