System Infection PUA.OSX.CalendarFreeMoneroMiner

Discussions relating to ClamXav

Moderator: Mark

System Infection PUA.OSX.CalendarFreeMoneroMiner

Postby leamcd » Mon 12 Mar 2018 2:30 pm

Hi: After running ClamXav it identified the following problem:

System Infection PUA.OSX.CalendarFreeMoneroMiner
The infection is highlighted in red. Can this file simply be deleted or more extreme measures needed?
Thank You,
Lea

ClamXav v2.17/0.99.4 (3603)
Mac book pro running MAC OS version 10.13.3 High Sierra
leamcd
 
Posts: 37
Joined: Sat 05 May 2012 5:44 pm

Re: System Infection PUA.OSX.CalendarFreeMoneroMiner

Postby alvarnell » Mon 12 Mar 2018 10:08 pm

Deleting it using ClamXAV should be sufficient.

For anybody that is interested in some extremely technical information about the Calendar 2 app: A Surreptitious Cryptocurrency Miner in the Mac App Store?
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: System Infection PUA.OSX.CalendarFreeMoneroMiner

Postby leamcd » Mon 12 Mar 2018 10:53 pm

I just noticed that the delete option is greyed out, and so this is not an option. This infection did not show up in last nights scan. It only appeared after I was updating the virus definitions. Now I don't know what to do. Any thoughts?

Lea
leamcd
 
Posts: 37
Joined: Sat 05 May 2012 5:44 pm

Re: System Infection PUA.OSX.CalendarFreeMoneroMiner

Postby alvarnell » Tue 13 Mar 2018 12:16 am

I'll let the ClamXAV folks know about the grayed out delete.

Here is what Apple recommends:

- Click the Launchpad icon Image in the Dock
- Search for or locate the "Calendar 2" icon
- Position the pointer over an app’s icon
- Press and hold until all the icons begin to jiggle
- Click the app’s Delete button (a circled "X")

If an icon doesn’t have a Delete button, it can’t be uninstalled in Launchpad, so dragging it to the Trash Can should take care of it. You may have to log out and back in or reboot in order to empty the Trash.
===================
If this is an app that you like, then there is another temporary solution and news about the future of that App.

If you object to your computer being used to "crypto-mining" funds for the developer, access Calendar 2's preferences and disable the option that allows that. It will disable some of it's features, but you can purchase any that you want restored.

I was just notified that Apple has decided to remove the app from the App Store for now and learned the developer will probably make it available again without this feature, so that may be another reason for you to not delete it yet.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: System Infection PUA.OSX.CalendarFreeMoneroMiner

Postby leamcd » Tue 13 Mar 2018 12:32 am

I have found and deleted the Calendar 2 app. I will reboot and run Clamx again.

Thank You
Lea
leamcd
 
Posts: 37
Joined: Sat 05 May 2012 5:44 pm

Re: System Infection PUA.OSX.CalendarFreeMoneroMiner

Postby alvarnell » Fri 16 Mar 2018 9:04 pm

Calendar 2 has returned to the App Store with the crypto-currency mining feature having been removed, available here.

The developer states that everyone who downloads Calendar or updates to this release will get access to all Upgraded Features free for an entire year! In the next release we will simply unlock those features for everyone who downloaded Calendar thus far.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA


Return to ClamXav

Who is online

Users browsing this forum: No registered users

cron