iMac virus?

Discussion in 'Mac Basics and Help' started by imacdave1, Dec 15, 2015.

  1. imacdave1 macrumors newbie

    Joined:
    Feb 1, 2015
    #1
    I started working on pc's in the mid 90's I got so good at it whenever so,some from work had a problem with their pc's they'd bring it over to my place and I'd fix it for them.

    About a year ago I was bored with iPhone so I jail broke it, when I did that all hell broke lose. Immediately after someone had taken total control of iMac they hacked into every email account I had and on one of email accounts they deleted 10 years worth of email. They hacked into my Facebook account and took it over as well and even though I contacted Facebook and told them to delete the account because it had been hacked into they refused to,do it so I stopped using that account and created another one. The only thing all my emails accounts and my Facebook account had in common was my iMac.

    No matter what I did I couldn't get the malware off my iMac and because I wasn't familiar at disassembling an iMac I took it in to an apple repair shop and had them replace the hardrive but the kid that replaced the hard drive transferred everything off the old hard drive onto the new HD including the malware. I finally had enough and unplugged the iMac and put it in the closet and started using either my iPad or my Del laptop whenever I needed to get on a computer.

    I want to start using my iMac again but the malware is still on it my question is how do I completely format a hardrive that has Mavericks loaded on it? I know how to format the HD but Apple has a partition that's a read only and supposedly can't be removed but I'm almost positive that's where the malware is located and that's where my problem lies. Getting rid of that partition and reinstalling a fresh operating system one I load off a DVD not one that I download. Anyone got any advice on completely removing all partitions and creating a new master boot record?
     
  2. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #2
    (Don't you already have a much newer thread that you started with this issue from last spring?)
    http://forums.macrumors.com/threads/help-hacked.1843314/

    If you are ready to erase the hard drive - download the OS X installer. If you have purchased Mavericks, then that will be in your App Store, in the Purchased tab.
    When that downloads, the installer will automatically launch. Quit the installer at that point.
    Make a bootable installer from your downloaded OS X installer app. There's several sites that tell you how to do that thought the terminal. If you want to make that easy, download the good DiskmakerX app.
    You can use an 8GB USB flash drive for that installer.
    Boot to your new installer drive. Run Disk Utility. Remove all partitions, using the Partition tab. That will also remove the Recovery partition, which is normally hidden. You can easily do that in the Partitions tab, by choosing the Partition Layout dropdown, and clicking on 1 Partition. Then, click the Apply button. That will then erase the drive, leaving you with 1 partition. The hidden recovery partition is gone, too.
    Quit Disk Utility, then reinstall OS X. Try to pay attention to where you browse from now on.

    BTW - Apple doesn't use a "master boot record", as it uses the HFS+, or OS X Extended format, which now is a GUID type partition. Some references to Windows-type formats just don't apply to OS X and the disk formats that it uses natively.
     
  3. imacdave1 thread starter macrumors newbie

    Joined:
    Feb 1, 2015
    #3
    Thank you for the reply and the information its been almost a year since I used my iMac and knew I had the jargon screwed up. To the best of my recollection the GUID remains intact which is where I think the malware is located because that the only part of the hardrive I can't remove and replace. What I was thinking about doing is physically removing the hard drive hooking up to my Dell laptop as an external hardrive and formatting the drive that in theory Windows would see the GUID ignore it and remove it than I could create a MBR for the external drive and format it removing everything off the hard drive that I couldn't remove before because of the way Apple has their system set up.

    The problem is so sever I had my Dell laptop set up next to iMac. I had walked away for a few minutes when I returned the two computers had actually connected to one another and I could see files were being transferred from my Dell to my iMac and I hadn't done a thing to either computer so they share files. I knew someone was accessing my iMac so I started deleting my passwords off gatekeeper when all of a sudden a lock appeared out of no where and I couldn't access gatekeeper any longer, I was actually locked out of my own system and had to format the hard drive to gain access again but the malware remained on the HD and continued to exploit my iMac. After that I said screw it, boxed up the iMac and put it in the closet.
     
  4. aristobrat, Dec 15, 2015
    Last edited by a moderator: Dec 15, 2015

    aristobrat macrumors G5

    Joined:
    Oct 14, 2005
    #4
    I've never seen OS X malware that required going to this extreme to remove, but you should be able to make a bootable USB thumb-drive that has contains a Mac OS X installer, boot your iMac from that, use the Terminal app to completely remove all partitions from your internal drive, and then re-install OS X.

    Also, as for your email password and accounts being constantly modified, you should be able to add 2-factor authentication on them, so that a code texted to your phone is required before any changes can be made to those accounts.
     
  5. imacdave1, Dec 15, 2015
    Last edited: Dec 15, 2015

    imacdave1 thread starter macrumors newbie

    Joined:
    Feb 1, 2015
    #5
    I had 3 different email accounts one on AOL, one on Yahoo and one on gmail and had set them up so I had 2 factor authentication an all three accounts and what the hackers were doing is changing one of the authentication methods and change the password so that when I would try to access my email I couldn't because I didn't have the correct information for one of the two authentication methods. I ultimately gave up all 3 accounts and created a couple new accounts on hotmail and gmail. Now I have it set up so the only form of authentication I use is via text message which is sent directly to my phone. If anyone tries to make any changes to my email accounts they'd have to request a text message be sent which I would see immediately.

    This is malware that I have never seen before. I've worked on pc's that had a virus infect the bios but getting rid of it was easy. I flashed the bios and removed the virus problem solved
     
  6. aristobrat, Dec 15, 2015
    Last edited by a moderator: Dec 15, 2015

    aristobrat macrumors G5

    Joined:
    Oct 14, 2005
    #6
    There's so little Mac malware out there that it's statistically improbable that your Mac has some variant that hasn't been talked about before on the forums here. When Mac malware comes out that actually works, there's almost always a bunch of folks here that have problems with it. Did you identify which malware it was?
     
  7. AppleHater macrumors 6502a

    Joined:
    Jun 9, 2010
    #7
    Next time, when you boot up your mac, hold down command and r buttons until Apple logo comes up. From there, you'll have disk utility and OS install options. Using disk utility, you can wipe out your hard drive and fresh install OS X. Search up how to wipe mac hard drive for detailed instruction.
     
  8. imacdave1 thread starter macrumors newbie

    Joined:
    Feb 1, 2015
    #8
    been there done that but thank you for the suggestion.

    All this happened right after I jail broke my iPhone and even though I no longer have that iPhone and upgraded to the iPhone 6 I'm still havimg some security issues but beings my iMac is boxed up and put away the security problems I'm dealing with on my Dell laptop are manageable and I can fix the laptop myself. With my iMac I'm concerned about taking off the screen just to get to the internal components so I have to pay someone to do it and I shelled enough money for doing something stupid like jail breaking my iPhone.

    Because I'm positive my laptop is virus free I won't hook up either of my iPads or my iPhone to it. Personally I believe Apple has become complacent and are sitting on their laurels of building a computer that remains virtually virus free. If Apple were to ever fess up and admit they have an OS with security issues their sales would drop drastically. The everyday user just wants to jump on the computer and not have to worry about their computer getting hacked into which is a problem Windows has been dealing with forever.
     
  9. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #9
    One problem with that method is: Command-R boots you to the Recovery system, which is the OTHER (hidden) partition that the OP thinks can't be deleted. And, you can't delete THAT partition while you are booted to it.
    That's when you would use either a USB flash drive OSX installer, or an external hard drive with a bootable OS X installer partition. That will allow you to modify ALL partitions on the internal drive. Even though it would be unlikely that any malware would be loaded on the recovery system, if you boot to another drive, that can be deleted, too. All clear for a fresh install of OS X, as you wish.
     

Share This Page