Resolved Phishing and restoration from Time Machine

Discussion in 'Mac Basics and Help' started by ViciousFrank, Apr 22, 2015.

  1. ViciousFrank, Apr 22, 2015
    Last edited: Apr 22, 2015

    ViciousFrank macrumors newbie

    Joined:
    Jul 17, 2013
    Location:
    Montreal, QC, Canada
    #1
    Hi!

    A friend of mine got phished by a "Network Security Shield" company... She granted full access to her mac and they installed unwanted software.

    I find the instructions for a full restore from Time Machine from a state previous to the attack. But, I am asking myself what are the risk that Time Machine backups could be compromised?... Should I be this paranoid?

    And if I do a clean install. What would be the best way to restore her files?
     
  2. Kissmyne macrumors 6502

    Kissmyne

    Joined:
    Apr 21, 2015
    #2
    Sorry to hear about this situation happening to your friend. The risks that the Time Machine backups are compromised from a date before this issue are remote to say the least. I believe that is your best option.

    If you decide that you want to do a clean install instead, then the best way to restore the files from the backup are to drag and drop them from the backup using Finder, you may have to adjust the permissions of the files on the drive if you do this.
     
  3. ViciousFrank thread starter macrumors newbie

    Joined:
    Jul 17, 2013
    Location:
    Montreal, QC, Canada
    #3
    Thank you. At first, I had this impression a Time Machine restore would be enough, too, but then I read this:

    So I am hesitating. But thanks a lot you for your insight.
     
  4. bookwormsy macrumors 6502

    Joined:
    Jul 7, 2010
    #4
    It depends. Did she have the time machine backup before she gave access? If so, reinstall from the backup. If not, you can try to reinstall from an older backup.
     
  5. ViciousFrank thread starter macrumors newbie

    Joined:
    Jul 17, 2013
    Location:
    Montreal, QC, Canada
    #5
    @bookwormsy
    Yes she had backup of before she gave access. The question is, could it be possible that the installed software and kext would comprise the old backups since TimeMachine was connected during and after the phishing?

    It would be a difficult hack, but it's theoretically possible.

    Maybe I am a little too paranoiac, but I am avoiding the risk by doing a clean install.
     
  6. CreatorCode macrumors regular

    CreatorCode

    Joined:
    Apr 15, 2015
    Location:
    US
    #6
    Yes, it's theoretically possible.

    I like the idea of a clean install. You can then use Migration Assistant to restore from the TM backup. You can then choose what it brings across. (I wouldn't migrate applications, for example.)
     

Share This Page