Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: cbg2115
cbg2115 Author
User level: Level 1
32 points

Why do Trend Micro Housecall and Malwarebytes finish scanning so quickly?

Hi everyone,


I suspect that my Macbook Pro has been compromised and infected. I ran Trend Micro Housecall and Malwarebytes, and both scans indicated that my computer wasn't infected with the malicious code they're designed to look for. However, they both also finished scanning incredibly quickly - so quickly that it made me wonder


The Housecall scan finished in about 35 seconds, and the Malwarebytes scan finished in under 10. Is it normal for these scans to finish so quickly? I'm using about 206 of 500 GB


Thanks for your help

MacBook Pro (Retina, 15-inch, Late 2013), OS X Yosemite (10.10.4), null

Posted on Dec 30, 2015 12:55 AM

Reply
9 replies
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,995 points

Dec 30, 2015 3:55 AM in response to cbg2115

Malwarebytes Anti-Malware for Mac is not designed to look at every file on your hard drive and compare it to every rule in the signature database, like traditional anti-virus scanners. It is looking for specific patterns in specific places to find and remove any installed malware, adware or PUPs (Potentially Unwanted Programs). Because of this, scans are quick and efficient, but that doesn't mean they're ineffective.


I can't speak for the TrendMicro product.


Thomas Reed

Director of Mac Offerings, Malwarebytes

Reply
User profile for user: cbg2115
cbg2115 Author
User level: Level 1
32 points

Jan 8, 2016 8:55 AM in response to JimmyCMPIT

I apologize for the late response to this thread.


I have reason to believe that someone may intentionally be trying to monitor me. They may've had direct access to my computer and/or router


I have been seeing suspicious code in the console. Code such as:


1/8/16 5:47:08.000 AM kernel[0]: hfs: mounted G-DRIVE mobile USB on device disk2s2

1/8/16 5:47:17.122 AM com.apple.xpc.launchd[1]: (com.apple.quicklook[26161]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook

1/8/16 5:47:17.000 AM kernel[0]: Sandbox: mdworker(26159) deny mach-lookup com.apple.distributed_notifications@1v3

1/8/16 5:47:17.492 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.

1/8/16 5:47:17.000 AM kernel[0]: Sandbox: QuickLookSatelli(26162) deny file-issue-extension /Users/[removed]/Library/Caches/com.apple.quicklook.satellite

1/8/16 5:47:17.000 AM kernel[0]: Sandbox: QuickLookSatelli(26162) deny mach-lookup com.apple.nsurlstorage-cache

1/8/16 5:47:17.604 AM QuickLookSatellite[26162]: Failed to obtain sandbox extension for path=/Users/[removed]/Library/Caches/com.apple.quicklook.satellite. Errno:1

1/8/16 5:47:17.000 AM kernel[0]: Sandbox: QuickLookSatelli(26162) deny file-issue-extension /Users/[removed]/Library/Caches/com.apple.quicklook.satellite

1/8/16 5:47:17.000 AM kernel[0]: Sandbox: QuickLookSatelli(26162) deny mach-lookup com.apple.nsurlstorage-cache

1/8/16 5:47:17.605 AM QuickLookSatellite[26162]: Failed to obtain sandbox extension for path=/Users/[removed]/Library/Caches/com.apple.quicklook.satellite. Errno:1

1/8/16 5:47:17.618 AM QuickLookSatellite[26162]: CGSConnectionByID: 0 is not a valid connection ID.

1/8/16 5:47:17.618 AM QuickLookSatellite[26162]: Invalid Connection ID 0

1/8/16 5:47:32.678 AM mdworker[26164]: code validation failed in the process of getting signing information: Error Domain=NSOSStatusErrorDomain Code=-67062 "The operation couldn’t be completed. (OSStatus error -67062.)" UserInfo=0x7fcb7861eae0 {SecCSArchitecture=i386}

1/8/16 5:47:32.799 AM mdworker[26163]: code validation failed in the process of getting signing information: Error Domain=NSOSStatusErrorDomain Code=-67062 "The operation couldn’t be completed. (OSStatus error -67062.)" UserInfo=0x7f9f59f5ced0 {SecCSArchitecture=i386}

1/8/16 5:48:33.930 AM com.avast.fileshield[392]: Detected unmount of /Volumes/G-DRIVE mobile USB

1/8/16 5:48:33.000 AM kernel[0]: com.avast.fileshield: Unmount of /Volumes/G-DRIVE mobile USB detected: Cleaning cached entries.

1/8/16 5:48:33.931 AM fseventsd[48]: implementation_removed_client: did not find client 0x7f90faf1b580 for path = '/.docid'



__________


1/7/16 7:58:21.744 AM configd[54]: network changed: v4(en0!:192.168.0.2) DNS+ Proxy+ SMB

1/7/16 7:58:21.744 AM mDNSResponder[95]: mDNS_RegisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:BAE8:56FF:FE45:F852)

1/7/16 7:58:21.748 AM UserEventAgent[44]: Captive: en0: Not probing 'Skyheight' (cache indicates not captive)

1/7/16 7:58:21.748 AM UserEventAgent[44]: Captive: CNPluginHandler en0: Authenticated

1/7/16 7:58:21.000 AM kernel[0]: en0: BSSID changed to 00:ac:e0:86:9d:b5

1/7/16 7:58:21.000 AM kernel[0]: en0: channel changed to 40,-1

1/7/16 7:58:21.000 AM kernel[0]: ARPT: 527347.966715: AirPort_Brcm43xx::powerChange: System Wake - Full Wake/ Dark Wake / Maintenance wake

1/7/16 7:58:21.000 AM kernel[0]: AppleCamIn::systemWakeCall - messageType = 0xE0000340

1/7/16 7:58:21.000 AM kernel[0]: AppleCamIn::wakeEventHandlerThread

1/7/16 7:58:22.393 AM netbarrierd[80]: Switched to Network (Router IP(192.168.0.1) MAC(00:ac:e0:86:9d:b7) Name(Skyheight)

1/7/16 7:58:22.393 AM netbarrierd[80]: Unknown network detected.

1/7/16 7:58:22.991 AM ntpd[158]: wake time set +0.514523 s

1/7/16 7:58:23.000 AM icbaccountsd[23253]: main: Critical error -- hung / stalled. Exiting.

1/7/16 7:58:23.004 AM com.apple.xpc.launchd[1]: (com.apple.icbaccountsd[23253]) Service exited with abnormal code: 71

1/7/16 7:58:23.517 AM identityservicesd[273]: ApplePushService: <APSConnection: 0x7fee917198c0> Received message from apsd: <APSIncomingMessage: 0x7fee914276d0> but it didn't match the enabled topics: (

) or opportunistic topics: (

)

1/7/16 7:58:24.857 AM networkd[150]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

1/7/16 7:58:24.859 AM configd[54]: network changed: v4(en0:192.168.0.2) v6(en0+:2604:2000:f144:ee00:d6a:4096:8a2c:2ccb) DNS* Proxy SMB

1/7/16 7:58:24.866 AM netbarrierd[80]: Switched to Network (Router IP(fe80::2ac:e0ff:fe86:9db7) MAC(00:ac:e0:86:9d:b7) Name(Skyheight)

1/7/16 7:58:24.866 AM netbarrierd[80]: Unknown network detected.

1/7/16 7:58:25.603 AM com.apple.SecurityServer[85]: Killing auth hosts

1/7/16 7:58:25.603 AM com.apple.SecurityServer[85]: Session 100386 destroyed

1/7/16 7:58:25.609 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.

1/7/16 7:58:25.617 AM com.apple.SecurityServer[85]: Session 100392 created

1/7/16 7:58:26.170 AM com.avast.proxy[370]: Error connecting to ::1: Connection refused

1/7/16 7:58:26.227 AM com.avast.proxy[370]: Error connecting to ::1: Connection refused

1/7/16 7:58:26.255 AM com.avast.proxy[370]: Error connecting to ::1: Connection refused

1/7/16 7:58:26.296 AM logind[100]: -[SessionManager getClient:withRole:inAuditSession:]:241: ERROR: No session dictionary for audit session 100392

1/7/16 7:58:26.296 AM logind[100]: _SMGetSessionAgent:73: ERROR: __SMGetClientForAuditSessionAgent failed 2

1/7/16 7:58:26.297 AM IMRemoteURLConnectionAgent[23257]: SACShieldWindowShowing:925: ERROR: NULL response

1/7/16 7:58:26.000 AM kernel[0]: AppleCamIn::handleWakeEvent_gated

1/7/16 7:58:26.940 AM networkd[150]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

1/7/16 7:58:26.941 AM configd[54]: network changed: v4(en0:192.168.0.2) v6(en0!:2604:2000:f144:ee00:bae8:56ff:fe45:f852) DNS Proxy SMB

1/7/16 7:58:26.949 AM netbarrierd[80]: Switched to Network (Router IP(fe80::2ac:e0ff:fe86:9db7) MAC(00:ac:e0:86:9d:b7) Name(Skyheight)

1/7/16 7:58:26.949 AM netbarrierd[80]: Unknown network detected.

1/7/16 7:58:27.000 AM kernel[0]: AppleCamIn::handleWakeEvent_gated

1/7/16 7:58:27.426 AM com.avast.proxy[370]: SSL_accept(): EOF

1/7/16 7:58:28.042 AM com.avast.proxy[370]: SSL_accept(): EOF

1/7/16 7:58:28.524 AM com.avast.proxy[370]: Error connecting to ::1: Connection refused

1/7/16 7:58:28.525 AM com.avast.proxy[370]: Error connecting to ::1: Connection refused

1/7/16 7:58:28.525 AM com.avast.proxy[370]: Error connecting to ::1: Connection refused

1/7/16 7:58:34.853 AM com.avast.proxy[370]: Protocol switch to: WebSocket

1/7/16 7:58:35.867 AM com.avast.proxy[370]: SSL_accept(): EOF

1/7/16 7:58:41.769 AM NetUpdate[76]: Launch background checker (Post reboot: 0)

1/7/16 7:58:56.885 AM configd[54]: [0x7f9a2993a0e0] [m]DNS query timeout (query time = 29.942598), [46TE]

1/7/16 7:59:07.371 AM mDNSResponder[95]: mDNSPlatformClearSPSMACAddr: Unable to remove key

1/7/16 7:59:07.000 AM kernel[0]: ARPT: 527392.990154: wl0: TCPKEEP: locate_keepalive_data_new_uc: No IPV4 addrs, keepalive not started.


_____________



1/7/16 9:32:23.931 AM IMRemoteURLConnectionAgent[23303]: SACShieldWindowShowing:925: ERROR: NULL response

1/7/16 9:32:24.933 AM com.apple.SecurityServer[85]: Killing auth hosts

1/7/16 9:32:24.933 AM com.apple.SecurityServer[85]: Session 100392 destroyed

1/7/16 9:32:25.311 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.

1/7/16 9:32:25.542 AM apsd[79]: Illegal subject name missing 'courier.push.apple.com' (2.5.4.3): ({

label = "2.5.4.6";

"localized label" = "2.5.4.6";

type = string;

value = US;

}, {

label = "2.5.4.8";

"localized label" = "2.5.4.8";

type = string;

value = California;

}, {

label = "2.5.4.7";

"localized label" = "2.5.4.7";

type = string;

value = Cupertino;

}, {

label = "2.5.4.10";

"localized label" = "2.5.4.10";

type = string;

value = "Apple Inc.";

}, {

label = "2.5.4.3";

"localized label" = "2.5.4.3";

type = string;

value = "courier.sandbox.push.apple.com";

})

1/7/16 9:32:25.894 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.

1/7/16 9:32:26.676 AM identityservicesd[273]: ApplePushService: <APSConnection: 0x7fee917198c0> Received message from apsd: <APSIncomingMessage: 0x7fee92812c90> but it didn't match the enabled topics: (

) or opportunistic topics: (

)

1/7/16 9:32:29.191 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.

1/7/16 9:32:29.208 AM com.apple.SecurityServer[85]: Session 100395 created

1/7/16 9:32:29.370 AM logind[100]: -[SessionManager getClient:withRole:inAuditSession:]:241: ERROR: No session dictionary for audit session 100395

1/7/16 9:32:29.370 AM logind[100]: _SMGetSessionAgent:73: ERROR: __SMGetClientForAuditSessionAgent failed 2

1/7/16 9:32:29.370 AM IMRemoteURLConnectionAgent[23330]: SACShieldWindowShowing:925: ERROR: NULL response


---------------------------




1/8/16 12:55:27.671 AM UserEventAgent[44]: Captive: [CNInfoNetworkActive:1709] en0: SSID 'Skyheight' making interface primary (cache indicates network not captive)

1/8/16 12:55:27.671 AM UserEventAgent[44]: Captive: CNPluginHandler en0: Evaluating

1/8/16 12:55:27.673 AM networkd[150]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

1/8/16 12:55:27.679 AM configd[54]: network changed: v4(en0!:192.168.0.2) v6(en0!:2604:2000:f144:ee00:b910:d345:478c:fb77) DNS+ Proxy+ SMB

1/8/16 12:55:27.680 AM UserEventAgent[44]: Captive: en0: Not probing 'Skyheight' (cache indicates not captive)

1/8/16 12:55:27.682 AM UserEventAgent[44]: Captive: CNPluginHandler en0: Authenticated

1/8/16 12:55:27.685 AM netbarrierd[80]: Switched to Network (Router IP(fe80::2ac:e0ff:fe86:9db7) MAC(00:ac:e0:86:9d:b7) Name(Skyheight)

1/8/16 12:55:27.685 AM netbarrierd[80]: Unknown network detected.

1/8/16 12:55:27.000 AM kernel[0]: en0: BSSID changed to 00:ac:e0:86:9d:b5

1/8/16 12:55:27.000 AM kernel[0]: en0: channel changed to 40,-1

1/8/16 12:55:27.997 AM networkd[150]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

1/8/16 12:55:27.998 AM configd[54]: network changed: v4(en0:192.168.0.2) v6(en0!:2604:2000:f144:ee00:bae8:56ff:fe45:f852) DNS Proxy SMB

1/8/16 12:55:28.008 AM netbarrierd[80]: Switched to Network (Router IP(fe80::2ac:e0ff:fe86:9db7) MAC(00:ac:e0:86:9d:b7) Name(Skyheight)

1/8/16 12:55:28.008 AM netbarrierd[80]: Unknown network detected.

1/8/16 12:55:29.004 AM com.avast.proxy[370]: Defective HTTP request!

1/8/16 12:55:29.004 AM com.avast.proxy[370]: )[1]

chrome-47.0.2526.106 mcs.android.com 5047437829394933702" 5047437829394933702* 88849364948456578392android-460c19f69ef427c6B

new_vc 1`

1/8/16 12:55:30.203 AM com.avast.proxy[370]: SSL_accept(): EOF

1/8/16 12:55:30.221 AM com.avast.proxy[370]: SSL_accept(): EOF

1/8/16 12:55:30.223 AM com.avast.proxy[370]: SSL_accept(): EOF

1/8/16 12:55:30.250 AM com.avast.proxy[370]: SSL_accept(): EOF

1/8/16 12:55:30.377 AM apsd[79]: Illegal subject name missing 'courier.push.apple.com' (2.5.4.3): ({

label = "2.5.4.6";

"localized label" = "2.5.4.6";

type = string;

value = US;

}, {

label = "2.5.4.8";

"localized label" = "2.5.4.8";

type = string;

value = California;

}, {

label = "2.5.4.7";

"localized label" = "2.5.4.7";

type = string;

value = Cupertino;

}, {

label = "2.5.4.10";

"localized label" = "2.5.4.10";

type = string;

value = "Apple Inc.";

}, {

label = "2.5.4.3";

"localized label" = "2.5.4.3";

type = string;

value = "courier.sandbox.push.apple.com";

})

1/8/16 12:55:33.000 AM kernel[0]: Over-release of kernel-internal importance assertions for pid 263 (CalendarAgent), dropping 1 assertion(s) but task only has 0 remaining (0 external).

1/8/16 12:55:33.934 AM accountsd[19038]: AIDA Notification plugin running

1/8/16 12:55:33.935 AM accountsd[19038]: Enter ShareKitAccountEnabler - didChangeWithType - type=2 for account [deleted account name] (C429729D-ABAA-4BDF-BA9E-D6FBDE07C757).

1/8/16 12:55:34.051 AM accountsd[19038]: AIDA Notification plugin running




------------------------------


1/8/16 2:41:18.858 AM Office365Service[25727]: WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.5 instead of 10.10.5. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.

Call location:

1/8/16 2:41:18.858 AM Office365Service[25727]: 0 CarbonCore 0x9243a291 ___Gestalt_SystemVersion_block_invoke + 135

1/8/16 2:41:18.858 AM Office365Service[25727]: 1 libdispatch.dylib 0x962d1430 _dispatch_client_callout + 50

1/8/16 2:41:18.858 AM Office365Service[25727]: 2 libdispatch.dylib 0x962d13b7 dispatch_once_f + 251

1/8/16 2:41:18.858 AM Office365Service[25727]: 3 libdispatch.dylib 0x962d1477 dispatch_once + 31

1/8/16 2:41:18.858 AM Office365Service[25727]: 4 CarbonCore 0x923b369d _Gestalt_SystemVersion + 1050

1/8/16 2:41:18.858 AM Office365Service[25727]: 5 CarbonCore 0x923b27c0 Gestalt + 150

1/8/16 2:41:18.858 AM Office365Service[25727]: 6 Office365Service 0x00058997 Office365Service + 358807

1/8/16 2:43:34.372 AM com.apple.SecurityServer[85]: Killing auth hosts

1/8/16 2:43:34.373 AM com.apple.SecurityServer[85]: Session 100430 destroyed

1/8/16 2:43:34.375 AM IMTransferAgent[25728]: [Warning] Services all disappeared, removing all accounts

1/8/16 2:43:34.375 AM IMTransferAgent[25728]: [Warning] Services all disappeared, removing all enabled accounts

1/8/16 2:43:34.375 AM IMTransferAgent[25728]: [Warning] Services all disappeared, removing all dependent devices

1/8/16 2:43:35.415 AM imagent[293]: [Warning] IMDFileTransferCenter: could not set kMDItemWhereFroms on file /var/folders/lv/_2g0y2_92b7gsl517lzjh2lr0000gn/T/D9697CA6-7802-46E3-9842-EE707C 04FBFA/20160108_024232.jpg

1/8/16 2:43:35.416 AM imagent[293]: [Warning] IMDFileTransferCenter: could not set kMDItemWhereFroms on file /var/folders/lv/_2g0y2_92b7gsl517lzjh2lr0000gn/T/D9697CA6-7802-46E3-9842-EE707C 04FBFA/20160108_024232.jpg

1/8/16 2:43:35.417 AM imagent[293]: [Warning] IMDFileTransferCenter: could not set kMDItemDownloadedDate on file /var/folders/lv/_2g0y2_92b7gsl517lzjh2lr0000gn/T/D9697CA6-7802-46E3-9842-EE707C 04FBFA/20160108_024232.jpg

1/8/16 2:43:35.417 AM imagent[293]: [Warning] IMDFileTransferCenter: could not set kMDItemDownloadedDate on file /var/folders/lv/_2g0y2_92b7gsl517lzjh2lr0000gn/T/D9697CA6-7802-46E3-9842-EE707C 04FBFA/20160108_024232.jpg

1/8/16 2:43:52.668 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.

1/8/16 2:43:52.860 AM com.apple.iCloudHelper[25732]: objc[25732]: Class FALogging is implemented in both /System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/FamilyCircl e and /System/Library/PrivateFrameworks/FamilyNotification.framework/Versions/A/Famil yNotification. One of the two will be used. Which one is undefined.

1/8/16 2:43:52.869 AM com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.


Any insight as to what this code means would be greatly appreciated


Thank you


MacBook Pro (Retina, 15-inch, Late 2013), OS X Yosemite (10.10.4), null

Reply
User profile for user: cbg2115
cbg2115 Author
User level: Level 1
32 points

Jan 8, 2016 9:55 AM in response to Eric Root

Thank you for your reply. I have two questions:


1. Are you sure I should uninstall Avast? I was told that it was the best Anti-Virus for Mac, and that despite common thought, Macs are susceptible to infiltration and do need protection


2. Do you notice anything suspicious with the code? Or just Avast interfering with my computer's functioning


Thanks again

Reply

Why do Trend Micro Housecall and Malwarebytes finish scanning so quickly?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up