You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: grow on Apple Discussions
grow on Apple Discussions Author
User level: Level 1
24 points

Suspicious Folder

I am helping someone clean up after some malware called MacCleanUpPro found its way onto her MacBook. I have removed all the usual detritus associated with this sort of infection - files in LaunchAgents etc.


The malware had installed the MacCleanUpPro application in the ~/Applications folder rather than the /Applications folder - so we removed that. Next to malware app in ~/Applications was folder called SecuremacUpdates. In that folder there were two executable files called "SecuremacUpdates" and "enc_file". See below for a screenshot.


I was fairly confident, but not absolutely certain that this was also part of the malware. So rather than delete it altogether I moved the folder elsewhere and compressed it into a zip.


So my questions are:

  • has anyone come across this "SecureMacUpdates" folder in ~/Application?
  • If so was it associated with MacCleaner/MacDefender/MacCleanUp type malware?
  • Or is it associated with some legitimate software?


Thanks for any feedback.


Posted on Apr 8, 2019 5:36 AM

Reply
Question marked as Top-ranking reply
User profile for user: macjack
macjack
User level: Level 10
111,204 points

Posted on Apr 8, 2019 5:46 AM

SecureMacUpdates is not a default Mac OS folder, so my guess would be that is associated with the MacCleanupPro. What you can do is run Malwarebytes to check the drive for malware to be sure you are clean.

Malwarebytes was developed by one of our own colleagues here in ASC and is about the most proven anti-malware software for Mac.

View in context

Similar questions

2 replies
Question marked as Top-ranking reply
User profile for user: macjack
macjack
User level: Level 10
111,204 points

Apr 8, 2019 5:46 AM in response to grow on Apple Discussions

SecureMacUpdates is not a default Mac OS folder, so my guess would be that is associated with the MacCleanupPro. What you can do is run Malwarebytes to check the drive for malware to be sure you are clean.

Malwarebytes was developed by one of our own colleagues here in ASC and is about the most proven anti-malware software for Mac.

Reply

Suspicious Folder

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up