You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Virus on my Mac

I run Webroot SecureAnywhere on my Mac and it discovered a virus that I was able to delete after several attempts. Now I am getting a 'suspicious activity' notice on two files that I cannot delete because they say they are being used by Mac OS. This is the error. Anyone know how I can fix this and if these files are malicious? The files are /System/Library/LaunchAgents/com.apple.MRTa.plist and /System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove.

iMac Line (2012 and Later)

Posted on Jul 27, 2020 5:00 PM

Reply
Question marked as Top-ranking reply

Posted on Jul 27, 2020 5:21 PM

I think you should uninstall WebRoot, those are OS files...


/System/Library/LaunchAgents/com.apple.MRTa.plist

https://discussions.apple.com/thread/250165074


The message ‘Suspicious Activity detected’ is a notification that Webroot SecureAnywhere provides when a change is made to the system that may resemble behavior of a malicious process. Generally speaking, these notifications are not malicious as there are a number of automated tasks that can occur within OS-X that could trigger it. Common tasks that could prompt this message are updates to software, or Folder Actions. It’s common that these kinds of tasks change or modify ‘plist’ files that affect the overall preferences for the system.


You may see in the alert mention of a plist (property list) file, which stores all the settings for an application, or LaunchDaemons, which are a scheduled task to run a single or selection of services. If you ever receive these prompts, you can safely click OK. If the alert repeats multiple times you may click Ignore. We are actively working to improve our SecureAnywhere agent for Mac and new design implementations are coming soon for these prompts and alerts.


Please note, the alert will only show up once to notify you that a trusted application or system process has done something a bit different today. If it was genuinely suspicious or malicious activity, it would be blocked by the client.

https://community.webroot.com/webroot-secureanywhere-antivirus-12/i-keep-getting-this-notice-from-web-root-suspicious-activity-detected-185664

Similar questions

2 replies
Question marked as Top-ranking reply

Jul 27, 2020 5:21 PM in response to peartster

I think you should uninstall WebRoot, those are OS files...


/System/Library/LaunchAgents/com.apple.MRTa.plist

https://discussions.apple.com/thread/250165074


The message ‘Suspicious Activity detected’ is a notification that Webroot SecureAnywhere provides when a change is made to the system that may resemble behavior of a malicious process. Generally speaking, these notifications are not malicious as there are a number of automated tasks that can occur within OS-X that could trigger it. Common tasks that could prompt this message are updates to software, or Folder Actions. It’s common that these kinds of tasks change or modify ‘plist’ files that affect the overall preferences for the system.


You may see in the alert mention of a plist (property list) file, which stores all the settings for an application, or LaunchDaemons, which are a scheduled task to run a single or selection of services. If you ever receive these prompts, you can safely click OK. If the alert repeats multiple times you may click Ignore. We are actively working to improve our SecureAnywhere agent for Mac and new design implementations are coming soon for these prompts and alerts.


Please note, the alert will only show up once to notify you that a trusted application or system process has done something a bit different today. If it was genuinely suspicious or malicious activity, it would be blocked by the client.

https://community.webroot.com/webroot-secureanywhere-antivirus-12/i-keep-getting-this-notice-from-web-root-suspicious-activity-detected-185664

Virus on my Mac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.