You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: lathaa
lathaa Author
User level: Level 1
4 points

malware:.8AE4963D-4C91-4A9B-81DB-31E19FAC726C Unix Executable file

Hi There ,


can a file name be /folder name be like this


.8AE4963D-4C91-4A9B-81DB-31E19FAC726C .its type is unix Executable file , which is hidden.


Is it could be a Malware . My Chrome browser has an extension called Creative assist ,which is saying that my chrome is controlled by an organisation on system level.


Trying to delete Malware , but found the above.can I delete them?


By the way , this malware is controlling my chrome on system level , redirecting to other site and again changing search engine to yahoo.


I am unable to delete/disable the extension.


this is Chrome extension json script.



{


   "chromeMetadata": {


      "OS": "macOS Version 12.3.1 (Build 21E258)",


      "application": "Google Chrome",


      "revision": "d1daa9897e1bc1d507d6be8f2346e377e5505905-refs/branch-heads/4951@{#1208}",


      "version": "101.0.4951.64 (Official Build) (arm64)"


   },


   "chromePolicies": {


      "ExtensionInstallForcelist": {


         "level": "mandatory",


         "scope": "machine",


         "source": "platform",


         "value": [ "ddhelnpgjdffjelahaglmoonmpanjgjk;https://clients2.google.com/service/update2/crx" ]


      }


   },


   "extensionPolicies": {


      "ghbmnnjooekpmoecnnnilnnbdlolhkhi": {




      },


      "kbfnbcaeplbcioakkpcpgfkobkghlhen": {




      }


   },


   "status": {




   }


}




I found this in log files in chrome folder in libraries


2022/05/23-11:47:48.897 6603 Reusing MANIFEST /Users/<name>/Library/Application Support/Google/Chrome/Default/Extension Rules/MANIFEST-000001


2022/05/23-11:47:48.897 6603 Recovering log #3


2022/05/23-11:47:48.897 6603 Reusing old log /Users/<name>/Library/Application Support/Google/Chrome/Default/Extension Rules/000003.log 



  • Deleted all log files, chrome users,MANIFEST-000001



MacBook Air 13″, macOS 12.3

Posted on May 23, 2022 11:47 PM

Reply
Question marked as Top-ranking reply
User profile for user: TheLittles
TheLittles
User level: Level 10
195,539 points

Posted on May 23, 2022 11:58 PM

lathaa cinemas said:

"malware:.8AE4963D-4C91-4A9B-81DB-31E19FAC726C Unix Executable file: Hi There , can a file name be /folder name be like this .8AE4963D-4C91-4A9B-81DB-31E19FAC726C .its type is unix Executable file , which is hidden.[...]"

-------


Deciphering Something as Malware:


  • About the Coding:

Being hexadecimal, it is a bit suspicious.


  • Scan with Malwarebytes for Mac:

Malwarebytes searches for malware (short for (malicious software) and spyware. Those make your Mac act in a mislead manor. So scan with it, and remove what is found from the quarantine. It is created by longtime users of these forums making it the only reliable Security Software for a Mac. If synced with iPad connected, it may have got installed on your Mac.

Downloads:

  1. Malwarebytes Anti-Malware for Mac
  2. Malwarebytes Uninstaller
View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: TheLittles
TheLittles
User level: Level 10
195,539 points

May 23, 2022 11:58 PM in response to lathaa

lathaa cinemas said:

"malware:.8AE4963D-4C91-4A9B-81DB-31E19FAC726C Unix Executable file: Hi There , can a file name be /folder name be like this .8AE4963D-4C91-4A9B-81DB-31E19FAC726C .its type is unix Executable file , which is hidden.[...]"

-------


Deciphering Something as Malware:


  • About the Coding:

Being hexadecimal, it is a bit suspicious.


  • Scan with Malwarebytes for Mac:

Malwarebytes searches for malware (short for (malicious software) and spyware. Those make your Mac act in a mislead manor. So scan with it, and remove what is found from the quarantine. It is created by longtime users of these forums making it the only reliable Security Software for a Mac. If synced with iPad connected, it may have got installed on your Mac.

Downloads:

  1. Malwarebytes Anti-Malware for Mac
  2. Malwarebytes Uninstaller
Reply
User profile for user: MacCommando
MacCommando
User level: Level 1
8 points

May 26, 2022 3:42 AM in response to lathaa

Hello,

You definitely need to delete this file as it is part of an Adware application called AdLoad.

Here is a brief description:

The malicious file is hidden in a subfolder that has a UUID-hexadecimal pattern of 8-4-4-4-12 characters, and the executable file inside it has a name that has a different UUID-hexadecanimal pattern with the same 8-4-4-4-12 pattern.

If you cannot remove it manually, you can use free scanners of antimalware programs. Just remember that you do not need to buy anything.

Reply
User profile for user: VikingOSX
VikingOSX
Community+ 2024
User level: Level 10
116,639 points

May 25, 2022 4:02 AM in response to lathaa

It is possible to have a hidden folder, and in this case, whatever created it used the uuidgen program included with macOS to name the folder.


In Terminal:


man uuidgen


It might simply be a machine specific folder for hiding an application license key, or it could be anything else. The name alone does not mark it as malware. The recommendation to use Malwarebytes is sensible and if any malware is found, it will handle it for you. You can remove Malwarebytes from its Help menu, or keep it around.


I would also be suspicious of that Creative Assist Chrome browser extension, especially if you obtained it from anywhere other than the original developer site, as that is how ad/malware is introduced to the Mac.

Reply

malware:.8AE4963D-4C91-4A9B-81DB-31E19FAC726C Unix Executable file

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up