Shutdown malware

Discussion in 'macOS' started by ponybear, Oct 29, 2016.

Most Liked Posts
  1. ponybear, Oct 29, 2016

    ponybear macrumors newbie

    Joined:
    Oct 29, 2016
    #1
    Dear Macrumors,

    a "Computer will sleep in 10min" popup window has appeared on my desktop. It appears to be the standard Apple popup for scheduled sleep/shutdown. When I click on "abort", it instantly appears again and sets it self to focus, possible after each keystroke. Thus, I am not able to use the keyboard to open terminal or activity manager to shut it down. The classic troll malware I suppose.

    It even appears after I login in safe mode. What should I do? Can I abort/delete the script/malware from the terminal in Recovery Partition?

    I know it would be easist to just wipe and restore to backup, but my most recent backup is 6 months old. I promise to buy a HDD tomorrow if I'm able to resolve it.

    I am sorry to ask for assistance, but for all the articles about how to create this Kind of Malware, I could not find one single article that helped me to resolve it. Please help me.

    Thank you very much.
    Lukas
     
    share
    + Quote Reply
  2. Floris, Oct 29, 2016

    Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #2
    sudo ps aux > procs.txt

    And then let someone take a look at all the procs
     
    share
    + Quote Reply
  3. JohnDS, Oct 30, 2016

    JohnDS macrumors 65816

    Joined:
    Oct 25, 2015
    #3
    What Mac do you have?

    In this thread: http://forums.macrumors.com/threads/mac-pro-wants-to-shut-down-all-the-time.617367/

    a poster said:

    "I had the same problem. "Are you sure you want to shut down" window would repetitively pop up, similar to the guys above, and would dominate the screen until I hit cancel. Could hit cancel, and the message would just keep repeatedly popping up as fast as I could hit cancel. It was something buggy in my 30 " cinema display power button. I went into system preferences > displays > options > and changed the power button function to "do nothing". Problem fixed."
    --- Post Merged, Oct 30, 2016 ---
    Also, it is possible that another external peripheral may be the problem. Try safe booting with all external peripherals disconnected.
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page