Malware locked my MBP ??? Help!

Discussion in 'MacBook Pro' started by samirnyc, Feb 1, 2016.

  1. samirnyc macrumors newbie

    Joined:
    Jan 31, 2016
    #1
    Is it possible that I accidentally installed malware that took over my computer via the "Profile" section and locked the computer? It is now asking for a 6 digit code. When I attempt recovery mode it is asking what I believe to be a Firmware Password.

    I bought the MBP used and somebody else was suggesting it may be a stolen unit that is enrolled in the Apple Deployment Program and what I installed was actually that companies profile and then they locked me out.

    How would I know the difference? Im sitting on a $1700 paperweight and would like to find out what options I have. How can I confirm the unit being enrolled in the Apple Deployment Program and, more importantly, how do determine if it is stolen unit?

    Any help is appreciated,

    Thanks
     
  2. laurihoefs macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    #2
    I'd suggest you contact the seller.

    It does not matter if it is enrolled in Apple Deployment Program or if it was tied to an iCloud account. There's no difference now the device is locked, and it can only be unlocked by the person/company/institution that locked it.

    Maybe there's another explanation, but most likely you've bought a stolen laptop, and the owner remotely locked it.
     
  3. Bending Pixels macrumors 65816

    Joined:
    Jul 22, 2010
    #3
  4. laurihoefs macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    #4
    Firmware password is not the same as the pin a remotely locked Mac requests.
     
  5. samirnyc thread starter macrumors newbie

    Joined:
    Jan 31, 2016
    #5
    Thanks laurihoefs, so even after resetting the firmware pw it would still ask for the pin? Do I have any options here or did I buy a really expensive paperweight?
     
  6. laurihoefs macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    #6
    It would still ask for the pin, and none of the three options listed in the linked page actually work to reset the fw password: option 1 and 3 only work on some specific older Macs, option 2 requires you have a proof of purchase.

    I take you don't have a receipt?
     
  7. samirnyc thread starter macrumors newbie

    Joined:
    Jan 31, 2016
    #7
    Neither I nor the person that sold it to me have a receipt. The seller said he bought it brand new on eBay and is trying to get the receipt from the person he purchased it from. What if I had the entire logic board replaced? Would that give me a clean machine? Thanks for your replies.
     
  8. laurihoefs macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    #8
    Replacing the logic board is really costly, close to the price of a new complete laptop.

    How long have you had the laptop? Did you have your own iCloud account set up on it?

    There's also a possibility your iCloud account has been compromised, and someone has locked the laptop either as a prank, or as an attempt to extort money from you.
     
  9. samirnyc thread starter macrumors newbie

    Joined:
    Jan 31, 2016
    #9
    I'm losing hope...I've had it for 1 week but only started using it 2 days ago. I used "Migration Assistant" to move my Backup from my other Mac onto the new MBP, so yes, iCloud was set up. The MBP in question also shows in My Devices in iCloud and in the Find My..section in iCloud. The status reads" Locked January 30 10:36PM" When I tell it to play a sound and boot the MBP I hear the Find My...sound, so I guess it's still connected to my wifi. How could somebody have locked it if it was in my iCloud devices??
     
  10. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #10
    If you bought this from somewhere that accepts returns, you should take advantage of that policy. You definitely bought a computer that belongs to someone else. A computer that's part of Apple's Device Enrollment Program, as yours is, is effectively useless and no authorized repair facility is going to just replace the logic board for you.
     
  11. samirnyc thread starter macrumors newbie

    Joined:
    Jan 31, 2016
  12. leman macrumors 604

    Joined:
    Oct 14, 2008
    #12
    Hey samirnyc, as we already covered this in the other thread, this is no malware but Apple's own official remote configuration tool. Again, you only real option is contacting the seller/Apple/company who locked your machine and trying to sort this thing out. I hope you'll find a solution soon, I'm sure that this is an extremely unpleasant situation for you :(
     
  13. joe-h2o macrumors 6502a

    Joined:
    Jun 24, 2012
    #13
    I would definitely return it and get your money back - you bought a stolen laptop. Sorry.
     
  14. MrAverigeUser macrumors 6502a

    MrAverigeUser

    Joined:
    May 20, 2015
    Location:
    europe
    #14

    I´d NOT contact the seller again, but contact the police.


    THEY will find the persons responsible and THIS is also the only way to get back at least a part of your money.

    I NEVER buy things of value without picking them up personally and testing everything before paying.


    And I demand always the serial no. before even picking them up.

    i NEVER buy things if someone shows only pictures copied from ads...

    If the vendor claims having it purchased himself "brand-new" I demand a copy of the bill to be shure that his claims are correct and to be shure that it hash´t been stolen.


    If there is still a box existing with the same serial no. and for example also the old DVDs (models until 2012) it is much more likely that it is NOT stolen. Thiefs NEVER lose time in searching for boxes and DVDs.. in homes… they are in hurry.


    Perhaps you will act like that in future times as well…

    The person who is responsible for that stolen mac deserves to be arrested and stopped from more criminal acts like that.


    and since someone has been in contact with the stolen mac and did the shut-down you are in risk to be accused of at least keeping a stolen machine with you although you got more and more evidence of that fact. So you will protect yourself as well from very uncomfortable questions and more…


    take out your OWN Disk before you go to the police - if not, the disk (with all your private data on it) will be declared as part of the stolen machine..

    good luck.
     
  15. felt. macrumors 6502a

    Joined:
    Mar 13, 2008
    Location:
    Canada
    #15
    On a pc you would pull the CMOS battery to clear the bios password, maybe there is an equivalent solution for the mac.
     
  16. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #16
    Not in this case.
     
  17. felt. macrumors 6502a

    Joined:
    Mar 13, 2008
    Location:
    Canada
    #17
    So a proprietary firmware flashing tool then? there is obviously a solution even if it isn't public.
     
  18. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #18
    Sure, Apple can unlock these with proper documentation of ownership, but they won't unlock this one.
     
  19. samirnyc thread starter macrumors newbie

    Joined:
    Jan 31, 2016
    #19
    Thank you all for your replies. I did end up having the entire thing flashed and that did allow to reinstall the OS and boot up properly BUT the notification came back every 30 minutes. At that point I confronted the seller a little more aggressively and he ultimately agreed to take the unit back for a full refund, including the $200 I spent on flashing it. Tomorrow my refurb arrives from Apple directly with the same specs and it was only $140 more than I originally spent on the Craigslist one. Lesson learned :)
     
  20. Steve121178 macrumors 68040

    Steve121178

    Joined:
    Apr 13, 2010
    Location:
    Bedfordshire, UK
    #20
    Happy to hear you got this resolved with a positive outcome!
     
  21. MrAverigeUser macrumors 6502a

    MrAverigeUser

    Joined:
    May 20, 2015
    Location:
    europe
  22. High Desert macrumors regular

    Joined:
    Nov 26, 2015
    Location:
    Powell Butte, Or.
    #22
    You're right, Lesson learned. Glad yo were persistent and able to get this resolved quickly.
     

Share This Page