PUA.OSX.MacKeeper.r was deteced by Webroot.
Any thoughts?
Best answer by Ssherjj
View originalPUA.OSX.MacKeeper.r Found In Apple Time Machine Backups
PUA.OSX.MacKeeper.r has been popping up in TimeMachine backups over the past few years and where thought to be false positives. I recently purchased a new Macbook Pro, a new TimeCapsule and connected it to a newly built network with no other devices connected to it. Within five minutes of starting the first TimeMachine backup,
PUA.OSX.MacKeeper.r was deteced by Webroot.
Any thoughts?
PUA.OSX.MacKeeper.r was deteced by Webroot.
Any thoughts?
Userlevel 7
+62
Hello SharkSushi,
Welcome to the Webroot Community,
MacKeeper is considered a PUA (potentially unwanted application). While this product does use a legit AV engine (Avast) it also runs other processes that would be considered unwanted.
Here is what a former Webroot Mac Threat Researcher told us:
"In some cases, Webroot will detect a threat that is located on your backup, such as Time Machine. If the file are in the backup, then they cannot hurt your system. You would have to restore the files from the backup to get them on the system, and at that point the Real Time Shield in Webroot would find and remove them. Even though Webroot cannot remove these files, as space for newer backups is needed the older backups will be deleted. This will delete the threats from the backup as well.
We recommend if Webroot continues to detect these files that you uncheck the box next to them on the removal page. This will tell Webroot to ignore the files in their current location.
If you would like to remove these files manually from the backup in Time Machine, you can use the following steps:
Note: This action is permanent, and will impact all past backups on the given Time Machine drive, even backups from the distant archives on that drive. For this reason, be absolutely certain you want to remove an item before deleting it, otherwise you may end up missing data you would have wanted to keep.
1. Open the backup manager by pulling down Time Machine menu item and selecting, “Enter into Time Machine.”
2. Navigate to the directory location of the files/folders you want to remove.
3. Right-click on the folder or file you want to remove and select “Delete all backups of [File Name].”
4. Confirm the removal.
As the process is the same whether you are deleting the backup of a file or an entire folder, please be careful to only select the items you wish to delete. You cannot recover these files.
Another option available to Time Machine users is to exclude the files and folders from being backed up by the Time Machine. You can add them to the exclusion list which will permanently block the files/folders from being backed up in the future. By doing this, the infected file will eventually be deleted from the backup over time and prevent it from ever getting re-introduced to the drive should it be installed on the computer again."
I would recommend that you Open a Support Ticket and ask the Support Team advice/assistance on how to handle this if you have any concerns.
Hope this helps?
Welcome to the Webroot Community,
MacKeeper is considered a PUA (potentially unwanted application). While this product does use a legit AV engine (Avast) it also runs other processes that would be considered unwanted.
Here is what a former Webroot Mac Threat Researcher told us:
"In some cases, Webroot will detect a threat that is located on your backup, such as Time Machine. If the file are in the backup, then they cannot hurt your system. You would have to restore the files from the backup to get them on the system, and at that point the Real Time Shield in Webroot would find and remove them. Even though Webroot cannot remove these files, as space for newer backups is needed the older backups will be deleted. This will delete the threats from the backup as well.
We recommend if Webroot continues to detect these files that you uncheck the box next to them on the removal page. This will tell Webroot to ignore the files in their current location.
If you would like to remove these files manually from the backup in Time Machine, you can use the following steps:
Note: This action is permanent, and will impact all past backups on the given Time Machine drive, even backups from the distant archives on that drive. For this reason, be absolutely certain you want to remove an item before deleting it, otherwise you may end up missing data you would have wanted to keep.
1. Open the backup manager by pulling down Time Machine menu item and selecting, “Enter into Time Machine.”
2. Navigate to the directory location of the files/folders you want to remove.
3. Right-click on the folder or file you want to remove and select “Delete all backups of [File Name].”
4. Confirm the removal.
As the process is the same whether you are deleting the backup of a file or an entire folder, please be careful to only select the items you wish to delete. You cannot recover these files.
Another option available to Time Machine users is to exclude the files and folders from being backed up by the Time Machine. You can add them to the exclusion list which will permanently block the files/folders from being backed up in the future. By doing this, the infected file will eventually be deleted from the backup over time and prevent it from ever getting re-introduced to the drive should it be installed on the computer again."
I would recommend that you Open a Support Ticket and ask the Support Team advice/assistance on how to handle this if you have any concerns.
Hope this helps?
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.