Skip to main content

WebRoot on my Mac just popped up that a file “/Library/Google/…./GoogleSoftwareUpdateAgent” has the threat “MacOS.MacRansomEvilQuest.1.r”

It quarantined correctly, but…. what’s going on…  is this a bad file, or does WebRoot have a mistake, or is Google pushing ransomware?

Hello @davidpv 

 

It’s best to Submit a Support Ticket and they will let you know what is going on and make sure your system is clean.

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue and support can take up to 48 hours to reply or a little longer because of COVID-19.

 

Thanks,


See here about OSX.EvilQuest: https://community.webroot.com/webroot-secureanywhere-for-macs-18/osx-evilquest-344055


Ran in to the same issue today. Does anyone have any new information on this?


Hello @Mark Salvaleon  just the 2 of you that we know of so it would be best to contact support as well!

 

It’s best to Submit a Support Ticket and they will let you know what is going on and make sure your system is clean.

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue and support can take up to 48 hours to reply or a little longer because of COVID-19.

 

Thanks,


Same issue, about an hour ago. Noticed Google Chrome had the green update available icon, then Webroot popped up shortly after, Run malwarebytes Scan doesn’t detect anything, checked the file system for other files related to this virus found nothing. Is this genuine or a false positive?


Hello @Nathan G  could be a FP but only Webroot Support would know, so it’s best that you Submit a Support Ticket as well.


Thank goodness for this thread, I just experienced this as well. It seemed like an odd filename for a threat. I was pretty worried… still am. But it’s good to know I’m not the only one this has happened to.


Hello @msalud  it’s best if you contacted support as well from the link I posted above!


Is this the version of Chrome you all updated to? Chrome 84.0.4147.89

 

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html


@TripleHelix Yes, that’s what I have


Most likely a False Positive but I can’t be sure only support can tell and fix it! @DanP  @khumphrey  @freydrew  @PVaddi 


I have same version of Chrome 84.0.4147.89


Support have confirmed my case is a false positive. It’s fixed in definition 1451


Thanks for the Update @Nathan G  and it’s just a False Positive.


I also have had this alert come up. I tried to delete it and run a new scan and it shows up again. I want to report to support, but I don’t have the right password to do so and it won’t email it to me, even though I’ve clicked “forgot password.”


Got the exact same alert a few minutes ago. Glad to know it’s a false positive. Any way to get rid of it?


Webroot is aware of the unusual activity and it has been resolved in the latest update. If you have yet to receive an update, you will as soon your computer checks in. Security is at the core of what we do and securing our customers’ data is our top priority. Your device is secure and there's nothing else you need to do at this time.


Webroot is aware of the unusual activity and it has been resolved in the latest update. If you have yet to receive an update, you will as soon your computer checks in. Security is at the core of what we do and securing our customers’ data is our top priority. Your device is secure and there's nothing else you need to do at this time.

For anyone who is still having this issue on an older build just uncheck the files and continue the scan


I got this also - 7 alerts labeled MacOS.MacRansom.EvilQuest.1.r  in Library/GoogleSoftwareUpdate/.

All were Quarantined; I deleted ASAP, quick rescan found nothing more, I’m still in process of full rescan which is now over 8 hours and still running, nothing found so far.

Do I need to get a Ticket and more checking?

Will I get an update while WSA is still scanning?


Reply