So I did a scan of my Mac today and something really weird showed up that I can’t find any info on online.

MacOS:Pwnet-L (Trj) that was apparently found in /Applications/Backup and Sync.app/Contents/Helpers/Google Drive Icon Helper?

What is this? I assume it’s a trojan but how did it get on my computer? I haven’t installed anything since my last scan in June and Backup and sync was installed in may (but I don’t remember installing it)

What could it have been doing with my computer? Should I remove Backup and sync???

I removed the trojan itself from my computer but I am really confused. Should I be worried?

Any help is appreciated!

I’m getting that too. I downloaded a fresh InstallBackupAndSync.dmg from Google and it’s also flagging malware. My money is on this being a false positive. On another note, I’m having a bitch of a time getting past the CAPTCHA that will allow me to post this reply.

I tried to check with VirusTotal - and it reports it as clean - https://www.virustotal.com/#/file/c857228cf860221c65844b01cb633c54ebf97125284930d9263a4824b04dd6b5/detection
Would you mind to report as FP if it’s still happening? - https://support.avast.com/en-ww/article/Use-Mac-Security-Virus-Chest

Infection: MacOS:Pwnet-L [Trj] found in package contents file: /Application/Backup and Sync.app/Contents/Helpers/Google Drive Icon Helper. This date: Jul 14, 2018.
No information from Google. The Backup and Sync.app is a replacement for the Google Drive app, and was downloaded in Googles latest update through this Process: /Library/Google/GoogleSoftwareUpdates.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/
Avast put it into its chest.

This virus is part of a bigger issue with Google’s replacing Google Drive with Backup and Sync.app
See https://forum.kaspersky.com/index.php?/topic/389674-how-to-exclude-google-drive-file-stream-from-scan/&page=3
for example, of other impacts of what may be a deeper problem. Has anyone seen an impact on MacOS operation?

In addition, this is the report of “No Engine Finds this file” from VIRUSTOTAL for the specific file that Avast puts into its Chest:

https://www.virustotal.com/#/file/b31558cedd582e520f21e5d4d32a4b3c9ae26e206c66bf6141fa8ed3dff043a7/detection

The file “10C86BD8” is the file from my installation of Google Icon Helper that Avast moved to its Chest.

send us the file from Virus Chest please.
And what is your virus definition version? It looks like a FP that may have been fixed already.

This is a bit confusing, in other posts by Avast, this is considered a false positive.
My macbook shows 6 infections (including 2 timemachine copies) and has been scanning now for 25 hours and has been on 99% for the last 18 hours, still actively scanning. I run a fresh version of Avast, only bought it 2 days ago.

If its a FP, I would appreciate a heads-up and continue with normal life on this machine…

Thanks for any support.

BTW, the captcha is at times indeed above challenging

Captcha is only needed for your first 3 posts. (Spam protection)

well, if it has been considered as FP by our ThreatLabs guys then it should be fixed within hours after announcement. Your virus definitions should update automatically.