5

I received the following alert from Bitdefender for Mac:

Threat requires removal
Feature: antivirus
We identified a threat that needs to manually deleted.
Threat name: Gen:Variant.Application.MAC.Genieo.1
Path: /Volumes/SearchOffers/SearchOffers.app/Contents/MacOS/SearchOffers

I am unable to locate the directories or files noted.
I am running MacOS Mojave.

Improve this question
4
  • 1
    What antivirus is this? Because if an antivirus software tells me to manually delete files (supposedly because it itself, running with full privileges, is unable to do so), then the antivirus software would be wiped together with the rest of the system, and it's not going to be reinstalled.
    – markus-nm
    Commented Aug 12, 2019 at 12:54
  • the antivirus software is Bitdefender Antivirus for Mac - most often it deletes threats, but at times it apparently is unable to do so and those require manual deletion
    – hcrray
    Commented Aug 12, 2019 at 15:25
  • 2
    @markus-nm So, if a virus is located on a CD-ROM, you blame the anti-virus for not being able to remove it?
    – Mast
    Commented Aug 12, 2019 at 17:52
  • If the anti-virus tells me to DELETE a file from a CD-ROM then yes, I do blame the antivirus (or rather I would consider it to be a bad product and not use it).
    – markus-nm
    Commented Aug 13, 2019 at 10:42

2 Answers 2

Reset to default
1

/Volumes/SearchOffers means it is a "disk drive" of some kind: either

  • a volume on one of your own hard drives, but it could delete that
  • A USB fob or similar
  • A CD-ROM, DVD etc. This might be a media CD or DVD (music or movie) with additional features. This would be read-only, which would explain why the antivirus can't remove it. If so simply eject it.
  • a mounted disk image, which comes out of a disk image file such as .DMG. Many of these are read-only.

You can launch a Finder window, and look along the left edge for a "disk drive" called SearchOffers. It should be readily visible if it is mounted. You can single-click to select it, then hit "Get Info" to determine the source .DMG file if any. Then select File/Eject... And then delete the .DMG.

You can instead launch Disk Utility (Finder, Applications, Utilities) and it will list the volume SearchOffers under whichever disk drive or .DMG it came from. (Assuming you haven't ejected it yet).

Careless behavior in Disk Utility can do a lot of damage to disks other than your boot disk, so be careful and read any "Are you sure?" messages. But it's not nearly as touchy as Terminal.

Given the name, I suspect this is a .DMG file that came bundled with software you obtained from one of the "download software" sites out there. In the future, use preferentially first the Apple App Store, then the software manufacturer's own page (which, granted, can be difficult to identify clearly).

Improve this answer
13

The fact that it's in /Volumes raises the possibility that it's in a mounted disk image, which might have to be unmounted rather than deleted. Use the command diskutil list to see if that's the case. If it shows up as a mounted volume, use diskutil unmount /Volumes/SearchOffers. Then delete whatever .dmg file it was mounted from.

If it's not a mounted volume, just do this: 

sudo rm -rf /Volumes/SearchOffers

NOTE: sudo rm -rf… is a very dangerous command. Be careful to get the path exactly right. If you accidentally put a space in the path in the wrong place, it could start trying to wipe your entire system.

Improve this answer
2
  • 3
    Regarding the "Note", this question may be useful for OP to make sure they're deleting the right things before damage is done: unix.stackexchange.com/a/120286
    – Bilkokuya
    Commented Aug 12, 2019 at 13:39
  • to be sure I understand correctly - when I do the "diskutil list" command the volume for which I should be looking is SearchOffers?
    – hcrray
    Commented Aug 12, 2019 at 15:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .