Solved

Threat Removal

  • 6 June 2021
  • 5 replies
  • 69 views

Userlevel 1
Badge +3

Threat Will Not Remove & Can’t Quarantine File To Sent a report.

icon

Best answer by TripleHelix 7 June 2021, 04:16

We Mods are Volunteers and we try our best but in cases like these it’s always best to contact Webroot Support as they will know for sure if they are actual infections or False Positives.

 

The Hash Files don’t give any info on VirusTotal: https://www.virustotal.com/gui/home/search

 

[b] /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent [Name: "UserAdded", SHA: D2A3F5E1320E98754C4DC60050D1AA3240834A4D514DDE6429535A77894684D1]
[b] /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar [Name: "UserAdded", SHA: 4B294421DD7DAABE61398B6DFD8AF29233E91CDB51B897989DFD6C65103877BC]

 

You could try uploading the files to VT if you know how and post the links to the info on them?

 

Thanks,

View original

5 replies

Userlevel 7
Badge +63

Hello @lbrannon1 

 

Can you please save a scan log and post the detection's near the bottom of the log? https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingReportsAndViewers/SavingScanLogs.htm?TocPath=Using%2520Reports%2520and%2520Viewers%257C_____1

 

In case your using a Mac: https://docs.webroot.com/us/en/home/wsa_mac_userguide/wsa_mac_userguide.htm#UsingAdvancedTools/SavingScanLogs.htm%3FTocPath%3DUsing%2520Advanced%2520Tools%7C_____2

 

Thanks,

Userlevel 1
Badge +3

Webroot Scan Log (Mac)
Log saved at 2021-Jun-06 17:39:16

Mac OS X Version 11.4.0
Scan Started: 2021-Jun-06 16:55:48
Files Scanned: 513524
Malicious Files: 0
Duration: 9m 18s

[B] /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent [Name: "UserAdded", SHA: D2A3F5E1320E98754C4DC60050D1AA3240834A4D514DDE6429535A77894684D1]
[B] /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar [Name: "UserAdded", SHA: 4B294421DD7DAABE61398B6DFD8AF29233E91CDB51B897989DFD6C65103877BC]

Previous Scan Results

INFECTED - [2021-Jun-06 16:46:10] 513543 files scanned, 1 infections found in 9m 39s
INFECTED - [2021-Jun-06 16:46:09] 513543 files scanned, 1 infections found in 9m 36s
CLEAN - [2021-Jun-06 15:26:44] 513518 files scanned, 0 infections found in 8m 19s
CLEAN - [2021-Jun-06 15:17:56] 513518 files scanned, 0 infections found in 8m 48s
CLEAN - [2021-Jun-06 15:17:57] 513518 files scanned, 0 infections found in 8m 45s
CLEAN - [2021-Jun-06 15:00:01] 513536 files scanned, 0 infections found in 8m 50s
CLEAN - [2021-Jun-06 14:51:44] 513517 files scanned, 0 infections found in 8m 17s
CLEAN - [2021-Jun-06 14:28:28] 513497 files scanned, 0 infections found in 8m 20s
INFECTED - [2021-Jun-06 14:18:52] 513492 files scanned, 2 infections found in 8m 28s
CLEAN - [2021-Jun-06 07:43:19] 513460 files scanned, 0 infections found in 8m 19s
INFECTED - [2021-Jun-06 07:31:49] 513479 files scanned, 2 infections found in 8m 15s
CLEAN - [2021-Jun-06 06:50:24] 513419 files scanned, 0 infections found in 8m 17s
CLEAN - [2021-Jun-06 06:38:59] 513412 files scanned, 0 infections found in 8m 22s
INFECTED - [2021-Jun-06 06:15:55] 513421 files scanned, 2 infections found in 8m 55s
CLEAN - [2021-Jun-06 05:41:43] 513403 files scanned, 0 infections found in 8m 22s
CLEAN - [2021-Jun-06 05:29:58] 513383 files scanned, 0 infections found in 8m 27s
INFECTED - [2021-Jun-06 05:20:47] 513397 files scanned, 2 infections found in 8m 42s
CLEAN - [2021-Jun-05 16:39:40] 513067 files scanned, 0 infections found in 11m 3s
CLEAN - [2021-Jun-04 15:35:11] 512999 files scanned, 0 infections found in 14m 15s
CLEAN - [2021-Jun-03 22:08:02] 511501 files scanned, 0 infections found in 8m 2s
CLEAN - [2021-Jun-02 21:55:28] 895736 files scanned, 0 infections found in 24m 4s
CLEAN - [2021-Jun-02 20:54:03] 637781 files scanned, 0 infections found in 21m 0s
CLEAN - [2021-Jun-02 15:00:00] 629870 files scanned, 0 infections found in 17m 48s
CLEAN - [2021-Jun-02 07:45:51] 627642 files scanned, 0 infections found in 20m 40s
CLEAN - [2021-Jun-02 05:09:08] 641663 files scanned, 0 infections found in 21m 35s
CLEAN - [2021-Jun-02 02:19:06] 639288 files scanned, 0 infections found in 20m 46s
CLEAN - [2021-Jun-01 17:19:49] 633819 files scanned, 0 infections found in 19m 39s
CLEAN - [2021-Jun-01 11:37:57] 625945 files scanned, 0 infections found in 22m 13s
CLEAN - [2021-May-31 20:24:33] 640002 files scanned, 0 infections found in 20m 45s
CLEAN - [2021-May-31 15:59:29] 636361 files scanned, 0 infections found in 21m 12s
CLEAN - [2021-May-30 18:53:46] 633832 files scanned, 0 infections found in 19m 23s
CLEAN - [2021-May-30 14:50:25] 632547 files scanned, 0 infections found in 20m 6s
CLEAN - [2021-May-29 21:11:02] 632381 files scanned, 0 infections found in 9m 13s
CLEAN - [2021-May-29 15:00:00] 628325 files scanned, 0 infections found in 17m 53s
CLEAN - [2021-May-29 12:57:55] 630024 files scanned, 0 infections found in 19m 56s
CLEAN - [2021-May-29 03:22:51] 640788 files scanned, 0 infections found in 19m 38s
CLEAN - [2021-May-28 20:11:12] 637524 files scanned, 0 infections found in 17m 7s
CLEAN - [2021-May-28 15:00:00] 636371 files scanned, 0 infections found in 17m 39s
CLEAN - [2021-May-28 10:02:33] 639627 files scanned, 0 infections found in 20m 44s
CLEAN - [2021-May-28 01:58:15] 631413 files scanned, 0 infections found in 11m 39s
CLEAN - [2021-May-27 15:55:50] 635642 files scanned, 0 infections found in 19m 30s
CLEAN - [2021-May-27 15:53:34] 638839 files scanned, 0 infections found in 21m 45s
CLEAN - [2021-May-27 04:58:21] 638023 files scanned, 0 infections found in 19m 46s
CLEAN - [2021-May-27 01:34:05] 633999 files scanned, 0 infections found in 20m 35s
CLEAN - [2021-May-26 22:49:16] 633642 files scanned, 0 infections found in 17m 41s
CLEAN - [2021-May-26 14:41:41] 623883 files scanned, 0 infections found in 18m 59s
CLEAN - [2021-May-26 12:48:44] 633667 files scanned, 0 infections found in 20m 11s
CLEAN - [2021-May-26 03:31:32] 630326 files scanned, 0 infections found in 17m 15s
CLEAN - [2021-May-26 02:51:08] 630357 files scanned, 0 infections found in 19m 3s
CLEAN - [2021-May-26 02:26:21] 633585 files scanned, 0 infections found in 18m 20s
CLEAN - [2021-May-26 02:26:14] 11 files scanned, 0 infections found in 7s
CLEAN - [2021-May-26 02:26:14] 14 files scanned, 0 infections found in 4s
CLEAN - [2021-May-26 02:26:14] 0 files scanned, 0 infections found in 4s
CLEAN - [2021-May-26 02:08:01] 11 files scanned, 0 infections found in 14s
CLEAN - [2021-May-26 02:08:01] 14 files scanned, 0 infections found in 7s
CLEAN - [2021-May-26 02:08:01] 0 files scanned, 0 infections found in 6s
CLEAN - [2021-May-26 01:51:43] 11 files scanned, 0 infections found in 25s
CLEAN - [2021-May-26 01:51:42] 4 files scanned, 0 infections found in 23s
CLEAN - [2021-May-26 01:51:56] 0 files scanned, 0 infections found in 2s
CLEAN - [2021-May-26 01:51:31] 14 files scanned, 0 infections found in 5s
CLEAN - [2021-May-26 01:50:49] 11 files scanned, 0 infections found in 12s
CLEAN - [2021-May-26 01:50:48] 14 files scanned, 0 infections found in 3s
CLEAN - [2021-May-26 01:50:49] 0 files scanned, 0 infections found in 2s
CLEAN - [2021-May-25 22:52:06] 629798 files scanned, 0 infections found in 19m 16s
CLEAN - [2021-May-25 21:49:54] 0 files scanned, 0 infections found in 3s
CLEAN - [2021-May-25 21:16:36] 629745 files scanned, 0 infections found in 17m 17s
CLEAN - [2021-May-25 21:15:50] 28078 files scanned, 0 infections found in 33s
CLEAN - [2021-May-25 21:15:50] 77 files scanned, 0 infections found in 8s
CLEAN - [2021-May-25 21:15:49] 63 files scanned, 0 infections found in 5s
CLEAN - [2021-May-24 11:30:49] 31759 files scanned, 0 infections found in 1m 21s
CLEAN - [2021-May-24 11:30:49] 127 files scanned, 0 infections found in 32s
CLEAN - [2021-May-24 11:30:49] 65 files scanned, 0 infections found in 7s
CLEAN - [2021-May-24 11:30:49] 63 files scanned, 0 infections found in 5s
CLEAN - [2021-May-24 11:12:00] 637313 files scanned, 0 infections found in 9m 6s

Current Session System Statistics

CPU: 2%
--- End of Scan Log ---

2021-Jun-06 16:55:51    Path "/usr/libexec/configd" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/usr/sbin/systemstats" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/System/Library/PrivateFrameworks/Uninstall.framework/Resources/uninstalld" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/usr/libexec/UserEventAgent" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/usr/sbin/syslogd" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Path "/sbin/launchd" Does not match target path "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:55:51    Attempting to quarrantine file.
2021-Jun-06 16:55:51    Attempting to remove file.
2021-Jun-06 16:55:51    Failed to remove /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar - Operation not permitted
2021-Jun-06 16:55:51    Threat remediation failed for "/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar"
2021-Jun-06 16:59:30    THREAT DETECTED: UserAdded
2021-Jun-06 16:59:30    /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent [Name: "UserAdded", SHA: D2A3F5E1320E98754C4DC60050D1AA3240834A4D514DDE6429535A77894684D1]
2021-Jun-06 17:01:01    THREAT DETECTED: UserAdded
2021-Jun-06 17:01:01    /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar [Name: "UserAdded", SHA: 4B294421DD7DAABE61398B6DFD8AF29233E91CDB51B897989DFD6C65103877BC]
2021-Jun-06 17:05:06    Unable to start RealTimeShield
2021-Jun-06 17:05:07    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:05:07    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:05:08    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:05:09    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:05:09    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:05:11    Scan Finished: [started on 2021-Jun-06 16:55:48]
2021-Jun-06 17:05:11    Files Scanned: 513524
2021-Jun-06 17:05:11    Malicious Files: 0
2021-Jun-06 17:05:11    Duration: 9m 18s
2021-Jun-06 17:35:03    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:35:03    Result from CURL: 0    HTTP result: 200    URL: i1.ma.webrootcloudav.com/arm.asp    Local File: ExecuteCurlRequestString
2021-Jun-06 17:35:04    Feature set: 72057594037927941
2021-Jun-06 17:38:51    Saved the product log to /Users/lavellebrannon/Desktop/UntitledSCAN LOG
/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
2021-06-06 17:35:03.895 WSDaemon[119:27453] MPP: https:api.webrootmultiplatform.com/v1/version?product=WSA-MAC&os=11.4.0&grabword=WSAMAC.DMG&platform=x64&version=9.3.0.77
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress
/Applications/Webroot SecureAnywhere.app/Contents/Resources/startui.plist: service already bootstrapped
Bootstrap failed: 37: Operation already in progress

Userlevel 7
Badge +63

Hello @lbrannon1 

 

I can’t personally find any info on those files so it would be best to Contact Webroot Support and they will sort it out for you.

 

Webroot Support:

Submit a ticket

Call 1-866-612-4227

Mon - Fri 7 AM to 7 PM (MDT)

 

Please let us know the outcome.

 

Thanks,

Userlevel 1
Badge +3

Thank You ; Had Already Started One Before You. Was Hoping That You Could Provide Me With A little More Insight..

Userlevel 7
Badge +63

We Mods are Volunteers and we try our best but in cases like these it’s always best to contact Webroot Support as they will know for sure if they are actual infections or False Positives.

 

The Hash Files don’t give any info on VirusTotal: https://www.virustotal.com/gui/home/search

 

[b] /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent [Name: "UserAdded", SHA: D2A3F5E1320E98754C4DC60050D1AA3240834A4D514DDE6429535A77894684D1]
[b] /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar [Name: "UserAdded", SHA: 4B294421DD7DAABE61398B6DFD8AF29233E91CDB51B897989DFD6C65103877BC]

 

You could try uploading the files to VT if you know how and post the links to the info on them?

 

Thanks,

Reply