< The MacPaw How-tos

How to remove VBS:Malware-gen from Mac


There have been several trojans, browser hijackers and other forms of malware that have found their way onto Macs in recent years, but VBS:Malware-gen wasn’t one of them. In fact, it appears it never existed at all, instead being the result of a a flaw in at least one antivirus program. 


What you need to know about VBS:Malware-gen

In early 2015, users of Avast antivirus tools noticed an alert from their antivirus software telling them that they had blocked a threat and listed the infection as “VBS:Malware-gen”. According the the pop-up from the AV software, the threat was detected in an Amazon shopping page, a Twitch stream, or in some cases, on a file on the user’s computer. Users were then encouraged to run a scan.

Many sites and user forums reported on VBS:Malware-gen as a trojan or a worm that attacks PCs and Macs through infected downloads or websites, and that it steals personal data or installs additional malware. 

In fact, as Avast confirmed, it’s not a trojan, or a worm, or any other kind of malware. In fact, it doesn’t exist at all. It’s the result of what’s know as a “false positive”. In computer security terms, a false positive is when a detection system such as an antivirus scan picks up something that it mistakenly believes to be a threat. It then carries out the same procedure as it would for anything else it detected, including displaying a warning.

This was confirmed in a forum post by the Head of Avast great Labs in February 2017, who wrote: “What happened?

The VPS 20170221-1 contained an invalid script detection that resulted in a significant false positive across the Avast userbase.

VBS:Malware-gen

How did this happen?

The Threat Labs team deployed a change in detection verification logic which moved the verification to an earlier stage of the detection release process. Multiple factors including deployment of new backend version caused this detection to bypass safety checks that are normally in place resulting in its release.”

Avast apologized for the detection and promised users that it would work hard to prevent such occurrences in the future. It also said that it was “implementing additional checks in the detection generation, detection validation and detection testing processes to prevent such errors in the future.”

There were later reports from some users that they were still seeing the detection alert. 

What to do if you see a VBS:Malware-gen threat detection alert

The best thing you can do is ignore it and carry on with what you were doing. While this isn’t a fake virus alert of the kind that are designed to prompt you into clicking a link or calling a telephone number, your response should be the same. Dismiss the alert and ignore it. Check that you’re running the most up-to-date version of Avast by using the Check for Updates feature, which should be under the Avast menu. If you can, set Avast to update automatically. That way, whenever Avast issues a patch to update itself and fix problems like this, it will be automatically applied on your Mac.

If updating Avast doesn’t work and the alert really bothers you, you can uninstall it and consider using a tool like CleanMyMac X.

CleanMyMac X has a built-in Malware Removal tool that scans your Mac for thousands of malware threats, including adware, spyware, worms, miners, and more. If it finds anything, it allows you to remove it with a click (of course, it won’t detect VBS:Malware-gen since it doesn’t exist). 

Here’s how to use it:

  1. Download CleanMyMac X (for free).
  2. Launch CleanMyMac from your Applications folder.
  3. Choose the Malware Removal utility in the left sidebar.
  4. Press Scan. 
  5. Wait for CleanMyMac to scan your computer. If it finds anything, press Remove. 

Scanning Mac for malware

And that’s it. Once it’s finished, it will give your Mac a clean bill of health. You can then run the scan regularly, to make sure your Mac is as safe as new.


VBS:Malware-gen is not a virus. It’s not even malware. In fact, it doesn’t exist. The alert was caused by a flaw in Avast antivirus software that caused it to show a false positive, that is, it though it had detected malware even there was nothing there. If you use Avast you should update to the latest version and keep it updated. And if you see the VBS:Malware-gen alert, ignore it.

If you want an alternative to antivirus software for removing malware, consider CleanMyMac X which can detect and remove it with a couple of clicks.


Share it! Knowledge is power:
MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.