Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

strange malware detected in library

M

macmesser

macrumors 6502a
Original poster
Aug 13, 2012
921
198
Long Island, NY USA
Prosoft DriveGenius 5.1, running under OS 10.13.2, detected two malware-infected files which I don't know what to do with. There is an option when running the malware scan to "move infected files to trash," but I elected to delete them manually (if at all) since I do not know what they do and what the consequences of deletion would be. They do not seem to be vital but guesswork can lead to major inconvenience. I have a case with Prosoft support but thought some good insights would be available here as well. The drive had been triggering warnings from several diagnostic programs but seemed AOK to Disk Utility and after running all the DriveGenius drive tests, the presence of these two files was the only anomaly found. The files are:

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedWhiteFill.ca

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedBackground.ca

In Drive Genius 5.1, the "Item" was given in DriveGenius as "main.caml" but I do not know what this refers to.

Also in Drive Genius, "infections" listed the same one for each of the files, which is: Multios.Exploit.CVE_2013_6935-6391267-2
 
S

stradify

macrumors 6502
Jul 4, 2015
292
148
USA
CVE_2013_6935-6391267-2 looks to be in reference to a flaw in the application Watermark Master a program that applies watermarks to video. Do you have a copy of this on your computer? If so then that's the problem. My guess is your malware app is giving you a false positive as I have the same files on my mac and both Malwarbytes and Avira are not detecting those files as malware.
 
  • Like
Reactions: macmesser
chrfr

chrfr

macrumors G5
Jul 11, 2009
13,702
7,264
macmesser said:
Prosoft DriveGenius 5.1, running under OS 10.13.2, detected two malware-infected files which I don't know what to do with. There is an option when running the malware scan to "move infected files to trash," but I elected to delete them manually (if at all) since I do not know what they do and what the consequences of deletion would be. They do not seem to be vital but guesswork can lead to major inconvenience. I have a case with Prosoft support but thought some good insights would be available here as well. The drive had been triggering warnings from several diagnostic programs but seemed AOK to Disk Utility and after running all the DriveGenius drive tests, the presence of these two files was the only anomaly found. The files are:

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedWhiteFill.ca

/Volumes/Boot/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/Frameworks/DictationServices.framework/Versions/A/Resources/animatedBackground.ca

In Drive Genius 5.1, the "Item" was given in DriveGenius as "main.caml" but I do not know what this refers to.

Also in Drive Genius, "infections" listed the same one for each of the files, which is: Multios.Exploit.CVE_2013_6935-6391267-2
Click to expand...
I don't have either of those files on my Mac Mini running 10.13.2.
 
  • Like
Reactions: macmesser
M

macmesser

macrumors 6502a
Original poster
Aug 13, 2012
921
198
Long Island, NY USA
stradify said:
CVE_2013_6935-6391267-2 looks to be in reference to a flaw in the application Watermark Master a program that applies watermarks to video. Do you have a copy of this on your computer? If so then that's the problem. My guess is your malware app is giving you a false positive as I have the same files on my mac and both Malwarbytes and Avira are not detecting those files as malware.
Click to expand...

Bingo and thanks for reply! I don't have Watermark Master on my computer and don't remember ever having installed a demo, so this is very odd. I suppose it will be OK to delete them, which I will get around to doing. I will report to Prosoft support as maybe the files are indeed infected or dummies and maybe arrived via some nefarious vector. Even if (and hopefully) not, they would want to correct the false positive.
[doublepost=1515777588][/doublepost]
maflynn said:
Download malwarebytes They're one of the best and they'll highlight anything suspicious
Click to expand...
Thanks fr reply. I'll give it a try.
[doublepost=1515777662][/doublepost]
Fishrrman said:
One more vote for MalwareBytes...
Click to expand...
Thanks for reply. Will do.
[doublepost=1515777707][/doublepost]
chrfr said:
I don't have either of those files on my Mac Mini running 10.13.2.
Click to expand...
Thanks for info.
 
P

plm2

macrumors newbie
Dec 27, 2017
4
5
Those file names/locations are a normal part of OS X / macOS. Deleting them may cause problems with speech/dictation.
 
  • Like
Reactions: macmesser
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom