VirusBarrier found infected files

docx · May 21, 2023

Hi
I ran a full scan with VirusBarrier and it found two infected files.
Both said. imagesnap OSX/RobSnap.A
I cant delete or repair as don't have permission to access it.
Does anyone know what this is and should I be worried.
Thanks

IWT · May 21, 2023

These links give information on what "imagesnap" is:

imagesnap

Homebrew’s package index

formulae.brew.sh

Install ImageSnap on macOS with MacPorts

ports.macports.org

ImageSnap: Capture images from iSight and other sources from the command line

Capture images from iSight and other sources from the command line.

iharder.sourceforge.net

Do any of these "ring a bell" with you in terms of your buying or downloading "imagesnap"?

I don't see any malware in relation to "imagesnap".

I can't find and data about "RobSnap.A" Is your name "Rob" by any chance?

Ian

docx · May 21, 2023

Thanks for replying.
No my name is not Rob
At this point I think that maybe I should do a clean install.

Alan_B · May 21, 2023

Might be worth running MalwareBytes first?

Cyber Security Software and Anti-Malware | Malwarebytes

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

www.malwarebytes.com

docx · May 21, 2023

Thanks. I'll give that a go

pm-r · May 21, 2023

Alan_B said:
Might be worth running MalwareBytes first?

+1.
I would also suggest running FIND ANY FILE.app, and giving it full permissions to access or delete it by pressing and holding your option key just before searching on the filename you are looking for:

Find Any File

apps.tempel.org

- Patrick
=======

Lifeisabeach · May 21, 2023

Alan_B said:
Might be worth running MalwareBytes first?

Cyber Security Software and Anti-Malware | Malwarebytes

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

www.malwarebytes.com

Eh, not really. MalwareBytes has fallen out of favor here for various reasons. Besides, VirusBarrier already found the files. If it can't delete them for permissions reasons, MB won't be able to either.

I've done some digging and there's very little information about this. As Ian pointed out, there's an app known as ImageSnap that this seems to be related to, and the developer's name happens to be Robert. Thus... RobSnap.

One other app in doing some googling is associated with this... Prey. It's an iOS app with a Mac companion used for finding and protecting iOS devices.

I'm not entirely convinced that this is a "legit" piece of malware, but misidentified as one, or flagged as a "possible" one due to what it does, by necessity. ImageSnap's function is to capture still images from a webcam, which could be used for nefarious reasons, but that's more a matter of misuse than maliciousness. What I would do is check to see if you have ImageSnap or Prey installed, then delete them. Empty the Trash, then re-scan with VirusBarrier. You may have to use Find Any File as Patrick suggested to root out more files... search for "Prey" and "ImageSnap" when you do.

pm-r · May 21, 2023

docx said:
Both said. imagesnap OSX/RobSnap.A
I cant delete or repair as don't have permission to access it.

What Mac and MacOS version are you running, and what drive path location is this nasty file actually located???

- Patrick
=======

Randy B. Singer · May 21, 2023

docx said:
Hi
I ran a full scan with VirusBarrier and it found two infected files.
Both said. imagesnap OSX/RobSnap.A
I cant delete or repair as don't have permission to access it.
Does anyone know what this is and should I be worried.

First, read this Intego article and see if it helps:

https://support.intego.com/hc/en-us/articles/4613521847186-Issue-VirusBarrier-Quarantined-a-File-and-It-Cannot-Be-Removed-or-Repaired

If that doesn't help, I recommend that you contact Intego's tech support and ask for guidance:

https://support.intego.com/hc/en-us/requests/new

All Macintosh malware is known. Looking at the archive for all Macintosh malware, I can tell you that an "Imagesnap" malware for the Macintosh doesn't exist. So I strongly doubt that you are "infected" with anything. More than likely it is something legitimate that VirusBarrier doesn't recognize. I recommend that you sit tight and wait to hear what Intego suggests.

Rod · May 21, 2023

docx said:
At this point I think that maybe I should do a clean install.

I think thats a bit extreme, it may be that the files are PUP's, that is, Potentially Unwanted Programs. Some virus (malware) scanners will list these in a search.
Try DetectX Swift, available free from the developer here; https://sqwarq.com/detectx/
You can quarantine or remove fires direct from the app, no system file access required.

mfpv · May 22, 2023

Is DetectX Swift still being supported? There was some doubt expressed here a few months ago so I stopped using it and switched to MWB.

Randy B. Singer · May 22, 2023

mfpv said:
Is DetectX Swift still being supported? There was some doubt expressed here a few months ago so I stopped using it and switched to MWB.

Yes. Their Web site was down for a short time, but then it came back.

DetectX Swift (free)
https://sqwarq.com/detectx/
or
https://sqwarq.wordpress.com/detectx/

ferrarr · May 22, 2023

mfpv said:
so I stopped using it and switched to MWB.

MWB is pretty useless now. Especially on macOS.

docx · May 22, 2023

Thank you

docx · May 22, 2023

I'm almost sure it was Pray.
I followed the instructions to uninstall but it didn't work. I've decided to clean install anyway as it well overdue.
Thank you all for the help. This forum is a great help.
Brad

PhDMac · Oct 17, 2023

I have the same issue, virusbarrier detects the file RobSnap.A almost every day at around the same time.
It is in /private/var/folders/9q/rfx19hx17_b76k3t05pfvy8r0000gn/T/com.blacey.SuperDuper/8AA616B8-A4FC-454E-BCF4-2C3C6B8BA2D5/snapshot/usr/local/lib/prey/versions/1.11.9/lib/agent/providers/webcam/mac/imagesnap

@docx -> You think the RobSnap.A file was from Prey Project?
And with what did you do a clean install? With Prey?

FWIW, I also contacted Prey some time ago but they don't answer :-(

docx · Oct 17, 2023

PhDMac said:
I have the same issue, virusbarrier detects the file RobSnap.A almost every day at around the same time.
It is in /private/var/folders/9q/rfx19hx17_b76k3t05pfvy8r0000gn/T/com.blacey.SuperDuper/8AA616B8-A4FC-454E-BCF4-2C3C6B8BA2D5/snapshot/usr/local/lib/prey/versions/1.11.9/lib/agent/providers/webcam/mac/imagesnap

@docx -> You think the RobSnap.A file was from Prey Project?
And with what did you do a clean install? With Prey?

FWIW, I also contacted Prey some time ago but they don't answer :-(

Hi.
I did a clean install of the OS. As I said it was well overdue anyway so it seemed like the right thing to do.

docx · Oct 17, 2023

I did a clean install of the OS.
As I said it was well overdue anyway so it seemed like the right thing to do.

PhDMac · Oct 18, 2023

docx said:
I did a clean install of the OS.
As I said it was well overdue anyway so it seemed like the right thing to do.

Thanks for your reply, but you didn't suspect it was caused by Prey (Prey Project)?

docx · Oct 18, 2023

I was 90 percent sure it way prey. I think its to allow use of the camera if your device is stolen.

VirusBarrier found infected files

docx

IWT

imagesnap

Install ImageSnap on macOS with MacPorts

ImageSnap: Capture images from iSight and other sources from the command line

docx

Alan_B

Cyber Security Software and Anti-Malware | Malwarebytes

docx

pm-r

Find Any File

Lifeisabeach

Cyber Security Software and Anti-Malware | Malwarebytes

pm-r

Randy B. Singer

Rod

mfpv

Randy B. Singer

ferrarr

docx

docx

PhDMac

Member

docx

docx

PhDMac

Member

docx

Shop Amazon