Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Resolved Phishing and restoration from Time Machine

V

ViciousFrank

macrumors newbie
Original poster
Jul 17, 2013
8
0
Montreal, QC, Canada
Hi!

A friend of mine got phished by a "Network Security Shield" company... She granted full access to her mac and they installed unwanted software.

I find the instructions for a full restore from Time Machine from a state previous to the attack. But, I am asking myself what are the risk that Time Machine backups could be compromised?... Should I be this paranoid?

And if I do a clean install. What would be the best way to restore her files?
 
Last edited:
Sorry to hear about this situation happening to your friend. The risks that the Time Machine backups are compromised from a date before this issue are remote to say the least. I believe that is your best option.

If you decide that you want to do a clean install instead, then the best way to restore the files from the backup are to drag and drop them from the backup using Finder, you may have to adjust the permissions of the files on the drive if you do this.
 
Thank you. At first, I had this impression a Time Machine restore would be enough, too, but then I read this:

http://www.thesafemac.com/tech-support-scam-pop-ups/

If the scammers requested remote access to your computer, in order to “troubleshoot” the “problem,” and if you did whatever they asked to give them that remote access, your Mac should be considered compromised. [...]

In such a case, in order to be sure your machine is clean, you have only one option: erase the hard drive, reinstall the system and all your applications from scratch and very selectively restore only your documents from a backup. For more information, see How to reinstall Mac OS X from scratch.
Click to expand...

So I am hesitating. But thanks a lot you for your insight.
 
It depends. Did she have the time machine backup before she gave access? If so, reinstall from the backup. If not, you can try to reinstall from an older backup.
 
@bookwormsy
Yes she had backup of before she gave access. The question is, could it be possible that the installed software and kext would comprise the old backups since TimeMachine was connected during and after the phishing?

It would be a difficult hack, but it's theoretically possible.

Maybe I am a little too paranoiac, but I am avoiding the risk by doing a clean install.
 
Yes, it's theoretically possible.

I like the idea of a clean install. You can then use Migration Assistant to restore from the TM backup. You can then choose what it brings across. (I wouldn't migrate applications, for example.)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back