Jump to content

Malwarebytes not detecting threat.. Solution?


Recommended Posts

My iMac has slowed down significantly. I am getting  2 pop up messages  “ReceiverHelper” will damage your computer and “ServiceRecords” will damage your computer.  I believe these message indicate a malware that is causing the slowdown. I purchased a personal premium account on Malwarebytes.  I ran the scan multiple times and it is not detecting anything. I am not sure what to do at this point. It is frustrating that I paid for an account and its not helping... Any ideas? 

Link to post
Share on other sites

Both Service Records and Receiver Helper are processes used by Citrix Receiver, a workspace virtualization tool heavily used by numerous organizations. This solution was superseded by an app called Citrix Workspace in 2018. macOS is flagging Service Records as harmful because many companies and individuals are still using the legacy software. Therefore, addressing the problem is a matter of uninstalling the old instance of the Citrix tool and installing the latest version provided by the publisher. This is probably a prophylactic reaction of the system to known vulnerabilities in older iterations of the program.

I believe the reason that this is just now showing up is because that old software uses Symantec Certificate Authorities which have recently been invalidated. Updating the app should take care of that.

Link to post
Share on other sites

  • Staff

Everything Al said is spot on... this is not malware, it's outdated legitimate software with a recently-invalidated signing certificate that macOS is flagging. (Technically, the message macOS is showing is misleading... although an invalid certificate certainly could mean that the software is malicious, there are other reasons for the same issue that are not.)

One additional question I'd like to ask: Why did you feel it necessary to purchase the software? Malwarebytes software is free to use for manual scans, and I'd like to better understand what made you feel that it wouldn't work without purchasing it. (Payment is for real-time protection, which prevents future infections.)

Link to post
Share on other sites

9 hours ago, alvarnell said:

Both Service Records and Receiver Helper are processes used by Citrix Receiver, a workspace virtualization tool heavily used by numerous organizations. This solution was superseded by an app called Citrix Workspace in 2018. macOS is flagging Service Records as harmful because many companies and individuals are still using the legacy software. Therefore, addressing the problem is a matter of uninstalling the old instance of the Citrix tool and installing the latest version provided by the publisher. This is probably a prophylactic reaction of the system to known vulnerabilities in older iterations of the program.

I believe the reason that this is just now showing up is because that old software uses Symantec Certificate Authorities which have recently been invalidated. Updating the app should take care of that.

Thanks alvarnell . Yes I use Citrix Receiver all the time for my work. I never had an issue until now. I was able to locate both files manually Service Records and Receiver Helper. They were both in a folder named "Libexec". Does that make any difference? From my understanding Libexec tends to be more a Malware file! 

7 hours ago, treed said:

Everything Al said is spot on... this is not malware, it's outdated legitimate software with a recently-invalidated signing certificate that macOS is flagging. (Technically, the message macOS is showing is misleading... although an invalid certificate certainly could mean that the software is malicious, there are other reasons for the same issue that are not.)

One additional question I'd like to ask: Why did you feel it necessary to purchase the software? Malwarebytes software is free to use for manual scans, and I'd like to better understand what made you feel that it wouldn't work without purchasing it. (Payment is for real-time protection, which prevents future infections.)

Thanks Treed- I found both files in a Libexec folder which makes thinks this is Malware and not just an invalidated signing certificate (correct me if I am wrong!).

I purchased to prevent further infections, assuming my computer got infected 

Link to post
Share on other sites

There is no reason to believe that items found in a libexec folder are necessarily malware. It's a perfectly valid place to store executable files.

I am in contact with a few other users of Citrix Receiver (and other apps using Symantec CA's) who saw exactly the same thing this week, so I am confident that updating it will solve the problem for you.

Link to post
Share on other sites

  • Staff
21 hours ago, ob88 said:

Thanks Treed- I found both files in a Libexec folder which makes thinks this is Malware and not just an invalidated signing certificate (correct me if I am wrong!).

I purchased to prevent further infections, assuming my computer got infected 

Thanks for the additional info, and I'm glad to hear that you purchased for the correct reason. We sometimes get folks who think they need to purchase in order to use the software at all, and that's something I'm trying to understand the reasons for. Sounds like that's not the issue here.

Regarding the libexec folder, on recent versions of macOS, the /usr/libexec/ folder is protected by the system and third-party software cannot put things there. However, older systems would not have the same restriction, and since this is older software, it's a potentially reasonable - though unusual - place to put things. I've also seen some software store things in a /usr/local/libexec/ folder, which does not exist by default and would not be protected by the system.

The libexec folder, as I said, is not a normal place for most programs to put components. However, as is often the case with megacompanies trying to write cross-platform software, legit stuff can get put in some pretty janky places on macOS. Especially if the company in question is also trying to support Linux, and decides that Linux and macOS are kind of the same thing.

In any case, the issue with ReceiverHelper and ServiceRecords is a known, documented issue in older Citrix clients, with a known root cause. It's not malware.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.