Wiping iMac Drive Sufficient to Remove Viruses/Malware

Discussion in 'iMac' started by goose61, May 25, 2019.

  1. goose61, May 25, 2019
    Last edited: May 25, 2019

    goose61 macrumors newbie

    Feb 4, 2019
    Need to help a friend who accidentally ran afoul of a phishing email, and need some advice.

    The reason is that they were using an iMac running Snow Leopard (a necessary evil due to project software), and as a consequence, an out of date browser as well.

    My recommendation was to be on the safe side and do a complete multi-pass wipe of the hard drive using Disk Utility, and then do a full restore from a backup (fortunately it was disconnected from the computer at the time).

    My only concern, is the fact that since they were using such an old system, combined with an out of date browser, is there any possibility that any malware might have embedded itself and therefore be immune to a drive wipe (possibly reinfecting the HD, and in turn, the backup as well)?
  2. Banglazed macrumors demi-god


    Apr 17, 2017
    Cupertino, CA
    Yes, most likely a wipe would do it. The main question is was it just a phishing email? Did he click any links in the email that prompt for any credential? or downloaded anything from the email?

    Did your friend recently lost or have any of his device stolen? Most phishing attempts start after such instance because they are trying to get that credential to remove the iCloud Activation Lock.
  3. goose61, May 25, 2019
    Last edited: May 25, 2019

    goose61 thread starter macrumors newbie

    Feb 4, 2019
    It was an Amazon Prime phish, with a link that appeared to lead directly to their proper account page, with no prompts. There were also apparently no links to download any attachments or files (which was why I wondering if it might have been an attempt to install a keylogger via a browser exploit).

    As for any lost devices, the answer would be no.
  4. chrfr macrumors 604

    Jul 11, 2009
    Odds are the goal was just to get the account credentials; there's far more value, and much less effort, in that than in adding a key logger to the computer.
    A multi-pass wipe is overkill. If your friend entered any credentials on the phishing site, they should be more concerned with making sure to change the password for any accounts which share the Amazon password.
  5. Fishrrman macrumors P6


    Feb 20, 2009
    WHAT KIND of a "backup" does the user have?

    If it's a "bootable cloned backup" (created with either CarbonCopyCloner or SuperDuper), the procedure is simple:

    1. Connect backup
    2. Boot from backup
    3. ERASE internal drive to Mac OS extended with journaling enabled
    4. RE-clone the contents of the backup BACK TO the internal drive
    5. Done.

Share This Page

4 May 25, 2019