Jump to content
MouseYin

Is sending my MacBook Pro to repair with quarantined files safe?

Recommended Posts

Alright, I have many questions, but the main one is in the title: Is it safe to send my MacBook Pro for repair to Apple while having files on quarantine by Malwarebytes? Can I also make a backup just in case while having those files quarantined?

My other two questions are whether I should delete the files that are deemed as malware. I would share the names, but I spilled water on my MacBook and I'm waiting around 48 hours so it dries and I can use it again. Lastly, Malwarebytes detected 28 suspicious files, 27 of them were quarantined, but one of them was not. Am I safe? What should I do? Thanks VERY VERY much in advance, I'm currently very nervous about all of this, I've had some sleepless nights. If an update or specifications are needed, please notify me. Thanks again. 

Share this post


Link to post
Share on other sites

I believe I may have posted this in the wrong side of the forum, since this is the removal site.  Only my last two questions are relevant. I apologize, I'll try posting in the other sides of the forum.

Share this post


Link to post
Share on other sites

Nevermind, I got confused. I believe all questions are relevant, sorry for the confusion. Please answer all questions as soon as possible, I don't know when I'm supposed to send it. Thanks again very much, I'll kindly update if any lf you need more insight. 😣

Share this post


Link to post
Share on other sites

Greetings,

It shouldn't do any harm for files to remain in quarantine while your system is in the shop for repairs.  All items placed in quarantine are modified and encrypted so that they are rendered completely harmless.  You may leave items in quarantine for as long as you wish, and as long as you are confident that the items are not false positives, you may delete them any time you wish.

With regards to the 1 item that was detected but not removed, unfortunately there is no way for us to know what it was, and therefore no way for us to offer advice about whether or not it is significant that the item was detected but not removed, however once your system has been repaired and your backed up data restored, it should be no trouble for you to get the logs from Malwarebytes if you'd like us to take a look.

I hope this helps, and others may have more to add as well; I just thought I'd go ahead and set your mind at ease since you seemed concerned.

Share this post


Link to post
Share on other sites

Not much I can add as @exile360 has covered most of what you need to know. Just be aware that when Macs are repaired, they will normally reinstall macOS as part of the service. That shouldn't cause any issues with your personal data or 3rd party software, but here's hoping you have a recent backup, just in case.

And yes, give us the information on that file that was not quarantined so we can advise on what needs to be done about it.

Share this post


Link to post
Share on other sites

Hello @alvarnell @exile360. The file with the error is called com.undelineated.hr.plist located on /Users/ *MY USER* /Library/LaunchAgents/com.undelineated.hr.plist under the folder OSX.Generic.Suspicious (that folder says the Action is ~) and the file with the error's action, is well, Error. Is there anything else I can help you with? :(

Share this post


Link to post
Share on other sites

All the files detected were

• Adware.Linkury (has com.SystemExtr.plist and SystemExtr under them)

• OSX.Generic.Suspicious the action is ~ (has com.CheckDate.plist, com.Optic.plist, and com.undelineated.hr.plist [the file that's not quarantined] under them)

• OSX.VSearch (has ApplicationaContents, com.clapperdudgeon.rf.plist, com.jingled-unexpress.plist, com.U6Pyx.plist, OpticDaemon, clapperdudgeon.df, icefall-horny, u7tga, ApplicationContents, Kked1, com.intertone-comminator.plist, com.undelineated.hr.plist, com.utilityData.plist, com.zMvUW.plist, macsearch.plist, MacInstallEe, MacInstallPall, MacInstallPall4, Optic, boldy_Amalings, undelineated.hr, and utilityData under them.) Should I delete?

Share this post


Link to post
Share on other sites

Alright, so, I was typing in Finder the names of some of the files Malwarebytes thought were suspicious and found files with similar names, so I moved them to the trash bin. I didn't search for secret/hidden files, and I only searched some files since I'm sleepy, will go to bed now. I'll continue tomorrow if the MacBook still works.

Share this post


Link to post
Share on other sites

You will need to wait for the staff to return tomorrow and have them let you know what to do about the "com.undelineated.hr.plist" file. It's not one I'm familiar with and they may also want to examine it before it's deleted. I suspect they might be backlogged due to the long holiday weekend in the US.

Share this post


Link to post
Share on other sites
11 hours ago, MouseYin said:

Hello @alvarnell @exile360. The file with the error is called com.undelineated.hr.plist located on /Users/ *MY USER* /Library/LaunchAgents/com.undelineated.hr.plist under the folder OSX.Generic.Suspicious (that folder says the Action is ~) and the file with the error's action, is well, Error. Is there anything else I can help you with? :(

Can you clarify the exact error you saw there? If you run another scan, does the file still get detected? Is it in quarantine? I'm not sure whether you can answer those questions yet, or if your machine is still in the shop.

Share this post


Link to post
Share on other sites
6 minutes ago, treed said:

Can you clarify the exact error you saw there? If you run another scan, does the file still get detected? Is it in quarantine? I'm not sure whether you can answer those questions yet, or if your machine is still in the shop.

Hi, it's just the action says "Error", and while I haven't sent my computer yet, I've run various scans after the incident and nothing has been detected. If you need more info, please notify me, many thanks to all.

Share this post


Link to post
Share on other sites

I'm not sure what that would mean, but if the file has not been detected again, it must have been removed.

Share this post


Link to post
Share on other sites
12 hours ago, MouseYin said:

Alright, so, I was typing in Finder the names of some of the files Malwarebytes thought were suspicious and found files with similar names, so I moved them to the trash bin. I didn't search for secret/hidden files, and I only searched some files since I'm sleepy, will go to bed now. I'll continue tomorrow if the MacBook still works.

Ok. Assuming all the files I posted above are malicious, I'll be deleting them soon. Is it common to find some files with similar names in Finder though? Thank you all so much, I'm almost done with all this.

Share this post


Link to post
Share on other sites

The files you listed all appear to be adware related files, so it should be safe to delete them.

Share this post


Link to post
Share on other sites

I'm very confused now, is this a legitimate file? I'm looking at Finder and only some files from the ones that were listed are available, so I'm assuming the ones that don't appear have been removed. And Finder asked for my password to delete some files too?20200706_140516.thumb.jpg.d16da4ba0b682a2c6176fc03182b029e.jpg

Share this post


Link to post
Share on other sites
9 minutes ago, MouseYin said:

I'm very confused now, is this a legitimate file? I'm looking at Finder and only some files from the ones that were listed are available, so I'm assuming the ones that don't appear have been removed. And Finder asked for my password to delete some files too?20200706_140516.thumb.jpg.d16da4ba0b682a2c6176fc03182b029e.jpg

Deleted all the files, I guess I'm done with everything. Once again, thank you all very much, I'm not that knowledgeable on these type of things. If anything happens I'll be sure to post something, thank you, thank you, thank you. :)

Share this post


Link to post
Share on other sites

There was a known VSearch variant with that name. But I'm confused, because you listed this as one of the files that Malwarebytes had detected and removed. Was it not removed? Is this on a different computer than the one that you're allowing to dry for 48 hours?

Share this post


Link to post
Share on other sites
18 minutes ago, treed said:

There was a known VSearch variant with that name. But I'm confused, because you listed this as one of the files that Malwarebytes had detected and removed. Was it not removed? Is this on a different computer than the one that you're allowing to dry for 48 hours?

It's the same computer, I just decided to use Malwarebytes to make sure everything was ok before I send the MacBook to repair it. Also, Malwarebytes quarantined all the files (except the fault one but I was told that's ok since it didn't appear in other scans) so I don't know if that counts as removing or deleting the files? I don't know if I have to do it manually. Again, I'm not knowledgeable with these things.

Share this post


Link to post
Share on other sites

I'm taking it for repair now, here's to wishing there's no malware left and all my files will be ok.

Share this post


Link to post
Share on other sites

BACK once again, very sorry to bug you all, I just figured out how to delete the quarantined files. Done. I scanned again and nothing appeared, so I'm safe. I'll have to turn in my computer to see if everything about the spill is ok by Thursday.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.