This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Mughthesec' at '/Users/_____/Downloads/.com.google.Chrome.UqYVCf'

I can't seem to locate and remove Alert: 'Mughthesec' at '/Users/_____/Downloads/.com.google.Chrome.UqYVCf' Anyone have success with this one?



This thread was automatically locked due to age.
  • Hi  

    Could be please help me with the product that you are using?

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • From my understanding of Mughthesec it is usually hidden as an adobe flash player download that looks legitimate. I would suggest uninstalling all adobe products from the system and reinstalling them from the manufacturers website.

    It spreads under the file name player.dmg and will install the flash but also fraudulent programs called "advanced mac cleaner" and two safari extensions called "safe finder" and "booking.com"

    Try removing those programs and extensions completely from your computer.

    Hope that helps.

    Unfortunately with Mugthesec it allows the attacker to drop as many secondary payloads as they want... so sometimes a full system reinstall is recommended if it cant be located. Hope it doesnt come to that. Good luck.

    objective-see.com/.../blog_0x20.html

  • katlinbr said:

    I can't seem to locate and remove Alert: 'Mughthesec' at '/Users/_____/Downloads/.com.google.Chrome.UqYVCf' Anyone have success with this one?

     

    Katlinbr,

    User: ____ has a something "Chrome" in their download folder.  Log into their account and look in their download folder.  It looks like a bad Chrome installer - it may be a trojan horse installer or possibly just a corrupted copy.

    You can delete it and download the correct version for them from https://www.google.com/chrome/