PDA

View Full Version : Malware ?



BoxerBoy
03-29-2016, 03:07 PM
I have early 2013 Macbook Pro on which I have always had Intego Security, which has never identified any problems. However recently because I saw it well recommended on a forum I installed Malwarebytes, I ran it and nothing was identified.

Today I ran a full Intego scan and it identified Malware called MRT, which I put into quarantine.

I have no idea what this is, but am wondering if indeed it is something to do with Malwarebytes.

Advice re. what to do would be appreciated, Thank you

pigoo3
03-29-2016, 03:17 PM
I have no idea what this is, but am wondering if indeed it is something to do with Malwarebytes.


Malwarebytes has nothing to do with MRT. What you experienced was purely coincidental.

In other words…A + B does not = C.:)

- Nick

BoxerBoy
03-29-2016, 04:08 PM
Malwarebytes has nothing to do with MRT. What you experienced was purely coincidental.

In other words…A + B does not = C.:)

- Nick

I have had my problem resolved by a member on another forum. However for anyone interested I post a link he gave me, which explains that MRT stands for Malware Removal Tool, and is Apple's approach to quickly checking and removing malware as part of security updates that prevent or otherwise check for it.

http://www.cnet.com/news/a-look-at-apples-flashback-removal-tool/

harryb2448
03-29-2016, 04:59 PM
Folks avoid CNET like the very plague as it is full of malware!

Use Malware Bytes for Mac. It is very important to keep operating systems up to date for the very reason BoxerBoy points out. And what were you expecting Intego to snare, as there are still no viruses for Mac OS X? Malware yes.

pigoo3
03-29-2016, 05:02 PM
Today I ran a full Intego scan and it identified Malware called MRT, which I put into quarantine.


First of all in your initial post…you said your AV app "identified Malware called MRT".

"MRT" is not malware.


I have had my problem resolved by a member on another forum. However for anyone interested I post a link he gave me, which explains that MRT stands for Malware Removal Tool, and is Apple's approach to quickly checking and removing malware as part of security updates that prevent or otherwise check for it.

In your 2nd post you said the above. You're talking about two different "MRT's"!

- MRT can also stand for "Microsoft Removal Tool":

http://www.file.net/process/mrt.exe.html

Also…the app mentioned in the article is for a specific issue called "Flashback". Your Intego app most likely identified "MRT" incorrectly (false positive).

From what you've written…you've called "MRT" both the problem (malware) and the solution (your link above). MRT can't be both the problem & the solution.

The link you provided above…is for a removal tool for a problem called "Flashback" (flashback was not identified by your Intego app). And what is installed to remove "Flashback" is called "MRT agent"…NOT "MRT".

The bottom line is…I seriously doubt you had any malware on your computer…since "MRT" identified by Intego IS NOT MALWARE!

Lastly for anyone reading this. This issue is from early 2012…and is not a current issue!:)

- Nick

Rod Sprague
03-30-2016, 01:06 AM
One of the problems that is almost as bad as not identifying malware is false positives which might lead you to quarantine something that is actually a built in protective program. I consider this to be a big danger posed by so called anti virus apps for the Mac. Malwarebytes updates it's definitions every time it's launched, keeps pace with the latest OS and it's free.
Oh, bugger I just read the last line Nick. Well I suppose nothings changed anyway if anything this issue is bigger today than it was back then. Have you read this article subject of another post; http://www.macworld.co.uk/feature/mac/10-best-antivirus-for-mac-2016-3637103/?no1x1&utm_source=Mainline&utm_medium=email&utm_term=image&utm_content=image&utm_campaign=Mainline2303

BoxerBoy
03-30-2016, 02:46 PM
I contacted Intego, who responded immediately, advising me it was indeed a false positive which had been sorted in the latest update. Thank you all for your input.

pigoo3
03-30-2016, 03:21 PM
I contacted Intego, who responded immediately, advising me it was indeed a false positive which had been sorted in the latest update.

Thanks a ton for the update. Great to know!:)

- Nick