Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: hedzer112
hedzer112 Author
User level: Level 1
4 points

remove protected file

A malware scanner found a file setup .dmg file of the pirrit malware on my macbook.

It is within the /Volumes/Recovery/47C8B0CD-A146-4F0B-894C-672BE3386695/usr/standalone/firmware/arm64eBaseSystem.dmg


I have tried rm and sudo commands with the terminal window, but even that will not allow to change attributes on the file, or forcefully remove it.


Opening the terminal window in safe mode, won't show me the file.


Would really appreciate any help / suggestions to get rid of this file.


MacBook Pro 13″, macOS 12.2

Posted on May 16, 2022 10:40 AM

Reply
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
191,628 points

Posted on May 16, 2022 4:03 PM


I would uninstall Avast— it generate all kinds of false positives. Don't bother.



Third party AntiVirus is not recommended— it typically does nothing but add issues to the macOS and competes directly with Apples own built in security:


 macOS - Security - Apple  macOS - Security - Apple


Apple Platform Security - Apple Apple Platform Security - Apple Support


more—https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf



Effective defenses against malware and other threats… - Apple Community

Effective defenses against malware and ot… - Apple Community


View in context

Similar questions

5 replies
Sort By: 
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
191,628 points

May 16, 2022 4:03 PM in response to hedzer112


I would uninstall Avast— it generate all kinds of false positives. Don't bother.



Third party AntiVirus is not recommended— it typically does nothing but add issues to the macOS and competes directly with Apples own built in security:


 macOS - Security - Apple  macOS - Security - Apple


Apple Platform Security - Apple Apple Platform Security - Apple Support


more—https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf



Effective defenses against malware and other threats… - Apple Community

Effective defenses against malware and ot… - Apple Community


Reply
User profile for user: Encryptor5000
Encryptor5000
User level: Level 5
7,608 points

May 16, 2022 6:32 PM in response to hedzer112

Hi hedzer112,


The disk image (.dmg file) you described is the paired macOS Recovery image for your Mac. Unless this file was overwritten with a malicious file with the same name, you should not remove this file.


If you want to be completely sure that the file is safe, reinstall macOS without erasing your data. This will also simultaneously update your Mac:


  1. Back up your Mac.
  2. Make sure you have at least 25 GB of free space.
  3. Download the latest version of macOS (macOS Monterey) from the Mac App Store.
  4. When you try to download macOS, System Preferences should open. Confirm that you want to download the installer or update.
  5. When the installer is finished downloading, the Install macOS Monterey app should open automatically. Follow the onscreen instructions and connect your Mac to power.
Reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
191,628 points

May 16, 2022 12:51 PM in response to hedzer112

hedzer112 wrote:

A malware scanner found a file setup .dmg file of the pirrit malware on my macbook.
It is within the /Volumes/Recovery/47C8B0CD-A146-4F0B-894C-672BE3386695/usr/standalone/firmware/arm64eBaseSystem.dmg

I have tried rm and sudo commands with the terminal window, but even that will not allow to change attributes on the file, or forcefully remove it.

Opening the terminal window in safe mode, won't show me the file.

Would really appreciate any help / suggestions to get rid of this file.


What "malware scanner" are you referring to...



/Volumes/Recovery is your Recovery Volume built into the macOS....you can se this from the Terminal.app:

diskutil list internal


What exact Mac is this?


Are there any other associated issue(?)


Do run Linux on this mac?


Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
131,649 points

May 16, 2022 6:57 PM in response to hedzer112

Avast has had issues: https://www.vice.com/en/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation


While they have supposedly since remediated their practices, that they actually even went and did that made them indistinguishable from malware, in my estimation.


PS: Buried in a recovery disk image, the detection here is likely in error; a so-called false positive.

Reply

remove protected file

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up