This thread was automatically locked due to age.
Hi Eric Liang
Could you please check under the central dashboard, There is an action for every threat detection. Kindly see if it was been cleanup or it requires manual deletion. I would also suggest to run a full system scan and check it once.
Shweta
Hi Shweta, thanks for responding. I'm pretty sure they require manual deletion. And these "Mughthesec" are newly and continuously produced every day, even after a full system scan. It's been very distracting. Can you offer some help on this situation?
Hi Eric Liang
Could you please try removing those programs and extensions completely from your computer where you are seeing the detection?
Shweta
Hi Shweta. Thanks for your suggestion. Fortunately, it worked. For future reference, I'm recording the whole picture as follows.
I deleted the program or extension "UniversalWebResults" under those two ".../Library/Program Support/" directories. The "/Private/tmp/" ("tmp" for temporary) directory is regularly cleaned up by my operating system and therefore any "Mughthesec" in it also automatically disappears regularly.
I've monitored for one week after the removal, and there's no "Mughthesec" detected anymore, so far.
I actually recognize the name of this program/extension "UniversalWebResults". It was an annoying web browser extension that had bothered me for months. After I installed Sophos several weeks ago, at first, it only found "Mughthesec" under the "/Private/tmp/" directory, instead of finding the program/extension itself. Now I suspect that those temporary "Mughthesec", which had kept reproducing after my removals, had all been created by this program/extension. Since I hadn't remove the program itself at that time, they had kept reproducing. At the time I resorted to this forum for help, it was coincidentally the first time Sophos had detected the program/extension "UniversalWebResults" itself. Being tired and hopeless of failed removals, I didn't try removing them, until suggested to do so. And then it worked.
In fact, I have a final quick question: what on earth is "Mughthesec"? Would you please answer this for me, thanks.
Hi Eric Liang
Mughthesec is usually hidden as an adobe flash player download that looks legitimate. It spreads under the file name player.dmg via malicious ads and popups on shady websites. This should help:
Shweta
Hi Eric Liang
Mughthesec is usually hidden as an adobe flash player download that looks legitimate. It spreads under the file name player.dmg via malicious ads and popups on shady websites. This should help:
Shweta