What to do if you see VBS: Malware-gen alert on Mac

There have been several trojans, browser hijackers, and other forms of malware that have found their way onto Macs in recent years, but VBS: Malware-gen wasn’t one of them. In fact, it appears it never existed at all, instead of being the result of a flaw in at least one antivirus program. 

What you need to know about VBS:Malware-gen

In early 2015, Avast antivirus tool users noticed an alert from their antivirus software telling them that they had blocked a threat and listed the infection as “VBS:Malware-gen.” According to the pop-up from the AV software, the threat was detected in an Amazon shopping page, a Twitch stream, or in some cases, on a file on the user’s computer. Users were then encouraged to run a scan.

Many sites and user forums reported on VBS:Malware-gen is a trojan or a worm that attacks PCs and Macs through infected downloads or websites. It steals personal data or installs additional malware. 

In fact, as Avast confirmed, it’s not a trojan, or a worm, or any other kind of malware. In fact, it doesn’t exist at all. It’s the result of what’s known as a “false positive.” In computer security terms, a false positive is when a detection system such as an antivirus scan picks up something that it mistakenly believes to be a threat. It then carries out the same procedure as it would for anything else it detected, including displaying a warning.

This was confirmed in a forum post by the Head of Avast great Labs in February 2017, who wrote: “What happened?

The VPS 20170221-1 contained an invalid script detection that resulted in a significant false-positive across the Avast userbase.


How did this happen?

The Threat Labs team deployed a change in detection verification logic that moved the verification to an earlier detection release process stage. Multiple factors, including the deployment of new backend version, caused this detection to bypass safety checks that are normally in place resulting in its release.”

Avast apologized for the detection and promised users that it would work hard to prevent such occurrences in the future. It also said that it was “implementing additional checks in the detection generation, detection validation, and detection testing processes to prevent such errors in the future.”

There were later reports from some users that they still saw the detection alert. 

What to do if you see a VBS:Malware-gen threat detection alert

The best thing you can do is ignore it and carry on with what you were doing. While this isn’t a fake virus alert of the kind that are designed to prompt you into clicking a link or calling a telephone number, your response should be the same. Dismiss the alert and ignore it. Check that you’re running the most up-to-date version of Avast using the Check for Updates feature, which should be under the Avast menu. If you can, set Avast to update automatically. That way, whenever Avast issues a patch with updating itself and fixing problems like this, it will be automatically applied on your Mac.

If updating Avast doesn’t work and the alert really bothers you, you can uninstall it and consider using a tool like CleanMyMac X.

CleanMyMac X has a built-in Malware Removal tool that scans your Mac for thousands of malware threats, including adware, spyware, worms, miners, and more. If it finds anything, it allows you to remove it with a click (of course, it won’t detect VBS:Malware-gen since it doesn’t exist). 

Here’s how to use it:

  1. Download CleanMyMac X (for free).
  2. Launch CleanMyMac from your Applications folder.
  3. Choose the Malware Removal utility in the left sidebar.
  4. Press Scan. 
  5. Wait for CleanMyMac to scan your computer. If it finds anything, press Remove. 
Malware removal module of CleanMyMacX

And that’s it. Once it’s finished, it will give your Mac a clean bill of health. You can then run the scan regularly to make sure your Mac is as safe as new.

VBS:Malware-gen is not a virus. It’s not even malware. In fact, it doesn’t exist. The alert was caused by a flaw in Avast antivirus software that caused it to show a false positive; that is, it though it had detected malware even there was nothing there. If you use Avast, you should update to the latest version and keep it updated. And if you see the VBS:Malware-gen alert, ignore it.

If you want an alternative to antivirus software for removing malware, consider CleanMyMac X, which can detect and remove it with a couple of clicks.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.