At my wits end: unable to remove virus Trojan.GenericKD.71025853 from InstallerSandboxes directory

ron223

Mac Studio M1

Mac OS Ventura 13.6.3

Bitdefender 9.4.1.4

Hello,

Bitdefender found a virus which it cannot remove/quarantine and instructs the user to manually remove.

Bitdefender Report:

We identified a threat that needs to be manually removed.

Threat name: Trojan.GenericKD.71025853

Path: /Library/InstallerSandboxes/.PKInstallSandboxManager/DB631B72-5247-4751-8065-DEC981672912.activeSandbox/Root/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/Applications/MobileSlideShow.app/CPAnalyticsConfig-Photos.json

What I tried and did not remove the threat (confirmed by repeat Bitdefender scans)

• despite having administrator privileges and using "show hidden files" in Finder, I am unable to open the /Library/InstallerSandboxes/.PKInstallSandboxManager/ folder, and all efforts to unlock the folder via File → info which did not work despite the face I have read and write privileges.

• reboot

• reboot in safe mode

• reinstall Ventura

• clear all caches (using Clean My Mac)

•

I never access web sites which could be suspicious in any way, and I always have Bitdefender running.

Thanks very much for your time and help

Flexx

https://community.bitdefender.com/en/discussion/98317/at-my-wits-end-unable-to-remove-virus-trojan-generickd-71025853-from-installersandboxes-directory

Here are the steps to attempt manual removal:

1. Disable System Integrity Protection (SIP) temporarily:
   • Restart your Mac in Recovery Mode (hold Command + R during startup).
   • Open Terminal from the Utilities menu.
   • Type csrutil disable and press Enter.
   • Restart your Mac normally.
2. Atempt to delete the file:
   • Open Finder and press Command + Shift + G.
   • Paste the exact path to the file: /Library/InstallerSandboxes/.PKInstallSandboxManager/DB631B72-5247-4751-8065-DEC981672912.activeSandbox/Root/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot/Applications/MobileSlideShow.app/CPAnalyticsConfig-Photos.json
   • Right-click the file and select "Move to Trash."
   • If prompted, enter your administrator password.
3. Re-enable SIP:
   • Repeat steps 1 and 2 from Recovery Mode, but use csrutil enable instead.

If manual removal fails, consider these additional measures:

• Reinstall Xcode: If the threat is associated with Xcode, reinstalling it might help.
• Restore from a backup: If you have a clean backup from before the infection, restore your system to eliminate the threat.

If issue persists, kindly contact Bitdefender support by visiting https://www.bitdefender.com/consumer/support/

Depending on the product you've selected and the issue you're facing, you can reach a support representative via email, chat, or phone.

If you choose email support, you will receive a ticket number in your registered email. Kindly generate and attach the following logs to the ticket for macOS:

Bitdefender BDsysLog for macOS: https://www.bitdefender.com/consumer/support/answer/11198/

Bitdefender BDProfiler log for macOS: https://www.bitdefender.com/consumer/support/answer/1863/

If the generated logs are larger than 25 MB, which is the attachment limit for most email vendors, you can upload the logs to https://upload.bitdefender.net/ and share the link with the support team.

Regards