Potential malware. Please advise.
I ran a virus scan this morning and a threat was found and it had the title "privacyrisk.SPR.ANDR.Agent.DQ.Gen" and my f-secure powered antivirus has it listed as malware but under the action tab it just says "access reported" so I'm not entirely sure if it was removed or not. I went ahead and ran malwarebytes and it found no threats. I am on a mac and the file location is in "users/myname/library/application/support/mobilesync/backup............." so im not sure what I should do if anything or if I should be concerned. Please advise, any help is appreciated.
Comments
-
Hello,
so I'm not entirely sure if it was removed or not.
Maybe you could try to run scan by F-Secure one more time and check whether item is still detected or not. Also, if filename of (detected item) is known - then to search it manually.
on a mac and the file location is in "users/myname/library/application/support/mobilesync/backup............." so im not sure what I should do if anything or if I should be concerned
Sounds that item was / is under backup folder. That is synced with your mobile (phone). Thus, likely that detected file is from mobile device (and item is stored under Mac as a part of backup files).
So, what was the exact detected item? Maybe there any log / report about filename?
privacyrisk.SPR.ANDR.Agent.DQ.
Detection name looks like about "Android"-platform. So, if your mobile device is Android-based - then maybe it is .apk item or something else.
Another part of detection is "privacyrisk / spr / agent". Sounds as about spyware or potentially riskware. Can be application from third-party stores OR application with built-in advertisements.
Another part of detection is ".Gen". With meanings that there is a generic detection (with broad range of reasons). Since another solution did not find anything - maybe this is false positive detection.
Good if you will find more information and back with feedback!
There is a Knowledgebase article about "how do remove / delete malicious items manually":
Thanks!
-
Thank you for the reply. So yes my F-secure shows me where it is at in finder so I was thinking about just deleting the file to be safe but since its in a what looks like a mobile backup I was worried it would affect my mobile backup thats stored. I apologize I know enough to get by but not extremely tech savvy. Thanks again for your reply.
-
@Bababooey9 wrote:Thank you for the reply. So yes my F-secure shows me where it is at in finder so I was thinking about just deleting the file to be safe but since its in a what looks like a mobile backup I was worried it would affect my mobile backup thats stored. I apologize I know enough to get by but not extremely tech savvy. Thanks again for your reply.
I think that if you could to recognize the file. And if it is indeed from your mobile. And if file is not necessary for you (not important and is not somehow critical for you).
Then, at first, need to delete it from mobile device.
By the way, if file is not cleaned automatically on your Mac - maybe it is "archive or container". Where detected item is only one file under entire package. So, to remove it completely is not recommended. Other files (inside archive / packaged) can be deleted too.
Good to delete only detected "malicious" item and only if it is really malicious. So, for proper advice - need to know what detected file is.
You can also try to reach their official Support Channel (for example, chat) for proper assistance:
Sorry for my English!
Thanks!
// later added:
Actually, I am not friendly with Mac and iOS designs. So, based on brief search:
it is possible to delete only full backup. So, it is not a solution probably.
But if it is possible to manually open folder with actual files and choose (delete) only detected one - maybe - it is a suitable step.
Thanks!
-
Yes it is what looks like a txt file with a bunch of random letters and numbers for the file name which is housed in a folder titled "b2" along with many other files that appear similar. I can manually delete the file if need be but had not opened it to see what it was. I'll go back in and delete it. Thank you for your help today!
-
@Bababooey9 wrote:Yes it is what looks like a txt file with a bunch of random letters and numbers for the file name which is housed in a folder titled "b2" along with many other files that appear similar. I can manually delete the file if need be but had not opened it to see what it was. I'll go back in and delete it. Thank you for your help today!
As I understood (reading some information) - folder and files should be with encrypted(?) form and randomized names.
So, perhaps, it was not possible to get (understand) what is original file there. If you did not delete the item - I could recommend to try "copy" it and zipped (if it is possible). Zipped item can be safe for your system.
Then you can to use it for transfer to F-Secure Labs (for analysis):
Or to restore file later (if it was important item).
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!