Malware or glitch?

[GReader]

Hi there, first post so sorry if this isn't the right sub-forum. (Wasn't sure whether to put it here or under security awareness, but it says you can post support questions here.) I recently had an odd file pop up on my desktop. It had the same file name as that of a Numbers spreadsheet on my desktop. I thought it might be a temp file, but I saved the spreadsheet file and quit Numbers, and the odd file didn’t go away.

The file extension was a series of seemingly random letters and numbers (e.g., .a2b4g7u8). I tried opening it, and told me it couldn’t. I didn't think to rename the extension as .numbers to see if it would open, but I did try .pdf, and when I opened it after at the time, all it displayed was the text of the file name. No other text or data like in the original spreadsheet file. I deleted it and chalked it up to some processing bug. I scanned my system with Sophos and Malwarebytes, but nothing came up. (I noticed on another thread that this forum recommends Intego and Detect X Swift. I'm not familiar with them, but will look into them.)

The only odd thing that’s happened since is that I got a few emails from the Mormon church claiming I subscribed to their emails. (I didn't.) They’ve also sent me a few texts and calls, so they have both my email and my phone number somehow.

So, what’s going on? I’ve scanned my system several times since and it’s always come up clean. Is my system infected with a virus or malware, or otherwise been compromised, and Sophos and Malwarebytes can’t detect it? Or are these things unrelated, and the file was just a Numbers temp file or a glitch?

Thank you in advance for your help!

 

[IWT]

@GReader

A warm welcome to Mac-Forums. Thank you for your post.

Hard to know what the "rascal" file was or is.

But you've chosen two apps that we would not normally advocate. Sophos is practically useless on a Mac because it is really designed for Windows. Moreover, it can slow your Mac down a lot - and it is jolly hard to get rid of the app because it is embedded deeply within the system.

Unfortunately, Malwarebytes, previously well thought of, has changed ownership and is now a bloated system which is also difficult to remove completely.

We recommend Intego's VirusBarrier Scanner - free from the App Sore and DetectX Swift free from DetectX

I suggest you try to get rid of the other two (if you can) and get these two. then run them. They only need to be used on an occasional basis - not constantly in the background.

As I said above, it is really difficult to know the source and nature of that File - and why it appeared on your Desktop? Not in an email? Not adherent to something else you down loaded from the Internet? My guess would be the latter.

Ian

 

[GReader]

@GReader

A warm welcome to Mac-Forums. Thank you for your post.

Hard to know what the "rascal" file was or is.

But you've chosen two apps that we would not normally advocate. Sophos is practically useless on a Mac because it is really designed for Windows. Moreover, it can slow your Mac down a lot - and it is jolly hard to get rid of the app because it is embedded deeply within the system.

Unfortunately, Malwarebytes, previously well thought of, has changed ownership and is now a bloated system which is also difficult to remove completely.

We recommend Intego's VirusBarrier Scanner - free from the App Sore and DetectX Swift free from DetectX

I suggest you try to get rid of the other two (if you can) and get these two. then run them. They only need to be used on an occasional basis - not constantly in the background.

As I said above, it is really difficult to know the source and nature of that File - and why it appeared on your Desktop? Not in an email? Not adherent to something else you down loaded from the Internet? My guess would be the latter.

Ian

Hi there,

Thank you for your prompt reply! The file appeared on my desktop, yes. I take it from your reply that Numbers doesn't behave this way? Not sure why a malware file would be named after one of my own files.

If it is malware, it wouldn't have been from an email download or anything I tried to download online. Is it possible a popup could've, well, popped up while I was away from my computer, downloaded something, and then disappeared before I got back?

I'm happy to try alternative scanners, but I'm a bit apprehensive about trying ones I'm unfamiliar with. I've looked online, and have found contradictory reviews of Intego by familiar publications (some rank Intego highly, some rank the more common programs higher than it) and not much of anything about DetectX. Some of these publications rank Sophos and Malwarebytes highly. Can you tell me why there's such variation in the reviews?

Thanks!

 

[MacInWin]

Welcome to the forum. A bit of a long shot thought here, but is your Numbers default "save to" location your desktop? I'm wondering if Numbers saved an "interim" or scratch copy of the spreadsheet there and then something interrupted it so that when it did the final save, it didn't erase the interim. As I said, that's really a long shot, but I've seen things like that from other applications.

 

[IWT]

Can you tell me why there's such variation in the reviews?

I can answer that question easily . They are paid reviews. Magazines, websites etc that "appear" neutral, rarely are. But, it's your Mac; your choice. Use what you want. Opinions vary

Getting back to the File. It is probably my fault in not fully understanding your problem. OK - the file appeared on your Desktop and bears a resemblance to a named file you were working on?

I'm thinking that maybe this was a backup file created automatically by Numbers when you were working with the original file. A lot of apps do that, if the option is selected eg Word, PowerPoint, Pages, etc. In other words, with both Apple and non-Apple apps.

Do you think that might be the case with you?

Ian

 

[GReader]

Welcome to the forum. A bit of a long shot thought here, but is your Numbers default "save to" location your desktop? I'm wondering if Numbers saved an "interim" or scratch copy of the spreadsheet there and then something interrupted it so that when it did the final save, it didn't erase the interim. As I said, that's really a long shot, but I've seen things like that from other applications.

Numbers asks me where I want to save files to, but the default option is the desktop. Dunno if that's the same thing or not.

 

[GReader]

I can answer that question easily . They are paid reviews. Magazines, websites etc that "appear" neutral, rarely are. But, it's your Mac; your choice. Use what you want. Opinions vary

Getting back to the File. It is probably my fault in not fully understanding your problem. OK - the file appeared on your Desktop and bears a resemblance to a named file you were working on?

I'm thinking that maybe this was a backup file created automatically by Numbers when you were working with the original file. A lot of apps do that, if the option is selected eg Word, PowerPoint, Pages, etc. In other words, with both Apple and non-Apple apps.

Do you think that might be the case with you?

Ian

Thank you! I'll keep looking into the ones you mentioned. The file appeared on my desktop and had the exact same name as a spreadsheet I'd been working on. The new file wouldn't open. I converted it to a pdf and that let me open it. When I did, the only thing in it was the name of the file.

My first thought was that could've been a backup file, but then why was it mostly empty?

 

[chscag]

Numbers asks me where I want to save files to, but the default option is the desktop. Dunno if that's the same thing or not.

Numbers files like other iWork files (Pages and Keynote) are always saved to your Documents folder not the desktop. You need to change the default option.

As for magazine reviews, they vary according to the paid advertisers. Highly unreliable and for the most part should be looked at with a grain of salt. Actual user recommendations are best. When we recommend Intego and DetectX it's based on user input and actual results. But as Ian stated, it's up to you.

My first thought was that could've been a backup file, but then why was it mostly empty?

I believe the answer Jake gave you in reply #4 is likely what happened. You should be able to send that file to the Trash. Keep it in the Trash for awhile just to make sure. Empty the Trash when everything looks okay.

And, I and the staff welcome you to our forums.

 

[GReader]

Numbers files like other iWork files (Pages and Keynote) are always saved to your Documents folder not the desktop. You need to change the default option.

As for magazine reviews, they vary according to the paid advertisers. Highly unreliable and for the most part should be looked at with a grain of salt. Actual user recommendations are best. When we recommend Intego and DetectX it's based on user input and actual results. But as Ian stated, it's up to you.



I believe the answer Jake gave you in reply #4 is likely what happened. You should be able to send that file to the Trash. Keep it in the Trash for awhile just to make sure. Empty the Trash when everything looks okay.

And, I and the staff welcome you to our forums.

Thanks for your help and being so welcoming! I'm not sure I'm following re: Numbers. Whenever I want to save a Numbers file, it asks me where I want to save it to, and the default option listed is Desktop, because that's where I tend to save things. Are you saying I should change that?

I'd already permanently deleted the odd file shortly after sending it to the trash. I ran scans just now with both Intego and DetectX, and they found nothing. Can I feel safe there's no malware issue? What are the chances they'd have missed something?

 

[GReader]

@GReader

A warm welcome to Mac-Forums. Thank you for your post.

Hard to know what the "rascal" file was or is.

But you've chosen two apps that we would not normally advocate. Sophos is practically useless on a Mac because it is really designed for Windows. Moreover, it can slow your Mac down a lot - and it is jolly hard to get rid of the app because it is embedded deeply within the system.

Unfortunately, Malwarebytes, previously well thought of, has changed ownership and is now a bloated system which is also difficult to remove completely.

We recommend Intego's VirusBarrier Scanner - free from the App Sore and DetectX Swift free from DetectX

I suggest you try to get rid of the other two (if you can) and get these two. then run them. They only need to be used on an occasional basis - not constantly in the background.

As I said above, it is really difficult to know the source and nature of that File - and why it appeared on your Desktop? Not in an email? Not adherent to something else you down loaded from the Internet? My guess would be the latter.

Ian

I ran scans just now with both Intego and DetectX, and they found nothing. Can I feel safe there's no malware issue? What are the chances they'd have missed something?

 

[GReader]

P.S. I noticed that despite what the instructions say, my copy of DetectX doesn't have "Uninstall" as an option under the menu. If I decide I want to stop using it at some point, is sending it to the trash enough? Or no?

 

[chscag]

Whenever I want to save a Numbers file, it asks me where I want to save it to, and the default option listed is Desktop, because that's where I tend to save things. Are you saying I should change that?

Yes. Saving to the desktop is an old carry over habit from using Windows. (If you have ever been a Windows user.) Numbers files as well as other files created with Pages, Keynote, MS Word, etc, should be saved to your documents folder.

I'd already permanently deleted the odd file shortly after sending it to the trash. I ran scans just now with both Intego and DetectX, and they found nothing. Can I feel safe there's no malware issue? What are the chances they'd have missed something?

Both are very good at finding malware, however, nothing is 100% effective. Don't worry about it. Besides, macOS has built in anti-malware routines that offer very good protection.

P.S. I noticed that despite what the instructions say, my copy of DetectX doesn't have "Uninstall" as an option under the menu. If I decide I want to stop using it at some point, is sending it to the trash enough? Or no?

You can send DetectX to the Trash without worrying about leftover files that might cause problems. There is no formal uninstall routine built into the app.

 

[AMACL]

Yes. Saving to the desktop is an old carry over habit from using Windows. (If you have ever been a Windows user.) Numbers files as well as other files created with Pages, Keynote, MS Word, etc, should be saved to your documents folder.



Both are very good at finding malware, however, nothing is 100% effective. Don't worry about it. Besides, macOS has built in anti-malware routines that offer very good protection.



You can send DetectX to the Trash without worrying about leftover files that might cause problems. There is no formal uninstall routine built into the app.

Hi,
Jumping in here because I read the interesting discussion about needing or not needing virus protection on Apple systems (featured in the latest newsletter), which raises a question for me, but it was closed for further discussion, no doubt because of its interesting nature... So here is my question :

In both that thread and this one, you experts recommend getting rid of Malwarebytes. It's not the first time you have done so, and I have gotten the message : that the program you recommended a few years ago (2019 to be precise) is no longer good. Things happen.
What impressed me was that not only is Malwarebytes no longer useful, but it is bloated and can actually do harm, if only by slowing down one's system. We don't want that.
I let my Malwarebytes Premium subscription renew about a month ago so I'll be out 50€ but I can live with that.
But -➡➡ What is the right way to get rid of Malwarebytes?
I just upgraded to Big Sur on my 2019 Retina iMac 21.5" as well as on my 2017 Retina Macbook 12".

thanks for your intelligence. I really enjoyed reading that thread in the newsletter !

Ann

 

[DesMoinesBoy]

You need some form of antivirus considering that Apple has updates, but not daily or hourly. I would go with a low resource such as Bitdefender. I have it and it scans in the background. It did pick up a mystery file, a trojan and blocked it, scanned my system and quaranteed fragments. I think it is a good invstment, expensive but still a good investment. I don't want the headaches.

 

[ferrarr]

But -➡➡ What is the right way to get rid of Malwarebytes?

https://support.malwarebytes.com/hc/en-us/articles/360039025233-Uninstall-Malwarebytes-for-Mac

 

[Rod]

Just to go back to your original post, the Mormon Church thing is almost certainly a phishing attempt of some sort. They are becoming more and more sophisticated by the day. It may well not be related to your other problem, personally I don't think so, just coincidence.

You may have just clicked on something seemingly innocent which sent an email to a site which has recorded your email address and phone number, especially if your phone number is part of your email signature.

These days emails can have "active" pixels imbedded in banners and logos which if clicked on can send data about you to another party. Try to remove suspicious emails without opening them where possible.