Avast Pro Antivirus 2018 is a popular and one of the cheaper options. It's in the top 3 bestselling antivirus programs and has dozens of popular alternatives in the same price range, such as Bitdefender Total Security 2016 or Kaspersky Total Security 2016. Avast Pro Antivirus 2018 was released last year in October. My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1).
Yesterday I ran a full system scan using my Avast antivirus software and it found a infection file. The file's location is :
Avast categorizes the infection file as :
So, after deleting the file I did several more full system scans to check to see if there were any more files. I found nothing, until I restarted my macbook pro today. The file reappeared in the same location. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. Therefore the virus is re-creating the file every restart of the laptop.
I want to avoid wiping the laptop and re-installing everything, so that is why I am here. I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. I've been monitoring my CPU usage, Memory, and Network and I haven't seen a single odd process running. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data. So if something is mining in the background, I can't tell at all. I have no clue what to do.
My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1). So I have no clue where this has came from to be honest and I have no clue how to get rid of it. Can someone please help me out.
I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.
JakeGould1 Answer
Pretty sure there is no virus, malware or trojan at play and his is all a highly coincidental false positive.
It’s most likely a false positive since /var/db/uuidtext/
is related to the new “Unified Logging” subsystem that was introduced in macOS Sierra (10.2). As this article explains:
The first file path (/var/db/diagnostics/
) contains the log files. These files are named with a timestamp filename following the pattern logdata.Persistent.YYYYMMDDTHHMMSS.tracev3
. These files are binary files that we’ll have to use a new utility on macOS to parse them. This directory contains some other files as well including additional log *.tracev3 files and others that contain logging metadata. The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.
At the end of the day, in the Avast Vs Kaspersky comparison, the best UI happens to be of Kaspersky. For instance, Kaspersky does not slow down your computer; nor did we face any issue with malware-detection features. Considering all these points, we would love to recommend Kaspersky over Avast to our readers. Avast or kaspersky for mac, pc, and iphone. Along with the reasonable pricing, Kaspersky has a bunch of extra features to offer.
But in your case the “magic” seems to come from the hash:
Just check out this reference for known Windows malware files that references that one specific hash. Congratulations! Your Mac has magically created a filename that matches a known vector that has been primarily seen on Windows systems… But you are on a Mac and this filename is just a hash that is connected to the “Unified Logging” database system’s file structure and it is completely coincidental that it matches that malware filename and should not mean anything.
And the reason that specific file seems to regenerate is based on this detail from the above explanation:
Avast Passwords is a free password manager for every device in your life, starting with your Mac. Avast Passwords won't lock you on one browser or device. Don’t waste time logging in. Strong passwords you’ll never forget – synced across all your devices. Download Avast password manager. Simplify your online life with our free password manager. Avast Passwords for Mac. All your passwords. Avast Passwords can remember any card number and instantly auto-fill it for you when you shop online. You may want to check out more Mac applications, such as avast!, Password Repository or Recover PDF Password, which might be similar to Avast Passwords. Avast Passwords 2.4.0 - Multi-platform password manager. Download the latest versions of the best Mac apps at safe and trusted MacUpdate Download, install, or update Avast Passwords for Mac. Download avast passwords for mac free. Avast password free download - Sticky Password, Avast Passwords, Avast Free Mac Security, and many more programs.
The second file path (/var/db/uuidtext/
) contains files that are references in the main *.tracev3 log files.
So you delete the file in /var/db/uuidtext/
, but all it is is a reference to what is in /var/db/diagnostics/
. So when you reboot, it sees it is missing and recreates it in /var/db/uuidtext/
.
As for what to do now? Well, you can either tolerate the Avast alerts or you can download a cache cleaning tool such as Onyx and just force the logs to be recreated by truly purging them from your system; not just that one BC8EE8D09234D99DD8B85A99E46C64
file. Hopefully the hash names of the files it regenerates after a full cleaning won’t accidentally match a known malware file again.
UPDATE 1: It seems like Avast staff acknowledges the issue in this post on their forums:
Avast Security is a free antivirus that stops malware & finds Wi-Fi security weaknesses. Free Download! In order to view this page correctly, you must have a JavaScript-enabled browser and have JavaScript turned on. https://luckyfuture.netlify.app/avast-security-for-mac-chrome.html. Jan 12, 2018 Bottom Line: Avast Security (for Mac) delivers effective malware protection along with unusual bonus features. Phishing protection only works well in Chrome. More people all over the world count on Avast 2018 for their safety and security than other firm. That means better safety and security for everyone. The factor is straightforward: We see and also respond to more information from more customers, so we can make your defense much better. Avast chrome free download - Google Chrome, Google Chrome (64-bit), Google Chrome Canary, and many more programs. Avast Free Mac Security. Jan 12, 2018 Avast Security Pro (for Mac) adds ransomware protection and Wi-Fi intruder detection to the features found in Avast's free antivirus, but these additions don't merit its high price.
I can confirm this is a false positive. The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections. Free mac antivirus.
Now what is really odd about this statement is the phrase, “…MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner.”
What? Is this implying that someone on the core macOS software development team at Apple somehow “accidentally” setup the system so it generates neutered fragments of a known malicious cryptocurrency miner? Has anyone contacted Apple directly about this? This all seems a bit crazy.
UPDATE 2: This issue is further explained by someone Radek Brich the Avast forums as simply Avast self-identifying itself:
Hello, I'll just add a bit more information.
The file is created by MacOS system, it's actually part of 'cpu usage' diagnostic report. The report is created because Avast uses the CPU heavily during the scan.
The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The content of the file is debugging information extracted from the library. Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.
(The 'rude' texts are probably just names of malware.)
Xp System Log
JakeGouldJakeGouldprotected by Community♦Nov 26 '17 at 20:07
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Not the answer you're looking for? Browse other questions tagged macosmacvirusanti-virusavast or ask your own question.
Avast Antivirus provides a range of scans to protect your PC from malware. You can also create your own scan and specify the parameters. Refer to the sections in this article for details about the following Virus Scans:
- Smart Scan: a comprehensive scan that detects malware, out-of-date software, browser add-ons with poor reputations, network threats, and performance issues.
- Full Virus Scan: a predefined, in-depth scan of your system that checks your storage drives and memory for malware (including rootkits).
- Targeted Scan: scans the folders you select when you initiate the scan.
- Boot-Time Scan: scans your PC during the next system startup before any malware is launched. Running a Boot-Time Scan during startup improves the chances of detecting and removing malware before it can attack your PC.
- Custom scans: scans your PC according to the parameters that you specified for your scan.
- Explorer Scan: scans specific files or folders directly from your desktop via File Explorer.
Run a scan
- Open the Avast user interface and go to Protection ▸ Virus Scans.
- Run your preferred scan:
- Smart Scan: Click the Run Smart Scan button.
- Full Virus Scan: Click the Full Virus Scan tile.
- Targeted Scan: Click the Targeted Scan tile, then select the file or folder you want to scan, and click OK.
- Boot-Time Scan: Click the Boot-Time Scan tile, then click Run On Next PC Reboot.
- Custom scans: Click the Custom scans tile, then click Scan Now on the panel for the scan you want to run.
Create a custom scan
To create a custom scan:
- Open the Avast user interface and go to Protection ▸ Virus Scans.
- Click the Custom scans tile.
- Click Create A New Scan.
- Define the scan parameters. The following parameters are available:
- Scan name: type a name for your scan into the text box.
Customize your scan
- Scan type: select either Full Virus Scan or Targeted Scan depending on what you want your scan to check on your PC.
- Frequency: define how often your scan runs.
Advanced settings
- Sensitivity (Medium by default): the higher the sensitivity, the higher the protection and potential for false positive malware detection. Lower sentivity reduces the potential for false positive detections, but may reduce the effectiveness of the scan.
- Scan for potentially unwanted programs (PUPs): enables Avast to scan for programs that are stealthily downloaded with other programs and typically perform unwanted activity.
- Follow links during scan: enables Avast to scan other files used by the files being scanned for potentially harmful content.
- Test whole files: enables Avast to scan entire files rather than only the parts typically affected by malicious code.
- Scan priority: use the drop-down menu to set your Scan priority (Medium priority by default).
Scan areas
- All Harddisks: enables Avast to scan all hard drives on your PC.
- System drive: the options in this section apply to data that is stored on physical devices such as hard drives and USB sticks.
- All Removable media: enables Avast to scan applications that launch automatically when you insert a USB or other removable device into your PC. Scanning removable media may take a long time due to speed limitations.
- Rootkits: enables Avast to scan for hidden threats in the system.
- CD-ROM & DVD drives: enables Avast to scan CD and DVD drives for malicious content.
- Modules loaded in memory: enables Avast to scan applications and processes that launch after system startup or run in the background.
Packers and Archives
- Scan most common used types: archive commonly used file types such as .zip, .rar, and other executable or installer archives.
- Scan all types of archives: the scan analyzes all archive files, which significantly increases the scan duration.
- Don't scan archives: disables Full Virus Scan from scanning archive files.
File Types
- Content based types (slow): scans files that are typically most vulnerable to malware attacks.
- Name extension based types (fast): scans files with only risky extensions, such as .exe, .com, .bat.
- Scan all files (very slow): scans all files on your PC for malware.
- Perform automatic actions during this scan: tick this option to enable it, then define the automatic action Avast will perform when an infected file is found.
- Shut down computer after scan finishes: enables Avast to shut down your PC after your scan completes.
- Generate report file: enables Avast to create and store a report file automatically after the scan completes.
- Exceptions: click View exceptions, click Add Exception, then locate a file, folder, or web page that will not be scanned by your new custom scan.
Parameters for new Custom scans will save automatically and can be reconfigured at any time. To run a new Custom scan, go to Protection ▸ Virus Scans ▸ Custom scans, then click Scan Now next to the scan you want to run.
Process scan results
After a scan completes, Avast displays all found issues. You can resolve the issues directly on the results screen, or configure each Virus Scan to resolve issues automatically upon detection.
Smart Scan
To learn more about resolving found issues after Smart Scan completes, refer to the following article:
Other Virus Scans
You can define how each scan automatically reacts to a found issue.
- Open the Avast user interface and go to
☰
Menu ▸ Settings. - Click Protection in the left panel, and ensure Virus Scans is selected.
- Click the scan you want to define automatic behavior for.
- Scroll down, tick the box next to Perform automatic actions during this scan, then select which action you want Avast to perform when an issue is found. The following actions are available:
- Fix automatically: Avast attempts to repair the file. If unsuccessful, the file is moved to the Virus Chest. If that fails, Avast deletes the file.
- Move file to Virus Chest: Avast sends the file directly to the Virus Chest where the file cannot harm your system.
- Delete file: Avast permanently removes the file from your PC.
If you want Avast to do nothing when an infected file is found, untick the box next to Perform automatic actions during this scan (not recommended). To manage unresolved scan detections at any time, go to Protection ▸ Virus Scans ▸ Scan history.
Special cases
For incomplete scans, an error message indicating the reason the scan was unable to complete is visible on the scanning screen. Although there are many different reasons a scan may be unable to complete, some of the most common reasons are:
- Archive is password protected: indicates that the file is password protected. Some programs use password protected archives to store their data even if you did not set the password. Depending on your scan settings, only the 'wrapper' file is scanned while the archive content is not.
- Archive is corrupted: indicates that the file may be corrupt because it was only partially downloaded or saved to your harddisk, or that it is a special type of archive.
- The process cannot access the file because of another process: indicates that another process or program was accessing the file during the scan.
- The file is a decompression bomb: indicates that the file was too large to be decompressed for malware analysis. Decompression of large files generates vast amounts of data which can cause your system to be unstable or cause it to crash.
Adjust scan settings
Although customizable settings are available for some Virus Scans, we recommend you only modify settings for Custom scans. To configure scan settings:
- Open the Avast user interface and go to Protection ▸ Virus Scans.
- Click Settings (the gear icon) in the top-right corner of the Virus Scans screen.
- Select the scan you want to adjust settings for.
- Configure your preferred settings.
For more information about Virus Scan settings, refer to the following article:
Create and use Rescue Disk
If you suspect your PC is infected with malware and all other Virus Scans (including the Boot-Time scan) were unable to resolve the issue, you can use Rescue Disk. Rescue Disk enables you to scan your PC when your system is not running. This method significantly increases your chances of detecting and removing malware because the malware is detected before it is able to counteract.
For more information about Rescue Disk, refer to the following article:
Review scan history
To review scan history:
- Open the Avast user interface and go to Protection ▸ Virus Scans.
- Click Scan history.
- Hover your cursor over a scan panel, then click the down arrow to see the scan details.
Click the red X in the top-left corner to return to the main Virus Scans screen.
- Avast Premium Security 19.x
- Avast Free Antivirus 19.x
- Avast Omni 1.x
- Avast Premier 19.x
- Avast Internet Security 19.x
- Avast Pro Antivirus 19.x
How Do I Check System Log In Avast Security For Mac Os
- Microsoft Windows 10 Home / Pro / Enterprise / Education - 32 / 64-bit
- Microsoft Windows 8.1 / Pro / Enterprise - 32 / 64-bit
- Microsoft Windows 8 / Pro / Enterprise - 32 / 64-bit
- Microsoft Windows 7 Home Basic / Home Premium / Professional / Enterprise / Ultimate - Service Pack 1, 32 / 64-bit