Jump to content

Recommended Posts

I have a Mac running OS X 10.12.6 and was trying to help a friend with his Windows machine.  He has a legitimate version of MS Office, but needed to reinstall it and couldn't find his product key, so I tried helping him get his installation activated.  I ended up on 

https://freemicrosofttoolkit.com/

 and tried downloading from one of the mirror links.  This was on my Mac using Chrome, but when the download finished, Chrome said it detected a malicious file in the download and removed it.  Since the download was removed, I didn't unzip or execute anything that was downloaded, but since then, I've been noticing some strange behavior, with some programs freezing up, and most notably, I periodically see my entire screen flash briefly like a screenshot is being taken.  If I'm plugged into an external monitor, both screens flash simultaneously.  It doesn't seem to be on a set schedule (e.g. every 60 seconds), but it happens periodically.  I downloaded Malwarebytes and ran a scan that came up clean, but I'm still suspicious that something is lurking in the background.

What other scans or steps should I take to look into this?  Thanks in advance for any assistance.

Edited by AdvancedSetup
Removed live hyperlink
Link to post
Share on other sites

I have confirmed using ClamXAV that the download is infected with something called Win.Trojan.BitvoteMinerDropper-6510832-0. A total of 37 of 60 anti-malware scanners found it to be infected with a variety of names on VirusTotal. It would appear to be Windows only and designed to download and install a BitCoin Mining app. I've examined the contents and can verify that it is only capable of being run on a Windows machine, so as long as your friend didn't use it, all should be good.

But in my case Chrome said it was blocked and gave me a "Discard" button which made the file "Unconfirmed 287260.crdownload" disappear. If you did that, then no further action is required.

I feel confident that the screen flashing is unrelated to the actions you described and suggest that it might be a hardware issue with Graphics.

This should also be reported to the Malwarebytes Research Center and I'll take care of that shortly.

Link to post
Share on other sites

I can confirm that this is Windows-only, and cannot affect a Mac. Whatever is happening with your Mac is not the result of downloading that file.

I can also say that seeing programs freeze up and the screen flash are not typical symptoms of malware. The screen flashing is more likely to be some kind of hardware issue, and not an indication of a screenshot being taken... macOS does not flash the screen when a screenshot is taken, and malware that captures the screen would similarly not cause that to happen.

If the flashing screen happens when you're connected to an external monitor, that's likely to be a loose connection somewhere, or a bad cable. If it's happening other times, there may be some other hardware issue. I'd recommend getting the computer checked out by Apple.

Link to post
Share on other sites

Hi, thank you both for your responses.  The flashing of the screen does happen both with and without the external monitor plugged in, but it sounds like it could be an internal hardware issue since the infected website would not have impacted my Mac.  I didn't send it on to my friend, so we should be clear.  I appreciate your time in looking into my inquiry and for the detailed responses.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.