Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macmesser

macrumors 6502a
Original poster
Aug 13, 2012
921
198
Long Island, NY USA
Prosoft DriveGenius 5.1, running under OS 10.13.2, detected two malware-infected files which I don't know what to do with. There is an option when running the malware scan to "move infected files to trash," but I elected to delete them manually (if at all) since I do not know what they do and what the consequences of deletion would be. They do not seem to be vital but guesswork can lead to major inconvenience. I have a case with Prosoft support but thought some good insights would be available here as well. The drive had been triggering warnings from several diagnostic programs but seemed AOK to Disk Utility and after running all the DriveGenius drive tests, the presence of these two files was the only anomaly found. The files are:

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedWhiteFill.ca

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedBackground.ca

In Drive Genius 5.1, the "Item" was given in DriveGenius as "main.caml" but I do not know what this refers to.

Also in Drive Genius, "infections" listed the same one for each of the files, which is: Multios.Exploit.CVE_2013_6935-6391267-2
 

stradify

macrumors 6502
Jul 4, 2015
292
148
USA
CVE_2013_6935-6391267-2 looks to be in reference to a flaw in the application Watermark Master a program that applies watermarks to video. Do you have a copy of this on your computer? If so then that's the problem. My guess is your malware app is giving you a false positive as I have the same files on my mac and both Malwarbytes and Avira are not detecting those files as malware.
 
  • Like
Reactions: macmesser

chrfr

macrumors G5
Jul 11, 2009
13,702
7,264
Prosoft DriveGenius 5.1, running under OS 10.13.2, detected two malware-infected files which I don't know what to do with. There is an option when running the malware scan to "move infected files to trash," but I elected to delete them manually (if at all) since I do not know what they do and what the consequences of deletion would be. They do not seem to be vital but guesswork can lead to major inconvenience. I have a case with Prosoft support but thought some good insights would be available here as well. The drive had been triggering warnings from several diagnostic programs but seemed AOK to Disk Utility and after running all the DriveGenius drive tests, the presence of these two files was the only anomaly found. The files are:

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedWhiteFill.ca

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedBackground.ca

In Drive Genius 5.1, the "Item" was given in DriveGenius as "main.caml" but I do not know what this refers to.

Also in Drive Genius, "infections" listed the same one for each of the files, which is: Multios.Exploit.CVE_2013_6935-6391267-2
I don't have either of those files on my Mac Mini running 10.13.2.
 
  • Like
Reactions: macmesser

macmesser

macrumors 6502a
Original poster
Aug 13, 2012
921
198
Long Island, NY USA
CVE_2013_6935-6391267-2 looks to be in reference to a flaw in the application Watermark Master a program that applies watermarks to video. Do you have a copy of this on your computer? If so then that's the problem. My guess is your malware app is giving you a false positive as I have the same files on my mac and both Malwarbytes and Avira are not detecting those files as malware.

Bingo and thanks for reply! I don't have Watermark Master on my computer and don't remember ever having installed a demo, so this is very odd. I suppose it will be OK to delete them, which I will get around to doing. I will report to Prosoft support as maybe the files are indeed infected or dummies and maybe arrived via some nefarious vector. Even if (and hopefully) not, they would want to correct the false positive.
[doublepost=1515777588][/doublepost]
Download malwarebytes They're one of the best and they'll highlight anything suspicious
Thanks fr reply. I'll give it a try.
[doublepost=1515777662][/doublepost]
One more vote for MalwareBytes...
Thanks for reply. Will do.
[doublepost=1515777707][/doublepost]
I don't have either of those files on my Mac Mini running 10.13.2.
Thanks for info.
 

plm2

macrumors newbie
Dec 27, 2017
4
5
Those file names/locations are a normal part of OS X / macOS. Deleting them may cause problems with speech/dictation.
 
  • Like
Reactions: macmesser
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.