An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Drive Genius Caution
#42213 10/21/16 01:57 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
This morning I got this caution from Drive Genius:

Warning:

The applications that open automatically when you login have been changed. While a normal circumstance when installing an application, this can be used by malware in an attempt to hijack your computer.

Removed: AdobeResourceSynchronizer.app, Canon IJ Network Scanner Selector EX.app, and 3 other items…

1. Drive Genius does not say what the "3 other items" are.

2. When I clicked on Review Log-in items, DG took me to my Systems Preferences window, which didn't (to my eye) tell me anything.

3. I ran Detect X "All Searches" and it said everything is okay.

4. Things seems to be operating normally (including my Canon which is one of the items identified)

Colour me confused. Any thoughts?



ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Drive Genius Caution
ryck #42220 10/21/16 06:46 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
The current Drive Genius version only monitors changes in the login items via DrivePulse*, it doesn’t make them. Such changes usually happen immediately after installation of new login items, but occasionally also after logout-login in or rebooting. This is ‘normal behavior’ for login items, including malicious ones. Hence DG’s warning, which has to be evaluated in context. Unless you know otherwise (and you’ll probably recognize an issue when you see it listed), it is usually fine to ‘Ignore’ the warning.
I suspect that the removed items in your case represent superseded versions of updated login items. You might want to check the modification dates of the 2 known items to see if that tells you more. That date/time might also help you find the name of the other three, checked against all your login items in System Prefs.

*) DrivePulse is a menubar item, and its pulldown menu sports an ‘Event Viewer’ listing the latest information about the items checked in DP’s prefs, like login item changes.


alternaut moderator
Re: Drive Genius Caution
alternaut #42227 10/21/16 10:07 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: alternaut
You might want to check the modification dates of the 2 known items to see if that tells you more.

AdobeResourceSynchronizer.app - does not seem to reside on my drive

Canon IJ Network Scanner Selector EX.app - I have two of these, each in different Canon folders, with the same version number but different modified dates (Oct 2012, Sept 2014)

Originally Posted By: alternaut
*) DrivePulse is a menubar item, and its pulldown menu sports an ‘Event Viewer’ listing the latest information about the items checked in DP’s prefs, like login item changes.

Checked this...it didn't have anything with names of log-in items. There was only a long list of Drive Genius activities.

Originally Posted By: alternaut
Unless you know otherwise (and you’ll probably recognize an issue when you see it listed), it is usually fine to ‘Ignore’ the warning.

I think that's what I'll do. Thanks very much for the help.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Drive Genius Caution
ryck #42259 10/24/16 02:58 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: ryck
The applications that open automatically when you login have been changed. While a normal circumstance when installing an application, this can be used by malware in an attempt to hijack your computer.

Colour me confused. Any thoughts?

You probably don't have to enter your password to do privileged operations. It has a privileged helper running, and listens for requests from the main app, and performs them with elevated privileges. A message like you're seeing suggests their helper isn't totally secure from receiving requests to do other evil things from other processes. A bit of malware written that's aware of that helper may use it to install and take over your computer automatically when launched, instead of needing to con you into entering your password when it launches.

It's a Back Door


I work for the Department of Redundancy Department
Re: Drive Genius Caution
Virtual1 #42272 10/24/16 07:33 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: Virtual1
It's a Back Door

Thanks for that. Interestingly, where the original caution said that Drive Genius removed three items, today it sent a message saying that it installed the same three items.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Drive Genius Caution
ryck #42321 10/26/16 06:53 PM
Joined: Aug 2009
Offline

Joined: Aug 2009


I work for the Department of Redundancy Department

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.019s Queries: 26 (0.013s) Memory: 0.5963 MB (Peak: 0.6700 MB) Data Comp: Zlib Server Time: 2024-03-29 11:02:45 UTC
Valid HTML 5 and Valid CSS