Infected file: dyld_shared_cache_arm64e

First, there is no reason to ever install or run any 3rd party "cleaning", "optimizing", "speed-up", anti-virus, VPN or security apps on your Mac.  This documents describe what you need to know and do in order to protect your Mac: Effective defenses against malware and other threats - Apple Community and Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support.  

There are no known viruses, i.e. self propagating, for Macs.  There are, however, adware and malware which require the user to install although unwittingly most of the time thru sneaky links, etc.   

Anti Virus developers try to group all types as viruses into their ad campaigns of fear.  They do a poor job of the detecting and isolating the adware and malware.  Since there are no viruses these apps use up a lot of system resources searching for what is non-existent and adversely affect system and app performance.

There is one app, Malwarebytes, which was developed by a long time contributor to these forums and a highly respected member of the computer security community, that is designed solely to seek out adware and known malware and remove it.  The free version is more than adequate for most users.  

Also, unless you're using a true VPN tunnel, such as between you and your employer, school or bank's servers, they are useless from a privacy standpoint.  Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites. 

My recommendation to you is to uninstall any app that falls in the catagories above according to the developer's instructions.

Don't load your Mac up with apps that do not help you but can and often do impede the system and applictions performance.

es1899 wrote:

The file is located in two places: /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld, and also in /System/Volumes/Preboot/Cryptexes/Incoming/OS/System/Library/dyld

I searched for ELF_MIRAI and a similar virus, ELF_MIRAI.E was reported several years ago. Couldn't find anything on ELF:MiraiDownloader-O.

This may be a false positive. but one can never be too safe these days.

Oh no. It is most definitely, absolutely certainly, a false positive.

Just look at the words "Cryptexes" in the path. Those are files on Apple's cryptographically signed, read-only boot partition.

The idea that 3rd party antivirus apps are scanning these read-only Apple volumes is just hilarious. People in the "security" industry work overtime to tell a story about Apple incompetence and risk. It's non-stop, 24/7. And people really do fall for it. Things like this show the charade for what it is. The people who are supposed to protect you from these "zero-day" threats literally have no clue how the operating system works - no clue whatsoever.

Please stop trying to corrupt macOS.

Kindly contact the app third-party app vendor (Avast) for assistance with bugs and errors within the third-party app.

Or easier, remove the app.

This is not an issue with macOS.

This is a flaw in a add-on app; in Avast.

Which means you need to report the flaw to the third party vendor; to Avast.

Or simply remove the third-party add-on app.

Contact the app vendor for assistance with this app.

Contact a third-party vendor - Apple Support

As for “never too safe”, that can have some surprises with anti-malware, such as this one from 2020:

..l https://www.vice.com/en/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

The add-on security apps can themselves be ripe targets. Here (from 2013) are some of the add-on anti-malware packages for various platforms that were themselves found exploitable, and there have been more recent exploits:

… https://www.wilderssecurity.com/threads/tavis-ormandy-vs-antivirus-discussion.385510/

es1899 wrote:

What's the built-in anti-malware tooling you referred to? Wasn't aware of any built-in anti-malware tooling I can use on my mini.

Start here to learn more about the platform security:

https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

There's an associated Apple Platform Security website, but that PDF contains the contents of the website.

That PDF discusses XProtect, among other features. XProtect performs background scans, detection, and removal. XProtect and Notarization and the App Store and other details make loading and running problem apps harder.

es1899 wrote:

Hello,

I ran my antivirus program and it detected the file dyld_shared_cache_arm64e and identified it as an infected file with the threat name: ELF:MiraiDownloader-O. It's a protected file and can't be quarantined by the antivirus software, nor can I delete it even by unlocking the file through the Information window or turning off FileVault.

I erased all content and settings but the antivirus program detected it again. Just upgraded to the latest version of macOS Ventura and found that I can't completely erase the SSD as this seems to be the only solution to removing the infected file. It seems the latest OS doesn't allow you to erase the SSD.

Any help would be appreciated.

Very likely a false positive.

Remove the anti-malware app (possibly Avast?) and revert to the built-in anti-malware tooling.

It would appear the add-on anti-malware app is erroneously detecting malware.

macOS is preventing you from blowing away a system-critical and heavily-protected file, too.

Or contact the anti-malware app vendor and request their support.

The file is located in two places: /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld, and also in /System/Volumes/Preboot/Cryptexes/Incoming/OS/System/Library/dyld

Can you please check if you have the file dyld_shared_cache_arm64e

on your Mac?

Of course it is. It is part of the OS.

Hello guys!

I discovered this virus too but with a different path:

/System/Library/dyld/dyld_shared_cache_arm64e

I tried to remove this virus with my Antivirus Software called AVG Antivirus but with no success.

I also thinked about disabling the SIP only to change the permission rights of this file.

Do you also think it is false positive?

Any Help would be appreciated.

Thanks!

Hello guys!

Oy vey.

You "guys" are chasing ghosts. macOS has never — and will never — be affected by a "virus".

Over two decades of this pointlessless, incalculable numbers of irretrievable man-hours lost, gone forever, lost to the entropy of the universe. What a waste.

Enough already. Stop. Just stop.

There’s a guy called Howard Oakley who’s recently provided a useful insight on macOS’s inbuilt defenses against malware.

https://eclecticlight.co/2022/10/29/silently-updated-security-data-files-in-ventura/

CheviotView wrote:

There’s a guy called Howard Oakley who’s recently provided a useful insight on macOS’s inbuilt defenses against malware.

https://eclecticlight.co/2022/10/29/silently-updated-security-data-files-in-ventura/

Don't believe what you read on the internet.

Any consideration given to the idea that it is a false positive or that the Linux malware has no effect on your Mac?

Where is that file located?