Western Meadowlark

Q: How can I remove suspected malware from Utilities?

Short version: I want to remove a suspicious application from the Utilities folder. When I try to move the application file to Trash, I get a Finder dialog asking for my Mac password. If the file is malware, is it unsafe to enter my password to trash the file?

 

Follow-up question: What else will I need to do to fix this problem?

 

I have installed and run Malwarebytes Anti-Malware and it did not flag or affect the suspect file. But I still think the file may be malware and I want to remove it.

 

Full story:

I believe I have installed some malware disguised as an Adobe Flash update.

 

I may have done this on July 11, 2015, in response to a pop-up in Firefox 39.0.

 

My computer is showing malware symptoms. In looking into the problem, I found out about the "Flash" malware on the Apple support page https://discussions.apple.com/docs/DOC-3122.

 

Prompted by reading that, I searched my system and found a file I suspect. In my Applications folder, I see an instance of AdobeFlashPlayerInstallManager.app version 18.0.0.209, copyright 2008. It is installed in the Utilities folder. It was created on my Mac on July 11 and modified July 14, which would be consistent with the time period when I now recall seeing the browser popup that said I was using an outdated copy of Flash.

 

Now I am trying to move the suspect Flash application file to the Mac Trash. When I right click and select Move to Trash, I get a Finder dialog that asks for my computer password. Should I do this? If not, how can I remove this suspect file?

 

Please advise also about all other recommended recovery steps.

 

I have learned the lesson not to update software via browser pop-ups.

 

Attaching a screen shot of the Get Info window for the suspicious file.

 

Flash Install Manager Suspicious.jpg.jpg

 

Thank you!

MacBook Air (13-inch Mid 2013), OS X Yosemite (10.10.3)

Posted on Jul 16, 2015 2:26 PM

Close

Q: How can I remove suspected malware from Utilities?

  • All replies
  • Helpful answers

  • by Csound1,

    Csound1 Csound1 Jul 16, 2015 2:28 PM in response to Western Meadowlark
    Level 9 (50,412 points)
    Desktops
    Jul 16, 2015 2:28 PM in response to Western Meadowlark

    It's normal, I have the same thing, it is the update install manager for Flash.

  • by Kappy,

    Kappy Kappy Jul 16, 2015 2:46 PM in response to Western Meadowlark
    Level 10 (270,952 points)
    Desktops
    Jul 16, 2015 2:46 PM in response to Western Meadowlark

    That is not malware. You have a valid installation of the latest version of Flash. If you had the previous version then there is a Flash preference panel in System Preferences that is set by default to automatically upgrade Flash when a new version is released. New versions typical plug security holes. If you don't use Flash, then you can uninstall it: Uninstall Flash Player | Mac OS.

  • by Western Meadowlark,

    Western Meadowlark Western Meadowlark Jul 16, 2015 2:49 PM in response to Csound1
    Level 1 (0 points)
    Jul 16, 2015 2:49 PM in response to Csound1

    Thank you, but I don't think it is normal. My suspicions are based on this article: Viruses, Trojans, Malware - and other aspects of Internet Security

    Also, my computer has been symptomatic since about the installation date.

     

    I would very much appreciate answers that directly address the question of the risk in entering my password in the Finder dialog to Trash a program that may be malware.

     

    Thank you all.

  • by Ioliboy,

    Ioliboy Ioliboy Jul 16, 2015 4:14 PM in response to Western Meadowlark
    Level 1 (5 points)
    iPhone
    Jul 16, 2015 4:14 PM in response to Western Meadowlark

    If you want to be sure, try to scan your mac with this app : https://www.malwarebytes.org/antimalware/mac/

    it will tell you if it's a malware or a trustwothy app.

  • by Csound1,

    Csound1 Csound1 Jul 16, 2015 4:18 PM in response to Ioliboy
    Level 9 (50,412 points)
    Desktops
    Jul 16, 2015 4:18 PM in response to Ioliboy

    There is no need, this a part of Adobe Flash

  • by Kurt Lang,Helpful

    Kurt Lang Kurt Lang Jul 16, 2015 4:55 PM in response to Western Meadowlark
    Level 8 (37,815 points)
    Mac OS X
    Jul 16, 2015 4:55 PM in response to Western Meadowlark

    The OS is asking for admin permission to delete the file because it's in the Utilities folder, and you do not have permissions to that file. So it asks. There's nothing abnormal about it.

  • by Csound1,

    Csound1 Csound1 Jul 16, 2015 4:58 PM in response to Western Meadowlark
    Level 9 (50,412 points)
    Desktops
    Jul 16, 2015 4:58 PM in response to Western Meadowlark

    Western Meadowlark wrote:

     

    Thank you, but I don't think it is normal.

    It is normal, your suspicions are wrong. Don't mess around with things you do not understand.

  • by thomas_r.,Helpful

    thomas_r. thomas_r. Jul 17, 2015 10:48 AM in response to Western Meadowlark
    Level 7 (30,919 points)
    Mac OS X
    Jul 17, 2015 10:48 AM in response to Western Meadowlark

    That page does not say anything about that particular file. It's a normal part of Flash. You may very well have downloaded a fake Flash installer, but if you did, that's not part of the payload.

     

    Entering your password in this instance is perfectly safe. The Finder is asking for a password in order to move a file from a location you don't normally have permission to make changes to. That's very different from opening a malicious app and having it ask you for a password!

     

    You say your computer is showing symptoms of malware... what are those symptoms? In reality, most real malware exhibits no symptoms whatsoever that the average person would notice, so I'm guessing that at most you may be having symptoms of adware. Or you may be having symptoms of something not at all related to adware or malware. Since you ran Malwarebytes Anti-Malware for Mac, any adware on your computer should have been detected and removed (assuming you told it to do the removal).