VirusBarrier found infected files

[Rod]

If it doesn't reoccur after your clean install it most likely was Prey, assuming everything else remains the same.
As I understand it Prey is a device tracking service which regularly pings your devices to locate them. I use the native Find My for that purpose, but it could explain the regularity of the VirusBarrier alert.

It sounds like you are using Intego VirusBarrier X9 which, as opposed to the free version, Intego VirusBarrier Scanner, runs continuously in the background. I don't favour those sort of anti malware apps because of the cost, CPU resources they use up and, in my opinion, unnecessary constant scanning they do. I run the free version roughly once a month and it's almost never found anything but that's just me.

 

[PhDMac]

In the meanwhile you can be 100% sure; reached out to Prey again and here is the confirmation:

Thanks for sharing that. We understand your concerns. 'Imagesnap' is a binary used in Prey for capturing photos in certain macOS versions. It's authored by Robert Harder, and you can find its repository here. This binary is signed and completely secure. Sometimes, security software like antivirus programs and firewalls may mistakenly flag certain files used by Prey.

In this case, the solution would be to whitelist the path that your antivirus software is flagging and add it to the exceptions list. Additionally, we recommend following the steps outlined in this article for general whitelisting of Prey to ensure smooth functionality.

Imagesnap is the file holding RobSnap.A

 

[Randy B. Singer]

...Sometimes, security software like antivirus programs and firewalls may mistakenly flag certain files used by Prey.

I've been using the commercial version of VirusBarrier on all of my office's computers for a couple of decades now. (My profession more or less requires the use of anti-virus software as a "best practice." I think that it is entirely unnecessary on a Mac. And, indeed, after running VirusBarrier for over 20 years on an office full of Macs, it has never "saved me" from anything that I really needed saving from.)

I can confirm that VirusBarrier will flag any product that is a keylogger, or other sort of program that keeps tabs on what you are doing, even if the program in question is entirely legitimate and installed by the user themselves on purpose.

The thing is, sometimes people buy anti-virus software because they are concerned that someone has surreptitiously put surveillance software on their computer. The Intego folks oblige and their product lets you know when any software of that sort is present. Even if it is entirely legitimate commercial software. When VirusBarrier flags such software, it's up to you to figure out if the software is there for legitimate purposes or not.

The fact that something of the sort was flagged by VirusBarrier doesn't mean that you were "infected" with anything necessarily, or that VirusBarrier is buggy, etc. VirusBarrier is working exactly as it is supposed to.

 

[PhDMac]

I totally agree with and relate to what you're saying, I have been working professionally 30+ years with Mac and during this time I only found 1 trojan horse for the Mac, many, maaaaaaaaany years ago ('92 or so) - it then even didn't work no more.

Started out with system 7 on a Quadra 700, and before that I had an Atari STF with Spectre GCR mac-emulator hardware running system 6, geeeezzz, getting old.

In these days I worked as network and operations manager at a graphics service company (only Macs) and we dealt with thousands of files supplied by our customers so we were careful.
We did find loads of infected files from Windows PC's though, with only Windows-compatible viruses. So as an extra service we warned our Windows-clients when they were infected.

But even though the chance of running into a Mac virus is slim, I believe it is not zero, so I do use several of these anti-virus/malware apps regularly with the motto: better be safe than sorry.
And you never know; I have been surprised many times with things I didn't thought were possible on or with a Mac.

And besides that it is also educational and fun at times when something is found and you need to investigate it to be sure.

Regarding this imagesnap - RobSnap.A issue, I (also) consider it as a false positive.

 

[Randy B. Singer]

But even though the chance of running into a Mac virus is slim, I believe it is not zero, so I do use several of these anti-virus/malware apps regularly with the motto: better be safe than sorry.

I'd agree, except for three things.

First, if you use AV software, especially the wrong AV software, you are slowing your Mac down, with the possibility of slowing it to a crawl. (This often happens with Sophos, but it can happen with any fully interactive AV software.) I hear from folks all the time whose Macs have suddenly started running like molasses. 80 to 90% of the time its due to third party fully interactive AV software.

Second, there are a number of AV products that either spy on you, or do other malware type things. Avast! has been particularly known for doing this. Kaspersky has an iffy reputation. I also, personally, don't trust Malwarebytes.

Third, if you have a recent version of the MacOS (macOS 12.3 or later), fully interactive anti-malware protection is built-in. There is no need whatsoever for third party AV software:
https://eclecticlight.co/2022/08/07/last-week-on-my-mac-is-your-mac-still-secure-from-malware/
A “Rapid Security Response” feature was added for macOS 13 (Ventura) and later:
https://tidbits.com/2023/05/02/what-are-rapid-security-responses-and-why-are-they-important/
to make the Mac’s anti-malware software even more responsive.
Of course there was fairly effective AV software built into the Mac OS even prior to Monterey, and Mac users weren't compaining of infections prior to Monterey. But Apple has recently really beefed things up.

So I don't see it as a "better safe than sorry" situation. I see it as third party AV software potentially being way more trouble than it's worth, especially since it really isn't necessary at all. See:

Do Macs Need Anti-Virus Software?
https://macmost.com/the-practical-guide-to-mac-security-part-9-do-you-need-anti-virus-software.html

 

[IWT]

+1 to all of what Randy said

Ian

 

[PhDMac]

I'd agree, except for three things.

First, if you use AV software, especially the wrong AV software, you are slowing your Mac down, with the possibility of slowing it to a crawl. (This often happens with Sophos, but it can happen with any fully interactive AV software.) I hear from folks all the time whose Macs have suddenly started running like molasses. 80 to 90% of the time its due to third party fully interactive AV software.

Second, there are a number of AV products that either spy on you, or do other malware type things. Avast! has been particularly known for doing this. Kaspersky has an iffy reputation. I also, personally, don't trust Malwarebytes.

Third, if you have a recent version of the MacOS (macOS 12.3 or later), fully interactive anti-malware protection is built-in. There is no need whatsoever for third party AV software:
Last Week on My Mac: Is your Mac still secure from malware?
A “Rapid Security Response” feature was added for macOS 13 (Ventura) and later:
What Are Rapid Security Responses and Why Are They Important? - TidBITS
to make the Mac’s anti-malware software even more responsive.
Of course there was fairly effective AV software built into the Mac OS even prior to Monterey, and Mac users weren't compaining of infections prior to Monterey. But Apple has recently really beefed things up.

So I don't see it as a "better safe than sorry" situation. I see it as third party AV software potentially being way more trouble than it's worth, especially since it really isn't necessary at all. See:

Do Macs Need Anti-Virus Software?
The Practical Guide To Mac Security: Part 9, Do You Need Anti-Virus Software?

Points taken Randy!
Thanks for the links; interesting, will take a look!

I am aware of the Avast!, Kaspersky, Sophos and Malwarebytes alike issues, have experienced some of that too.

Personally I use Intego and Bitdefender, have had good experiences with both over the years (we still run some older Macs with 10.13.6) -> but I stay cautious and realize what (lots of these) AV software can do and cause.

One more question though: I also use DetectX Swift and it finds several things (Wondershare and iSkysoft related files), how trustworthy is that report?

Pieter

 

[IWT]

I also use DetectX Swift and it finds several things (Wondershare and iSkysoft related files), how trustworthy is that report?

Many of us here use that app

Ian

 

[Randy B. Singer]

One more question though: I also use DetectX Swift and it finds several things (Wondershare and iSkysoft related files), how trustworthy is that report?

I've communicated with the developer of DetectX Swift several times. He is a great guy. He is providing you with a free anti-adware product out of the goodness of his heart, despite the fact that it is a drain on his professional time to keep it updated.

Both Wondershare and iSkysoft are companies with iffy reputations:

https://web.archive.org/web/20160324110957/https://kbpdfstudio.qoppa.com/?p=2680

http://www.macworld.com/article/1153685/web-apps/speaking-spammers.html

 

[PhDMac]

Thanks for all your insights @Randy B. Singer !