strange malware detected in library

Discussion in 'macOS High Sierra (10.13)' started by macmesser, Jan 12, 2018.

  1. macmesser macrumors 6502a

    Joined:
    Aug 13, 2012
    Location:
    Long Island, NY USA
    #1
    Prosoft DriveGenius 5.1, running under OS 10.13.2, detected two malware-infected files which I don't know what to do with. There is an option when running the malware scan to "move infected files to trash," but I elected to delete them manually (if at all) since I do not know what they do and what the consequences of deletion would be. They do not seem to be vital but guesswork can lead to major inconvenience. I have a case with Prosoft support but thought some good insights would be available here as well. The drive had been triggering warnings from several diagnostic programs but seemed AOK to Disk Utility and after running all the DriveGenius drive tests, the presence of these two files was the only anomaly found. The files are:

    /Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedWhiteFill.ca

    /Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedBackground.ca

    In Drive Genius 5.1, the "Item" was given in DriveGenius as "main.caml" but I do not know what this refers to.

    Also in Drive Genius, "infections" listed the same one for each of the files, which is: Multios.Exploit.CVE_2013_6935-6391267-2
     
  2. stradify macrumors member

    Joined:
    Jul 4, 2015
    Location:
    USA
    #2
    CVE_2013_6935-6391267-2 looks to be in reference to a flaw in the application Watermark Master a program that applies watermarks to video. Do you have a copy of this on your computer? If so then that's the problem. My guess is your malware app is giving you a false positive as I have the same files on my mac and both Malwarbytes and Avira are not detecting those files as malware.
     
  3. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #3
    I don't have either of those files on my Mac Mini running 10.13.2.
     
  4. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #4
    Download malwarebytes They're one of the best and they'll highlight anything suspicious
     
  5. Fishrrman macrumors G5

    Fishrrman

    Joined:
    Feb 20, 2009
  6. macmesser thread starter macrumors 6502a

    Joined:
    Aug 13, 2012
    Location:
    Long Island, NY USA
    #6
    Bingo and thanks for reply! I don't have Watermark Master on my computer and don't remember ever having installed a demo, so this is very odd. I suppose it will be OK to delete them, which I will get around to doing. I will report to Prosoft support as maybe the files are indeed infected or dummies and maybe arrived via some nefarious vector. Even if (and hopefully) not, they would want to correct the false positive.
    --- Post Merged, Jan 12, 2018 ---
    Thanks fr reply. I'll give it a try.
    --- Post Merged, Jan 12, 2018 ---
    Thanks for reply. Will do.
    --- Post Merged, Jan 12, 2018 ---
    Thanks for info.
     
  7. plm2 macrumors newbie

    Joined:
    Dec 27, 2017
    #7
    Those file names/locations are a normal part of OS X / macOS. Deleting them may cause problems with speech/dictation.
     
  8. macmesser thread starter macrumors 6502a

    Joined:
    Aug 13, 2012
    Location:
    Long Island, NY USA

Share This Page