Jump to content

Recommended Posts

What is MaxBuilder?

Can't seem to find it with Google and it's not a web site.

Please describe in great deal how and where you are seeing this and if a screenshot would help, please provide.

Link to post
Share on other sites

Ahh, MixBuilder, but doesn't help much. Just takes me to the same discussion. At least we have screenshot.

702643ab-a3b7-4b6d-b666-05af2da01054.thumb.png.3183cd7808a8394fcc9ec24f0d15910a.png

 

Would have been nice to have a copy of the Extension and or app, but seems too late for that.

It seems that everybody that posted have removed both already, or did I miss something?

 

Link to post
Share on other sites

That is correct. But the original poster posted an EtreCheck report.

I wanted to stay with MBAM but I couldn't. That is how this place works.

I can ask other participants to post EtreCheck reports.

It appears that other users are following this thread.

 

Link to post
Share on other sites

EtreCheck won't really help here. The staff is going to want to evaluate the app and extension first in order to classify it and learn all the file that are installed. It maybe adware or just a PUP or something more malicious.

I posted a request to upload the components to a protected forum where the staff and a few others can take a look.

Link to post
Share on other sites
  • Staff

This isn't something I'm familiar with, but the screenshot shows this is in Safari on Mojave, which only allows a few specific old-style .safariextz extensions. That means this is an app extension... a Safari extension bundled inside an application. The application may be named MixBuilder, or may have a different name. (I'm not finding any matches on VirusTotal with just the information we have so far.)

Link to post
Share on other sites
  • Staff

Just a note... this would not be any kind of "automatic download." It would be something the user was tricked into downloading and installing, such as a fake Adobe Flash Player installer (which is still one of the most common scams used).

Link to post
Share on other sites
  • Staff

I don't think the EtreCheck report is likely to help, as the app that contains the extension could be anywhere, and unless John has added something recently I'm not aware of, it doesn't have anything to search for these app extensions.

Power users can use the data generated by lsregister to find them:

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump > ~/Desktop/lsregister.txt

Searching the output - saved into lsregister.txt in the above example - for MixBuilder should turn something up, but that info would be hard for most users to read and understand.

Link to post
Share on other sites

Treed wrote: "Just a note... this would not be any kind of "automatic download." It would be something the user was tricked into downloading and installing, such as a fake Adobe Flash Player installer (which is still one of the most common scams used)."

I did not download or install anything for days. Then when I turned on my computer this morning, MixBuilder self-installed.

I still have MixBuilder.app in my trash if you can tell me how to get it to you (in non-techie language please). It won't drag to your attachment target window.

Link to post
Share on other sites
  • Staff

We've gotten a copy of the app (thanks, CaptainSlocum!) and updated the database. For folks who are affected, try this:

1) Open Malwarebytes

2) In the right-hand pane of the Malwarebytes window, find a label that says "Protection updates". Next to that will be a blue link reading "Current". Click that to force an update... it should change to say "Checking," "Downloading," etc.

3) Start a scan

 4) Remove anything that is detected

5) Switch to the Quarantine tab in the Malwarebytes app

6) Click the Clear Quarantine button

7) Restart your computer

Also, note that if you're using a Premium subscription in the latest version of Malwarebytes for Mac, the App Block feature will prevent the MaxBuilder app - and any other apps by the same developer - from running.

Link to post
Share on other sites

Ok, I've done all that, thanks Treed.

FYI, the only apps I have installed in the last few day were Remember The Milk and DiskCatalogmaker. That last one I had my doubts about - it installed the app into the applications folder but nothing appeared in launch pad. It also works at quite a low level presumably to be able to catalogue hard drives. I didn't catalogue my main hard drive with it, just a few external drives I keep my film making archives on. If it didn't come in through those, what other way could it have got onto my system?

Thanks for your help.

Link to post
Share on other sites

DiskCatalogmaker has been around since 1997 and is available from both the developers site and the App Store. It's got a valid Apple Developer ID registered to katsuya fujiwara, who presumably is the head of Fujiwara Software. Although I have not used it personally, I know many users who have recommended it. A quick examination of it doesn't reveal any trace of being associated with MixBuilder, so I'm confident that wasn't the culprit.

If you have not done so yet, hold the <Option> key down, click on the  menu and select "System Information...". In the left column click on "Installations" then click twice on the column marked "Install Date". Check there to see what you have installed recently and for MixBuilder itself. If you do a "Get Info" on the MixBuilder.app, it may show you the date it was installed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.