Dr Unarchiver Malware



It's a totally different thing and I'm 99% sure it's safe. It does its job fantastically, is free, has a command line tool, and used to be open source iirc. Doesn't seem at all like these sketchy 'cleaning' tools that are often borderline malware. It doesn’t end there, though. 9to5Mac is now reporting that other such apps continue to live on the Mac App Store, including ones from “Trend Micro Inc”, such as Dr. Description Unarchiver One is a free tool to compress or extract archive files,which supports all common formats like Zip, RAR, 7z, GZ, Tar, Gzip and more. It also lets you browse the contents of archived files and preview files directly even without extract. Feature List: 1.

How to remove Trojan.MAC.SpyAgent.C from Mac?

What is Trojan.MAC.SpyAgent.C?

Trojan.MAC.SpyAgent.C is a generic detection name for a number of products developed by Trend Micro Inc. The list of products includes Dr. Antivirus, Dr. Battery, Dr. Cleaner, Dr. Cleaner Pro, Dr. Unarchiver, and Duplicate Finder. In the past, these applications were considered legitimate, but they were subsequently modified to record certain information stored on computers. Therefore, some anti-virus suites (such as Bitdefender) detect these apps as trojans/malware.

Trend Micro Inc. is a legitimate software development company and has released a number of applications, including those used to clean computers and enhance system performance. As mentioned above, however, some of this company's products were designed to gather information and send it to a remote server (you can read more in this article). Essentially, these applications recorded data when first run. The list of collected data types includes Internet search and browsing history of the Safari, Mozilla Firefox, and Google Chrome browsers, and App Store browsing history. They were also designed to record history from the last 24 hours only. This, supposedly to detect potential activity of malware or unwanted applications. Furthermore, users were supposedly notified about this data tracking, however, these applications still did not comply with Apple's Privacy Policy. Therefore, they were removed from the App Store. At time of writing, Trend Micro has already resolved this issue and released an update for each app. Furthermore, the company's servers no longer accept information from the previous versions. You can find detailed information regarding the update in this article. Although the issue is resolved, you should remove old versions of Trend Micro products (that are detected as Trojan.MAC.SpyAgent.C) and re-install the latest versions of these apps.

Threat Summary:
NameTrojan.MAC.SpyAgent.C malware
Threat TypeMac malware, Mac virus
SymptomsYour Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites.
Distribution methodsDeceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads.
DamageInternet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Information tracking is common to potentially unwanted applications, such as adware and browser hijackers. These applications typically offer 'useful features', but these claims are merely attempts to give the impression of legitimacy. Unwanted applications are designed only to generate revenue for the developers. Rather than giving value for regular users, adware and browser hijackers deliver intrusive advertisements, cause unwanted redirects, and gather sensitive information, thereby diminishing the browsing experience and posing a direct threat to your privacy and Internet browsing safety.

Dr Unarchiver Malware Download

How did potentially unwanted applications install on my computer?

In some cases, potentially unwanted applications have official download websites, however, due to the lack of knowledge and careless behavior of many users, these apps often infiltrate systems without permission, since developers proliferate them using 'bundling' and intrusive advertising methods. 'Bundling' is essentially stealth installation of third party applications together with regular (mostly free) software. Developers hide 'bundled' applications within 'Custom/Advanced' settings (or other sections) of the download/installation processes. Intrusive advertisements redirect users to malicious websites, and execute scripts that download and install malware. Furthermore, many users skip download/installation processes and click advertisements without understanding the possible consequences. This exposes their systems to risk of various infections and compromises their privacy.

How to avoid installation of potentially unwanted applications?

The key to computer safety is caution. Therefore, pay attention when browsing the Internet and downloading/installing software. Remember that intrusive ads usually seem legitimate, since developers invest many resources into their design, but they redirect to dubious websites (pornography, adult dating, etc.). Most are delivered by adware-type apps. If you encounter dubious redirects, remove suspicious applications and browser plug-ins. You are also advised to carefully analyze each step of the download/installation processes and opt-out of additionally-included programs. We recommend that you avoid using third party downloaders/installers, since developers monetize them by promoting ('bundling') rogue apps. Software should be downloaded from official sources only, using direct download links. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Instant automatic Mac malware removal:Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for MacBy downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Quick menu:

Dr Unarchiver Malware

Unarchiver
  • STEP 1. Remove PUA related files and folders from OSX.
  • STEP 2. Remove rogue extensions from Safari.
  • STEP 3. Remove rogue add-ons from Google Chrome.
  • STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your 'Applications' folder:

Click the Finder icon. In the Finder window, select “Applications”. In the applications folder, look for “MPlayerX”,“NicePlayer”, or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Combo Cleaner checks if your computer is infected with malware. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Dr unarchiver malware protection

Remove trojan.mac.spyagent.c malware related files and folders:

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware-generated files in the /Library/LaunchAgents folder:

In the Go to Folder... bar, type: /Library/LaunchAgents


In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

Check for adware generated files in the /Library/Application Support folder:

In the Go to Folder... bar, type: /Library/Application Support


In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

Check for adware-generated files in the ~/Library/LaunchAgents folder:


In the Go to Folder bar, type: ~/Library/LaunchAgents

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

Check for adware-generated files in the /Library/LaunchDaemons folder:


In the Go to Folder... bar, type: /Library/LaunchDaemons


In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, 'com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click 'Start Combo Scan' button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays 'no threats found' - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Trojan.MAC.SpyAgent.C malware removal from Internet browsers:

Remove malicious extensions from Safari:

Dr unarchiver windows

Remove trojan.mac.spyagent.c malware related Safari extensions:

Open Safari browser, from the menu bar, select 'Safari' and click 'Preferences...'.

In the preferences window, select 'Extensions' and look for any recently-installed suspicious extensions. When located, click the 'Uninstall' button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious plug-ins from Mozilla Firefox:

Remove trojan.mac.spyagent.c malware related Mozilla Firefox add-ons:

Open your Mozilla Firefox browser. At the top right corner of the screen, click the 'Open Menu' (three horizontal lines) button. From the opened menu, choose 'Add-ons'.

Choose the 'Extensions' tab and look for any recently-installed suspicious add-ons. When located, click the 'Remove' button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

Remove malicious extensions from Google Chrome:

Remove trojan.mac.spyagent.c malware related Google Chrome add-ons:

Open Google Chrome and click the 'Chrome menu' (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose 'More Tools' and select 'Extensions'.

In the 'Extensions' window, look for any recently-installed suspicious add-ons. When located, click the 'Trash' button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Multiple apps developed by Trend Micro are no longer available in the Mac App Store after researchers showed they were collecting browser history and information about users' computers.

On Friday, Apple removed Adware Doctor, a top security app, from its store, on the exact same grounds.

Dr Unarchiver Malware Remover

The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all under the developer account Trend Micro, Incorporated. Until removal, all products were top-sellers, with thousands of positive reviews that averaged their ratings between 4.6 and 4.9.

Dr Unarchiver Malware

The first public report of a Trend Micro product in the App Store engaging in shady activities came in late 2017 when user PeterNopSled told Malwarebytes forum members that 'that his Mac was taken over by Open Any Files: RAR Support,' and it did not let him open Word or Excel files.

He discovered that the app was promoting the Trend Micro Antivirus product in the store, with no apparent connection.

Thomas Reed, the developer of Malwarebytes for Mac, chimed in on the thread confirming the unethical behavior and the connection between the two apps.

'Dr. Antivirus does appear to be legitimately associated with Trend Micro, on initial investigation, and the Open Any Files app uses an affiliate code to link to the Dr. Antivirus page on the App Store. Dr. Antivirus appears to be junk - I threw 23 components of malware from this year at it, and it only detected 5 of them,' Reed posted.

On Saturday, security researcher Privacy_1st published a video showing that Dr. Cleaner and Dr. Antivirus collected browser history from Safari, Chrome, and Firefox, along with some system information.

iOS developer and 9to5Mac writer Guilherme Rambo found that Trend Micro's Dr. Unarchiver was also siphoning user data.

Info heading to Trend Micro servers

Privacy_1st looked into the three apps from Trend Micro and saw that they had hardcoded strings for exfiltrating user information.

They collected browser history and data from the device that could be used for identification. The researcher says that the serial number and the version of the operating system were among the exfiltrated details.

The final destination for the information was the trendmicro.com domain, the researcher told us, the same as the Open Any Files app.

Dr Unarchiver Malware Software

Observing the behavior of the apps, the researcher noticed that they received at runtime a JSON file with different codes, which suggests that the apps retrieve commands from the mother ship for data exfiltration.

It is important to note that the three apps analyzed by Privacy_1st did not exhibit data exfiltration behavior every time they launched. Also, the researcher did not have a chance to look closer into this, but from his experience with analyzing APT malware, this looks like a valid theory.

Unarchiver

Multiple apps remove data in the same way, all from Chinese devs

The method used by Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver to upload user data to an external server is not singular, Privacy_1 points out.

Adware Doctor and Komros Adware Cleaner (same developer behind them), Open Any Files and Adblock Master relied on the same technique to lift the information from users.

Another thing these apps have in common is a connection with Trend Micro and a Chinese developer.

The apps have been reported to Apple since at mid-August and are currently removed from the Mac App Store.

Also removed is App Uninstall (spotted by security researcher Joshua Long), another product under Trend Micro's developer account.

Trend Micro's list of apps in the App Store at the time of publishing is reduced to two entries: Network Scanner (five ratings) and Dr. WiFi (not rated yet).

We reached out to Trend Micro for a statement on the matter but received no reply at the time of publishing.

Update [September 10, 19:13]: Trend Micro released less than an hour ago a statement denying that its apps were stealing user data. The company says that an initial investigation confirms that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and Duplicate Finder collected browser snapshots, but the behavior was disclosed in the EULAs of each product.

'This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service),' Trend Micro explains, adding that the data was uploaded to a server in the US on Amazon Web Services, not in China.

Trend Micro is yet to explain the connection with shady apps from other developers and why the its products were removed from the App Store. A representative of the company told BleepingComputer that the company statement would be updated continuously.

Related Articles: