IK4 0 Posted January 21 Share Posted January 21 Can someone please explain what this is or how to remove it? I click delete but it would reapear after a day or two. Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted January 21 Administrators Share Posted January 21 There was an issue rendering the html code as part of the alert but that's not what you've inquired about. My understanding is that the trojan was detected by Web access protection in a cache upon syncing with iCloud. Honestly I'm not well versed in Apple products so I'd leave this to someone more experienced. Link to comment Share on other sites More sharing options...
alialki 0 Posted February 5 Share Posted February 5 Can you tell me if you have a solution for this issue its been months that I am getting the same threat and keep deleting it and its very annoying to be honest Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 5 Administrators Share Posted February 5 1 minute ago, alialki said: Can you tell me if you have a solution for this issue its been months that I am getting the same threat and keep deleting it and its very annoying to be honest Please provide logs as well as a screenshot of the alert that you've been getting. Link to comment Share on other sites More sharing options...
IK4 0 Posted February 7 Author Share Posted February 7 On 2/5/2024 at 10:34 AM, alialki said: Can you tell me if you have a solution for this issue its been months that I am getting the same threat and keep deleting it and its very annoying to be honest Unfortunately not, I've tried deleting the whole folder itself where ESET claims the threat is... no avail. It's very frustrating... Link to comment Share on other sites More sharing options...
IK4 0 Posted February 7 Author Share Posted February 7 On 2/5/2024 at 10:36 AM, Marcos said: Please provide logs as well as a screenshot of the alert that you've been getting. 07/02/2024, 11:35:16 Real-time file system protection file /Users/***/Library/Caches/CloudKit/com.apple.bird/d64f70849811a732120a73ed6701a7949e100499/Assets/187CA54F-379B-4E74-BFE3-BDD0BA59B5F8.016a42dfaac84eb497374d5ace6cc8aa4bb86aff47 HTML/ScrInject.B trojan unable to clean *** Event occurred during an attempt to access the file by the application: /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd (BB585E5C851F8C7A09877FDAEC00E3AC1F9758FF). 7. 2.2024 11:30:15 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 7 Administrators Share Posted February 7 Are you able to delete the detected file at the said path? If so and only real-time protection has problems removing it, please raise a support ticket. Link to comment Share on other sites More sharing options...
itman 1,751 Posted February 7 Share Posted February 7 (edited) 4 hours ago, IK4 said: /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd It appears this is the source of the malicious script injection Eset is detecting. Since its a system process, Eset can't access it to perform remediation; Quote What is Cloudd on Mac? Cloudd on Mac, like most processes ending with a d, is a daemon that runs in the background and handles system tasks. It is closely related to CloudKit, as the man page tells us. If you want to check the man page yourself, execute the following command in Terminal.man cloudd Cloudkit is Apple's framework that allows macOS and third-party apps to store data on iCloud for syncing to other devices. It can also be used to sync your Mac's desktop and documents to other devices. The Cloudd process works whenever an application syncs data to or from iCloud on your Mac. You can locate Cloudd by opening Finder, clicking Go > Go to Folder from the top, and entering /system/library/privateframeworks/cloudkitdaemon.framework/support/cloudd. https://iboysoft.com/wiki/cloudd.html Edited February 7 by itman Link to comment Share on other sites More sharing options...
Solution IK4 0 Posted February 16 Author Solution Share Posted February 16 On 2/5/2024 at 10:34 AM, alialki said: Can you tell me if you have a solution for this issue its been months that I am getting the same threat and keep deleting it and its very annoying to be honest I'll be honest, the only way I have found to delete it is to do a full factory reset of the Mac. Then install ESET straight after the install which still picks up the threat even after a full reset. ESET was then successfully able to remove the threat. Wonder how it still managed to stay? The message hasn't appeared for a couple of days now - hopefully it's gone. Link to comment Share on other sites More sharing options...
Recommended Posts