ascmember Posted April 25, 2019 ID:1309526 Share Posted April 25, 2019 macOS How to remove MaxBuilder? Link to post Share on other sites More sharing options...
alvarnell Posted April 25, 2019 ID:1309537 Share Posted April 25, 2019 What is MaxBuilder? Can't seem to find it with Google and it's not a web site. Please describe in great deal how and where you are seeing this and if a screenshot would help, please provide. Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309545 Share Posted April 25, 2019 For details: https://discussions.apple.com/thread/250325185 Link to post Share on other sites More sharing options...
alvarnell Posted April 25, 2019 ID:1309556 Share Posted April 25, 2019 Ahh, MixBuilder, but doesn't help much. Just takes me to the same discussion. At least we have screenshot. Would have been nice to have a copy of the Extension and or app, but seems too late for that. It seems that everybody that posted have removed both already, or did I miss something? Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309563 Share Posted April 25, 2019 That is correct. But the original poster posted an EtreCheck report. I wanted to stay with MBAM but I couldn't. That is how this place works. I can ask other participants to post EtreCheck reports. It appears that other users are following this thread. Link to post Share on other sites More sharing options...
alvarnell Posted April 25, 2019 ID:1309575 Share Posted April 25, 2019 EtreCheck won't really help here. The staff is going to want to evaluate the app and extension first in order to classify it and learn all the file that are installed. It maybe adware or just a PUP or something more malicious. I posted a request to upload the components to a protected forum where the staff and a few others can take a look. Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309576 Share Posted April 25, 2019 "I have this question too" stat is upto 22 now. I saw the post by MadMacs0 about uploading the extension. If you can post simple howto instructions, it may be helpful. Link to post Share on other sites More sharing options...
alvarnell Posted April 25, 2019 ID:1309577 Share Posted April 25, 2019 I pointed to the instructions here https://forums.malwarebytes.com/topic/193729-purpose-of-this-forum/ Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309579 Share Posted April 25, 2019 Thanks. Link to post Share on other sites More sharing options...
Staff treed Posted April 25, 2019 Staff ID:1309592 Share Posted April 25, 2019 This isn't something I'm familiar with, but the screenshot shows this is in Safari on Mojave, which only allows a few specific old-style .safariextz extensions. That means this is an app extension... a Safari extension bundled inside an application. The application may be named MixBuilder, or may have a different name. (I'm not finding any matches on VirusTotal with just the information we have so far.) Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309599 Share Posted April 25, 2019 Thank you. At least 22 users have reported this automatic download. I went by EtreCheck report. May be this is a two day affair. Thanks again. Link to post Share on other sites More sharing options...
Staff treed Posted April 25, 2019 Staff ID:1309603 Share Posted April 25, 2019 Just a note... this would not be any kind of "automatic download." It would be something the user was tricked into downloading and installing, such as a fake Adobe Flash Player installer (which is still one of the most common scams used). Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309606 Share Posted April 25, 2019 Thanks. I will ask for an EtreCheck report. Adobe Flash download may show up in the "Software downloaded in last 30 days" section. "I have this question too" count is upto 25 now. There is something going on. Link to post Share on other sites More sharing options...
Staff treed Posted April 25, 2019 Staff ID:1309612 Share Posted April 25, 2019 I don't think the EtreCheck report is likely to help, as the app that contains the extension could be anywhere, and unless John has added something recently I'm not aware of, it doesn't have anything to search for these app extensions. Power users can use the data generated by lsregister to find them: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump > ~/Desktop/lsregister.txt Searching the output - saved into lsregister.txt in the above example - for MixBuilder should turn something up, but that info would be hard for most users to read and understand. Link to post Share on other sites More sharing options...
ascmember Posted April 25, 2019 Author ID:1309630 Share Posted April 25, 2019 Thank you. I would appreciate it if you could tell me what to post as an answer to the question posted by a user. Regards. Link to post Share on other sites More sharing options...
CaptainSlocum Posted April 25, 2019 ID:1309640 Share Posted April 25, 2019 Treed wrote: "Just a note... this would not be any kind of "automatic download." It would be something the user was tricked into downloading and installing, such as a fake Adobe Flash Player installer (which is still one of the most common scams used)." I did not download or install anything for days. Then when I turned on my computer this morning, MixBuilder self-installed. I still have MixBuilder.app in my trash if you can tell me how to get it to you (in non-techie language please). It won't drag to your attachment target window. Link to post Share on other sites More sharing options...
Staff treed Posted April 25, 2019 Staff ID:1309660 Share Posted April 25, 2019 We've gotten a copy of the app (thanks, CaptainSlocum!) and updated the database. For folks who are affected, try this: 1) Open Malwarebytes 2) In the right-hand pane of the Malwarebytes window, find a label that says "Protection updates". Next to that will be a blue link reading "Current". Click that to force an update... it should change to say "Checking," "Downloading," etc. 3) Start a scan 4) Remove anything that is detected 5) Switch to the Quarantine tab in the Malwarebytes app 6) Click the Clear Quarantine button 7) Restart your computer Also, note that if you're using a Premium subscription in the latest version of Malwarebytes for Mac, the App Block feature will prevent the MaxBuilder app - and any other apps by the same developer - from running. Link to post Share on other sites More sharing options...
CaptainSlocum Posted April 25, 2019 ID:1309672 Share Posted April 25, 2019 Ok, I've done all that, thanks Treed. FYI, the only apps I have installed in the last few day were Remember The Milk and DiskCatalogmaker. That last one I had my doubts about - it installed the app into the applications folder but nothing appeared in launch pad. It also works at quite a low level presumably to be able to catalogue hard drives. I didn't catalogue my main hard drive with it, just a few external drives I keep my film making archives on. If it didn't come in through those, what other way could it have got onto my system? Thanks for your help. Link to post Share on other sites More sharing options...
ascmember Posted April 26, 2019 Author ID:1309706 Share Posted April 26, 2019 Thanks Mr.Reed. Link to post Share on other sites More sharing options...
alvarnell Posted April 26, 2019 ID:1309707 Share Posted April 26, 2019 DiskCatalogmaker has been around since 1997 and is available from both the developers site and the App Store. It's got a valid Apple Developer ID registered to katsuya fujiwara, who presumably is the head of Fujiwara Software. Although I have not used it personally, I know many users who have recommended it. A quick examination of it doesn't reveal any trace of being associated with MixBuilder, so I'm confident that wasn't the culprit. If you have not done so yet, hold the <Option> key down, click on the menu and select "System Information...". In the left column click on "Installations" then click twice on the column marked "Install Date". Check there to see what you have installed recently and for MixBuilder itself. If you do a "Get Info" on the MixBuilder.app, it may show you the date it was installed. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now