Jump to content

Recommended Posts

Alright, I have many questions, but the main one is in the title: Is it safe to send my MacBook Pro for repair to Apple while having files on quarantine by Malwarebytes? Can I also make a backup just in case while having those files quarantined?

My other two questions are whether I should delete the files that are deemed as malware. I would share the names, but I spilled water on my MacBook and I'm waiting around 48 hours so it dries and I can use it again. Lastly, Malwarebytes detected 28 suspicious files, 27 of them were quarantined, but one of them was not. Am I safe? What should I do? Thanks VERY VERY much in advance, I'm currently very nervous about all of this, I've had some sleepless nights. If an update or specifications are needed, please notify me. Thanks again. 

Link to post
Share on other sites

Nevermind, I got confused. I believe all questions are relevant, sorry for the confusion. Please answer all questions as soon as possible, I don't know when I'm supposed to send it. Thanks again very much, I'll kindly update if any lf you need more insight. 😣

Link to post
Share on other sites

Greetings,

It shouldn't do any harm for files to remain in quarantine while your system is in the shop for repairs.  All items placed in quarantine are modified and encrypted so that they are rendered completely harmless.  You may leave items in quarantine for as long as you wish, and as long as you are confident that the items are not false positives, you may delete them any time you wish.

With regards to the 1 item that was detected but not removed, unfortunately there is no way for us to know what it was, and therefore no way for us to offer advice about whether or not it is significant that the item was detected but not removed, however once your system has been repaired and your backed up data restored, it should be no trouble for you to get the logs from Malwarebytes if you'd like us to take a look.

I hope this helps, and others may have more to add as well; I just thought I'd go ahead and set your mind at ease since you seemed concerned.

Link to post
Share on other sites

Not much I can add as @exile360 has covered most of what you need to know. Just be aware that when Macs are repaired, they will normally reinstall macOS as part of the service. That shouldn't cause any issues with your personal data or 3rd party software, but here's hoping you have a recent backup, just in case.

And yes, give us the information on that file that was not quarantined so we can advise on what needs to be done about it.

Link to post
Share on other sites

All the files detected were

• Adware.Linkury (has com.SystemExtr.plist and SystemExtr under them)

• OSX.Generic.Suspicious the action is ~ (has com.CheckDate.plist, com.Optic.plist, and com.undelineated.hr.plist [the file that's not quarantined] under them)

• OSX.VSearch (has ApplicationaContents, com.clapperdudgeon.rf.plist, com.jingled-unexpress.plist, com.U6Pyx.plist, OpticDaemon, clapperdudgeon.df, icefall-horny, u7tga, ApplicationContents, Kked1, com.intertone-comminator.plist, com.undelineated.hr.plist, com.utilityData.plist, com.zMvUW.plist, macsearch.plist, MacInstallEe, MacInstallPall, MacInstallPall4, Optic, boldy_Amalings, undelineated.hr, and utilityData under them.) Should I delete?

Link to post
Share on other sites

Alright, so, I was typing in Finder the names of some of the files Malwarebytes thought were suspicious and found files with similar names, so I moved them to the trash bin. I didn't search for secret/hidden files, and I only searched some files since I'm sleepy, will go to bed now. I'll continue tomorrow if the MacBook still works.

Link to post
Share on other sites

You will need to wait for the staff to return tomorrow and have them let you know what to do about the "com.undelineated.hr.plist" file. It's not one I'm familiar with and they may also want to examine it before it's deleted. I suspect they might be backlogged due to the long holiday weekend in the US.

Link to post
Share on other sites

11 hours ago, MouseYin said:

Hello @alvarnell @exile360. The file with the error is called com.undelineated.hr.plist located on /Users/ *MY USER* /Library/LaunchAgents/com.undelineated.hr.plist under the folder OSX.Generic.Suspicious (that folder says the Action is ~) and the file with the error's action, is well, Error. Is there anything else I can help you with? :(

Can you clarify the exact error you saw there? If you run another scan, does the file still get detected? Is it in quarantine? I'm not sure whether you can answer those questions yet, or if your machine is still in the shop.

Link to post
Share on other sites

6 minutes ago, treed said:

Can you clarify the exact error you saw there? If you run another scan, does the file still get detected? Is it in quarantine? I'm not sure whether you can answer those questions yet, or if your machine is still in the shop.

Hi, it's just the action says "Error", and while I haven't sent my computer yet, I've run various scans after the incident and nothing has been detected. If you need more info, please notify me, many thanks to all.

Link to post
Share on other sites

12 hours ago, MouseYin said:

Alright, so, I was typing in Finder the names of some of the files Malwarebytes thought were suspicious and found files with similar names, so I moved them to the trash bin. I didn't search for secret/hidden files, and I only searched some files since I'm sleepy, will go to bed now. I'll continue tomorrow if the MacBook still works.

Ok. Assuming all the files I posted above are malicious, I'll be deleting them soon. Is it common to find some files with similar names in Finder though? Thank you all so much, I'm almost done with all this.

Link to post
Share on other sites

I'm very confused now, is this a legitimate file? I'm looking at Finder and only some files from the ones that were listed are available, so I'm assuming the ones that don't appear have been removed. And Finder asked for my password to delete some files too?20200706_140516.thumb.jpg.d16da4ba0b682a2c6176fc03182b029e.jpg

Link to post
Share on other sites

9 minutes ago, MouseYin said:

I'm very confused now, is this a legitimate file? I'm looking at Finder and only some files from the ones that were listed are available, so I'm assuming the ones that don't appear have been removed. And Finder asked for my password to delete some files too?20200706_140516.thumb.jpg.d16da4ba0b682a2c6176fc03182b029e.jpg

Deleted all the files, I guess I'm done with everything. Once again, thank you all very much, I'm not that knowledgeable on these type of things. If anything happens I'll be sure to post something, thank you, thank you, thank you. :)

Link to post
Share on other sites

There was a known VSearch variant with that name. But I'm confused, because you listed this as one of the files that Malwarebytes had detected and removed. Was it not removed? Is this on a different computer than the one that you're allowing to dry for 48 hours?

Link to post
Share on other sites

18 minutes ago, treed said:

There was a known VSearch variant with that name. But I'm confused, because you listed this as one of the files that Malwarebytes had detected and removed. Was it not removed? Is this on a different computer than the one that you're allowing to dry for 48 hours?

It's the same computer, I just decided to use Malwarebytes to make sure everything was ok before I send the MacBook to repair it. Also, Malwarebytes quarantined all the files (except the fault one but I was told that's ok since it didn't appear in other scans) so I don't know if that counts as removing or deleting the files? I don't know if I have to do it manually. Again, I'm not knowledgeable with these things.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.