Question About Malware Found

Question

Question About Malware Found

Hi all,

I recently downloaded and ran Avast for the first time on my MacBook Air. I discovered an infection called HTML:RedirDL-inj [Trj] from All2MP3 in my library cache (specifically, /Library/Caches/com.Tresrrr.All2MP3/Cache.db-wal). Of course I immediately deleted the file as well as the app in question, and subsequent scans from both Avast and MalwareBytes have come up clean. What concerns me, though, is that I've had All2MP3 on my computer for years. I never used it all that often, but it's been there, and I'm worried about what kind of malware this was and what it's possibly done to my system. I haven't noticed slowing or increased ad presence, my Activity Monitor seemed fine and there were no new, unexplained applications on my hard drive. I never would've noticed this was there if I hadn't search on a lark.

Is there a way to know what this was and what it was doing? Was it a keylogger? Just adware that never really made an impact? Some old dead file that never took root? Given that I don't know how long it was on there, I'm concerned about the amount of data it may have taken from my browsing, especially if it was a keylogger.

Is there any answer to any of this? Or do I just have to make peace with the fact that I may never know until some enterprising hacker shows up with a blackmail demand threatening to show off all my most embarrassing searches and private messages?

Thanks!

MacBook Air

Posted on Dec 10, 2018 1:41 PM

Reply

Answer 1

Dec 10, 2018 1:47 PM in response to beastmastergeneral

Avast is some of the worst possible software you can install on you Mac. I strongly suggest you uninstall it using the uninstall procedure provided by the developer.

If you wish further assistance, I suggest you use the program created by Etresoft, a frequent contributor. It will provide a snapshot of your system which we can analyze to possibly determine the cause of your problem. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.

https://itunes.apple.com/us/app/etrecheck/id1423715984?mt=12

Reply

Answer 2

Dec 10, 2018 1:58 PM in response to Allan Eckert

Good to know about Avast! I saw it recommended elsewhere, I didn't know. What does that mean for this malware found, though? Should I not trust its results; like is it possible it tagged something as malware that wasn't?

I can upload the Etresoft info but I don't really have a problem besides worrying about what that malware was. Would that give any insight?

Reply

Answer 3

Dec 10, 2018 2:31 PM in response to Allan Eckert

I’ve done more research on this, and saw that the malware people have experienced with All2MP3 doesn’t match my experience; further, I took note of which version I had before I deleted it, and it did seem to be the one before the updates were bundled with malware — it’s not a product I used or updated much at all, and I downloaded it before the malware was added in.

Given this — and your knowledge of Avast and its flaws — is it possible or even likely that Avast pinged the library cache file of All2MP3 because it had been so heavily reported as malware without there actually being any in it? Could it have just been a false positive?

Reply

Answer 4

Dec 10, 2018 2:33 PM in response to dialabrain

So this could easily be a false positive? I posted in response to Allen above that further research showed that I didn’t have the malware problem others have had with All2MP3 (which is packaged spyware that shows up as an application, etc), and the version I had of the program was before it was updated to include the malware. Could Avast just have known there was complaints and issues with All2MP3 and pinged it as malware without it actually being so?

I also have MalwareBytes but deleted that file before I downloaded it to check (MB did find some PUPs in All2MP3 but they hadn’t been touched since the initial install in 2015 and didn’t seem to do much of anything; deleted the whole app anyway).

Reply

Answer 5

dialabrain

Level 10

135,947 points

Dec 10, 2018 3:04 PM in response to beastmastergeneral

Not sure what the developer had to say but the app is still available and apparently he bundled it with a number of other apps. all of which can be ignored. Still, I would stay away. Users shouldn't have to decide if they want to install 4 or 5 different apps to get what they want.

Reply

Answer 6

dialabrain

Level 10

135,947 points

Dec 10, 2018 2:30 PM in response to beastmastergeneral

FWIW, one of the many reasons not to install any antivirus software is because of false positives. Malwarebytes is not an antivirus program and is safe.

Reply

Answer 7

BDAqua

Level 10

250,253 points

Dec 10, 2018 2:35 PM in response to beastmastergeneral

Where did you download it from?

Reply

Answer 8

Dec 10, 2018 2:47 PM in response to macjack

The conclusion I'm drawing from this conversation is that I probably shouldn't worry about this "malware" and deleted Avast, is that accurate to say? haha

Reply

Answer 9

BDAqua

Level 10

250,253 points

Dec 10, 2018 2:52 PM in response to beastmastergeneral

Thanks, I suspect you're correct.

Reply

Answer 10

Dec 10, 2018 2:51 PM in response to BDAqua

From the creator directly, a few years ago. Looking into it, it seems like it started getting bundled with spyware around 2016, after I'd installed it, and I never updated it to that version, so I'm starting to suspect that Avast just knows that it's an application with malware problems and tagged it as a false positive.

Reply

Answer 11

macjack

Level 10

111,242 points

Dec 10, 2018 2:39 PM in response to beastmastergeneral

False positives is one the areas where Avast excels, only exceeded by borking your entire operating system.

Reply

Question About Malware Found

Similar questions