Yesterday I ran a full system scan using my Avast antivirus software and it found a infection file. The file's location is :
/private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64
Avast categorizes the infection file as :
JS:Cryptonight [Trj]
So, after deleting the file I did several more full system scans to check to see if there were any more files. I found nothing, until I restarted my macbook pro today. The file reappeared in the same location. So I decided to let Avast put it in the virus chest, restarted the laptop, and again the file was in the same location again. Therefore the virus is re-creating the file every restart of the laptop.
I want to avoid wiping the laptop and re-installing everything, so that is why I am here. I researched the file path and cryptonight and found out that cryptonight is/can be malicious code that can run in the background of someone's computer to mine cryptocurrency. I've been monitoring my CPU usage, Memory, and Network and I haven't seen a single odd process running. My CPU is running below 30%, my RAM is generally below 5GB (installed 16GB), and my network hasn't had any processes sending out/receiving large amount of data. So if something is mining in the background, I can't tell at all. I have no clue what to do.
My Avast runs full system scans every week, so this just recently became an issue this week. I checked all of my chrome extensions and nothing is out of order, I haven't downloaded anything special within the past week, besides the new Mac operating system (macOS High Sierra 10.13.1). So I have no clue where this has came from to be honest and I have no clue how to get rid of it. Can someone please help me out.
I suspect that this supposed “virus” is coming from the Apple update and that it is just a pre-installed file that is created and runs every time the OS is booted/rebooted. But I am unsure since I only have one MacBook and no one else that I know that has a mac has updated the OS to High Sierra. But Avast keeps labeling this as a potential “Cryptonight” virus and no one else online has posted anything about this issue. Therefore, a common virus removal forum isn't helpful in my situation, since I've already attempted to remove it with both Avast, malwarebytes, and manually.