How to rescue your Mac from malware corruption

“Ah, the holidays: Good food, good conversation, and — if you’re in my line of work — a healthy helping of familial tech troubleshooting,” Serenity Caldwell writes for iMore. “This year’s Big Tech Problem came in the form of my soon-to-be father-in-law’s MacBook Pro: He’d been running into curious slowdowns for a two-year-old laptop.”

Caldwell writes, “Upon further investigation, I found a couple of self-professed ‘Mac security programs’ that popped up, demanding money to ‘clean your Mac from junk.'”

“Spoiler: These programs were the junk,” Caldwell writes. “Now, I want to preface: I’d never seen an attack like this on a Mac before in my life, and finding this kind of full-Mac hijack is very rare. It’s likely that he accidentally installed one of these “security” programs (or had it installed), which spiraled out of control from there. These hijacks didn’t appear to be able to do much beyond slow down his machine with endless failed attempts to run a program — the process didn’t have admin permissions, so it couldn’t execute a thing from the library. But because they were there, they were constantly crashing aspects of his Mac.”

Read more in the full article here.

MacDailyNews Take: Tell your less-technical family and friends to stick to Apple’s Mac App Store. Macs are amazing machines. Don’t gunk them up with snake oil!

SEE ALSO:
Malwarebytes warns of new Mac malware that could fool less-technical users – August 19, 2016
Don’t waste your money on OS X snake oil for your Mac – July 28, 2015
How to detect and remove MacKeeper and keylogger malware on your Mac – July 17, 2015
Controversial MacKeeper security program opens critical hole on Mac computers – May 12, 2015
What ‘MacKeeper’ is and why you should avoid it – January 21, 2015
How to uninstall MacKeeper from your Mac – December 19, 2014

14 Comments

  1. I made an app with AppleScript called “FindInList”. App opens a search field and results open in text edit with full path of each result. From there you can highlight path, right-click, and reveal in Finder. It digs deep (deeper than spotlight) into all system files. I did it for fun but have since found it useful for removing crap. Let me know and I’ll post script

    1. Spotlight is quite capable of searching both System files and invisible files. Use the Finder’s Find… function and explore the criteria Other… options.

      1. I find it easier to just launch my app, enter query, and two clicks later..have the result in front of me. Getting the finder to do the same takes at least 3x longer. Funny comment, btw..to think I can script this but don’t know how to use the Finder search options (which is different than Spotlight, btw).

    2. tell application “System Events”
      activate
      set thePattern to text returned of (display dialog “Search for” default answer “”)
      end tell
      if thePattern = “” then return
      try
      set foundFiles to do shell script “mdfind -name ” & quoted form of thePattern & ” | /usr/bin/egrep -i ” & quoted form of thePattern & “[^/]*/?$ | /usr/bin/grep -vi ” & quoted form of thePattern & “.*” & quoted form of thePattern
      on error
      set foundFiles to “Nothing Returned”
      end try
      if foundFiles = “” then set foundFiles to “Nothing Returned”

      tell application “TextEdit”
      activate
      delay 0.5
      try
      set theDoc to document 1
      get text of theDoc
      if result is not “” then
      make new document
      set theDoc to result
      end if
      on error
      make new document
      set theDoc to result
      end try
      set text of theDoc to foundFiles
      end tell

  2. I’ll hazard a guess. One of the malevolent apps was MacKeeper from Kromtech, the company that ‘owns’ MacKeeper. They are back to their old tricks with SCARE ads on the net that popup via click-jacking and other nasty marketing tricks. They’re also been foisting the usual fraudulent or paid for (often with free software) 4 and 5 star reviews for MacKeeper at the usual places. The former ‘owner’ of MacKeeper, ZeoBIT, recently suffered two court verdicts against them for abusive marketing.

    Meanwhile, Apple has done a decent job blocking Malware on recent versions of macOS (since Snow Leopard). Where Apple stumbles is with adware. For example, there are still a lot of fake foisted ‘Flash’ installers around that infest Macs with adware crap. The single best way to test for and remove current adware is to use the free Malwarebytes Anti-Malware app, formerly Adware Medic, maintained by my colleague Thomas Reed:

    https://www.malwarebytes.com/antimalware/mac/

    Further advice: Be sure you’ve got the latest updates for Firefox and Tor Browser, which have an in-the-wild exploit of previous versions.

  3. Was Serenity’s father-in-law-to-be looking at pirate TV shows or movies, or searching for pr0n, as has been the case with people I’ve helped who have similarly installed things they shouldn’t have.

    It’s not just doing a speedtest . net that brings you these ‘junk cleaners’…

    1. It can happen by accident. A few years ago one of my co-worker’s had a home laptop that was infested when she thought she was downloading maps for her daughter’s game and instead she’d hit the MacKeeper button and downloaded maps for that. MacKeeper’s ad placement and download buttons are sometimes dangerously close to what you THINK you’re hitting for the correct download and you get hosed instead. Took over her browser homepage, was a mess that took me hours to rebuild and restore her files to a clean system. I had offered to set it up when she bought it so she wasn’t running out of the box as Admin, but no, she was OK with that. So it infested as Admin because she typed in the Admin password thinking she was installing game pieces.

      1. “format and install linux.”

        This is a ridiculous answer. Once I install Linux, how do I use all of the apps I already own? Oh, that’s right – I can’t.

        The OP asked how to clean up their system using the MacOS. Your response is less than worthless.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.