Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: pacificnwexpat
pacificnwexpat Author
User level: Level 1
8 points

malware in admin account

I don't log into my admin account very often. I logged in today and got constant popup windows indicating malware. The error messages say "file xyz will harm your computer" with respect to three different files.


I have run a malware scan from my user account using both Clean My Mac X and the free version of Malwarebytes, and both come up clean. Clean My Mac X has full disk access.


Why are these apps not seeing the malware, and how to I fix my admin account?

MacBook Air 13″, macOS 10.15

Posted on Jul 25, 2021 1:43 PM

Reply
Question marked as Best reply
User profile for user: steve626
steve626
User level: Level 6
10,001 points

Posted on Jul 25, 2021 8:51 PM

Provide more details about those files being flagged. In some instances, if certain printer drivers are out of date (especially HP printer drivers) that message about files harming your computer come up pointing to those printer drivers. The cure here is to download the most current versions and reinstall.


Malwarebytes is a reliable product, but numerous users in the Apple Discussions have reported system corruption that has been traced to Clean My Mac, which some here have even referred to as malware.


By the way, when the MacOS intercepts something with that "will harm your computer" message it is preventing those files from being utilized in an installation. So it has prevented the malware, which is the built in MacOS security tool doing its job. What have you been installing recently on your Mac?


I would delete those specified files, empty trash, then reboot and see if things come up normally. Before doing that, I would completely uninstall Clean My Mac (this may take some detailed steps), then reboot, and if your MacOS without Clean My Mac still complains about those files, then delete them, empty trash, and see if it boots normally.


Unfortunately, sometimes people get into so much trouble with Clean My Mac that a reinstall of the MacOS is needed, hopefully that won't be the case with your system.

View in context

Similar questions

5 replies
Question marked as Best reply
User profile for user: steve626
steve626
User level: Level 6
10,001 points

Jul 25, 2021 8:51 PM in response to pacificnwexpat

Provide more details about those files being flagged. In some instances, if certain printer drivers are out of date (especially HP printer drivers) that message about files harming your computer come up pointing to those printer drivers. The cure here is to download the most current versions and reinstall.


Malwarebytes is a reliable product, but numerous users in the Apple Discussions have reported system corruption that has been traced to Clean My Mac, which some here have even referred to as malware.


By the way, when the MacOS intercepts something with that "will harm your computer" message it is preventing those files from being utilized in an installation. So it has prevented the malware, which is the built in MacOS security tool doing its job. What have you been installing recently on your Mac?


I would delete those specified files, empty trash, then reboot and see if things come up normally. Before doing that, I would completely uninstall Clean My Mac (this may take some detailed steps), then reboot, and if your MacOS without Clean My Mac still complains about those files, then delete them, empty trash, and see if it boots normally.


Unfortunately, sometimes people get into so much trouble with Clean My Mac that a reinstall of the MacOS is needed, hopefully that won't be the case with your system.

Reply
User profile for user: pacificnwexpat
pacificnwexpat Author
User level: Level 1
8 points

Jul 25, 2021 10:47 PM in response to steve626

The files in question are called ReceiverHelper and ServiceRecords. There is a third file in the folder that isn't generating popup windows. The popup windows telling me the other two are harmful files just keep coming up over and over, and prevent me from deleting the files or doing anything else in that account.

I'm dismayed to hear that Clean My Mac X may be malware since I was advised to install it by an Apple tech support person about six months ago.

Earlier today a different support person advised that I upgrade to Big Sur and that doing so might fix my problem. It did not. I just completed the upgrade and logged into admin and the files are still there.

I will now attempt to uninstall Clean My Mac as you suggested.

Reply
User profile for user: PRP_53
PRP_53
User level: Level 10
84,787 points

Jul 26, 2021 2:13 AM in response to pacificnwexpat

And after " CleanMyMac " is removed - one might need to reboot into Recovery Mode ( Command + r ) and choose the Reinstall macOS.


The issues created by " CleanMyMac " will still exist even after the removal and will remain. This specific application is well documented on these ASC Forums to cause havoc, alter the OS my removing elements of the OS and or corrupting the OS so badly that a reinstallation might be required to put the OS right.


Do a Time Machine Backup before reinstalling

Reply
User profile for user: steve626
steve626
User level: Level 6
10,001 points

Jul 26, 2021 9:59 PM in response to pacificnwexpat

P.S. If the above suggestions do not work, you can boot into Recovery Mode and then make sure that your main disk is mounted in Disk Utility. Mount it if necessary. Then you can run Terminal (from Recovery Mode) and delete the offending folder and files using the rm command. But you need to be very careful, preferably have someone who is familiar with unix there to guide you, as deleting files and folders from Terminal when booted this way can be very dangerous -- if you make an error your Mac could become completely unusable.

Reply

malware in admin account

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up