Jump to content

Recommended Posts

What is MaxBuilder?

Can't seem to find it with Google and it's not a web site.

Please describe in great deal how and where you are seeing this and if a screenshot would help, please provide.

Share this post


Link to post
Share on other sites

Ahh, MixBuilder, but doesn't help much. Just takes me to the same discussion. At least we have screenshot.

702643ab-a3b7-4b6d-b666-05af2da01054.thumb.png.3183cd7808a8394fcc9ec24f0d15910a.png

 

Would have been nice to have a copy of the Extension and or app, but seems too late for that.

It seems that everybody that posted have removed both already, or did I miss something?

 

Share this post


Link to post
Share on other sites

That is correct. But the original poster posted an EtreCheck report.

I wanted to stay with MBAM but I couldn't. That is how this place works.

I can ask other participants to post EtreCheck reports.

It appears that other users are following this thread.

 

Share this post


Link to post
Share on other sites

EtreCheck won't really help here. The staff is going to want to evaluate the app and extension first in order to classify it and learn all the file that are installed. It maybe adware or just a PUP or something more malicious.

I posted a request to upload the components to a protected forum where the staff and a few others can take a look.

Share this post


Link to post
Share on other sites

"I have this question too" stat is upto 22 now.

I saw the post by MadMacs0 about uploading the extension.

If you can post simple howto instructions, it may be helpful.

 

Share this post


Link to post
Share on other sites

I pointed to the instructions here https://forums.malwarebytes.com/topic/193729-purpose-of-this-forum/

Share this post


Link to post
Share on other sites

This isn't something I'm familiar with, but the screenshot shows this is in Safari on Mojave, which only allows a few specific old-style .safariextz extensions. That means this is an app extension... a Safari extension bundled inside an application. The application may be named MixBuilder, or may have a different name. (I'm not finding any matches on VirusTotal with just the information we have so far.)

Share this post


Link to post
Share on other sites

Thank you.

At least 22 users have reported this automatic download.

I went by EtreCheck report.

May be this is a two day affair.

Thanks again.

Share this post


Link to post
Share on other sites

Just a note... this would not be any kind of "automatic download." It would be something the user was tricked into downloading and installing, such as a fake Adobe Flash Player installer (which is still one of the most common scams used).

Share this post


Link to post
Share on other sites

Thanks.

I will ask for an EtreCheck report.

Adobe Flash download may show up in the "Software downloaded in last 30 days" section.

"I have this question too"  count is upto 25 now.

There is something going on.

 

Share this post


Link to post
Share on other sites

I don't think the EtreCheck report is likely to help, as the app that contains the extension could be anywhere, and unless John has added something recently I'm not aware of, it doesn't have anything to search for these app extensions.

Power users can use the data generated by lsregister to find them:

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump > ~/Desktop/lsregister.txt

Searching the output - saved into lsregister.txt in the above example - for MixBuilder should turn something up, but that info would be hard for most users to read and understand.

Share this post


Link to post
Share on other sites

Thank you.

I would appreciate it if you could tell me what to post as an answer to the question posted by a user.

Regards.

Share this post


Link to post
Share on other sites

Treed wrote: "Just a note... this would not be any kind of "automatic download." It would be something the user was tricked into downloading and installing, such as a fake Adobe Flash Player installer (which is still one of the most common scams used)."

I did not download or install anything for days. Then when I turned on my computer this morning, MixBuilder self-installed.

I still have MixBuilder.app in my trash if you can tell me how to get it to you (in non-techie language please). It won't drag to your attachment target window.

Share this post


Link to post
Share on other sites

We've gotten a copy of the app (thanks, CaptainSlocum!) and updated the database. For folks who are affected, try this:

1) Open Malwarebytes

2) In the right-hand pane of the Malwarebytes window, find a label that says "Protection updates". Next to that will be a blue link reading "Current". Click that to force an update... it should change to say "Checking," "Downloading," etc.

3) Start a scan

 4) Remove anything that is detected

5) Switch to the Quarantine tab in the Malwarebytes app

6) Click the Clear Quarantine button

7) Restart your computer

Also, note that if you're using a Premium subscription in the latest version of Malwarebytes for Mac, the App Block feature will prevent the MaxBuilder app - and any other apps by the same developer - from running.

Share this post


Link to post
Share on other sites

Ok, I've done all that, thanks Treed.

FYI, the only apps I have installed in the last few day were Remember The Milk and DiskCatalogmaker. That last one I had my doubts about - it installed the app into the applications folder but nothing appeared in launch pad. It also works at quite a low level presumably to be able to catalogue hard drives. I didn't catalogue my main hard drive with it, just a few external drives I keep my film making archives on. If it didn't come in through those, what other way could it have got onto my system?

Thanks for your help.

Share this post


Link to post
Share on other sites

DiskCatalogmaker has been around since 1997 and is available from both the developers site and the App Store. It's got a valid Apple Developer ID registered to katsuya fujiwara, who presumably is the head of Fujiwara Software. Although I have not used it personally, I know many users who have recommended it. A quick examination of it doesn't reveal any trace of being associated with MixBuilder, so I'm confident that wasn't the culprit.

If you have not done so yet, hold the <Option> key down, click on the  menu and select "System Information...". In the left column click on "Installations" then click twice on the column marked "Install Date". Check there to see what you have installed recently and for MixBuilder itself. If you do a "Get Info" on the MixBuilder.app, it may show you the date it was installed.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.