Remove Malwaregen[trj] from Mac

TL;DR

Malwaregen[trj] is a generic detection by Avast indicating potentially unwanted software or a mild threat. This guide shows you how to remove it using Avast, and then steps to clean up any remaining traces and prevent future infections.

1. Run a Full Scan with Avast

1. Open Avast Security: Double-click the Avast icon in your Dock or Applications folder.
2. Go to Scans: Click on ‘Scans’ in the main menu.
3. Choose Full Scan: Select ‘Full scan’. This will take a long time (possibly several hours), so be patient.
4. Start the Scan: Click ‘Start Scan’. Avast will check all files and folders on your Mac.
5. Quarantine or Delete Threats: When the scan finishes, review any detected threats. Avast will likely recommend quarantining or deleting Malwaregen[trj]. Follow its recommendations.

2. Check Avast’s Chest (Virus Vault)

Sometimes, Avast puts quarantined files in a ‘Chest’. It’s good to review this.

1. Open Avast Security: Double-click the Avast icon.
2. Go to Protection: Click on ‘Protection’ in the main menu.
3. Virus Chest: Select ‘Virus Chest’.
4. Review and Delete (if safe): Look for any files related to Malwaregen[trj]. If you’re sure they aren’t important, delete them. Be careful not to delete legitimate files.

3. Remove Suspicious Launch Agents/Daemons

Malware can sometimes install itself to run automatically when your Mac starts up. We’ll check for these.

1. Open Terminal: Open the ‘Terminal’ application (found in /Applications/Utilities/).
2. List Launch Agents: Type the following command and press Enter:

   launchctl list | grep -i malwaregen

   This will show any launch agents with “malwaregen” in their name.

3. Remove Launch Agent (if found): If you find a suspicious entry, use this command to unload it:

   sudo launchctl unload /path/to/launchagent.plist

   Replace /path/to/launchagent.plist with the actual path from the previous step. You’ll need your administrator password.

4. List Launch Daemons: Type this command and press Enter:

   launchctl list | grep -i malwaregen

   This will show any launch daemons with “malwaregen” in their name.

5. Remove Launch Daemon (if found): If you find a suspicious entry, use this command to unload it:

   sudo launchctl unload /path/to/launchdaemon.plist

   Replace /path/to/launchdaemon.plist with the actual path from the previous step. You’ll need your administrator password.

6. Delete Launch Agent/Daemon Files: After unloading, delete the .plist file using Finder. It will likely be in /Library/LaunchAgents or /Library/LaunchDaemons (you may need to show hidden files – see Step 4).

4. Show Hidden Files

Files starting with a dot (.) are hidden by default on macOS. We need to see these to remove potentially malicious files.

1. Open Finder: Open the ‘Finder’ application.
2. Press Command + Shift + . (period): This toggles the visibility of hidden files and folders. Press it again to hide them.

5. Check for Suspicious Files in Library Folders

Malware often hides in these locations.

1. Open Finder: Open the ‘Finder’ application.
2. Go to Go Menu: Click on ‘Go’ in the menu bar, then select ‘Go to Folder…’.
3. Enter Library Path: Type ~/Library and click ‘Go’. This opens your user library folder.
4. Check these folders for anything suspicious: Look inside Application Support, Caches, Preferences, LaunchAgents, LaunchPreferences, Logs. Delete any files or folders you don’t recognise and suspect are related to Malwaregen[trj].
5. Repeat for System Library: Repeat steps 2-4 but enter /Library instead of ~/Library. Be *very* careful when deleting from the system library, as removing essential files can cause problems.

6. Empty Trash

After deleting any suspicious files, empty your Trash.

7. Keep Your Software Updated

• macOS Updates: Regularly update macOS through System Preferences > Software Update.
• Avast Updates: Ensure Avast is up to date (it usually does this automatically).
• Other Applications: Keep all your other software updated as well.