Virus on Mac. Can't boot, please help!

Question

Level 1

5 points

Virus on Mac. Can't boot, please help!

I have an apple mac pro 2013, 1tb SSD, 64gb RAM with Monteray OSX. Everything was working fine, I have 2 different antivirus softwares which found a few files (looked like malware), these were deleted however since then my web browser flagged every website as phishing. I turned off the internet and then a system monitor flagged that some random files were trying to sign applications (I terminated them from being allowed), I found the folders they were coming from and found that they contained word lists (the kind used for brute-force password attacks) amongst other unknown files. I deleted them and then I was constantly baraged with 'allow access' 'confirm username and password' on anything i then clicked on. I didn't enter any credentials and shut the machine down.

Since I've turned all routers off in my house and tried booting to the 2nd partition that has a different fresh copy of OSX installed, however every time i start the machine it comes up with "This machine needs restarting" and tries to boot to the infected partition instead but gets half way on the loading bar then stops. Whats the best thing to do? I don't particularly want to lose all my files for work etc however I'm more than happy to reinstall OSX providing I can actually do so.

Also if i can reinstall will this virus be on the RAM and infect it again?

Any help is hugely appreciated

MacBook Pro

Posted on Jan 21, 2023 03:10 AM

Reply

Answer 1

Jan 21, 2023 09:24 AM in response to Stageman88

The idea that a third party, with no special knowledge of the inner workings of MacOS, can somehow find a simple way to protect your computer that is not already being done by MacOS itself suggests that the MacOS developers are somehow "holding out on you". That is absurd.

You should remove any and all other third-party virus scanners, speeder uppers, optimizers, cleaners, App deleters or VPN packages you installed yourself, or anything of that ilk.

The current versions of MacOS have protections so good, there are currently no known Viruses that can SPONTANEOUSLY infect your Mac. Random ‘stuff’ is NEVER allowed to be Executed, so all your files do not need to be scanned, again and again. Only software from know developers is allowed to be considered for becoming Executable, and then only after you enter your Admin password to allow installation. Potentially-executable files are then scanned at first run by MacOS Gatekeeper, locked, and moved to the /Applications folder.

Effective defenses against malware and ot… - Apple Community

Reply

Answer 2

Stageman88 Author

Level 1

5 points

Jan 22, 2023 01:48 AM in response to Grant Bennet-Alder

I appreciate what your saying and switching to Mac years ago for me was based upon its security and fantastic software advantages. Sadly even with Macs Gatekeeper, Avast and ClamAV something was detected but it would seem that it was too late, whatever it was must have at least corrupted the system files even if nothing else.

When I try to boot holding the shortcut keys doesn't work as it goes straight to 'this computer needs restarting' message then boots straight to the HD before taking note of any shortcut keys I'm holding. I think it's distgusting that anyone would make such a virus. I hadn't had a virus on my mac's for 15 years using them, however, I fear these hackers are beginning to realsise the popularity of apple products and starting to make advances which is great shame.

Reply

Answer 3

Jan 22, 2023 06:25 AM in response to Stageman88

<< Avast and ClamAV something was detected >>

Thrird-party Virus scanners do not test for Viruses. They test for patterns that match some snippets of code in viruses, including decades-old Viruses that infect only Windows 7. They find these matching code snippets where they look for them. A common find is inside a graphics file.

Finding patterns that match code does not mean your Mac is INFECTED. It merely indicates the bits used to represent a picture match the bits used for machine instructions for an old Windows Virus. On a Mac, the pinch-point where protection is applied is on becoming Executable, and that path is blocked by internal security features.

Reply

Answer 4

Jan 22, 2023 06:28 AM in response to Stageman88

<< When I try to boot holding the shortcut keys doesn't work >>

Are you using a USB keyboard plugged DIRECTLY into a port on the chassis?

Keyboards connected to Hubs come up to late to see the startup shortcuts, so they are missed and appear later.

Reply

Answer 5

Stageman88 Author

Level 1

5 points

Jan 22, 2023 09:22 AM in response to Grant Bennet-Alder

Im using a USB keyboard directly but no luck so far. I'm going to try it again in a while. I've ordered a m.2 adpater so i can plug the Mac Pro's ssd into a VM running on my Win laptop that I have as a 'just in case' computer. Maybe I can diagnose the drive from there or at least format it to so i can start again with it.

The files that were on the mac pro that it detected were in a temp cache folder but not in the usual place you'd find it, it was quite obscure to get to the folder, almost looked like a linux directory but with a 100 sub directories full of random tiny files. The files it found were named in complete jibberish, for example: "hu37ehd72j0e9i-0d" with no file extensions but perhaps they held a signiture to a known malware etc?? Some files sat in the same folder were brute-force password text list files which instantly rang alarm bells, that's when i disconnected the internet and deleted the files but then all these prompts came up for entering my credentials for login etc, I thought to myself I better not do anything else just in case it manages to get my keychain or chrome passwords.

Im going to try again to boot it but failing that I'll just have to wipe the drive and possibly my 8TB storage device that was connected to it, Im hoping my storage wasn't compromised too or I'll lose 15 years worth of work. I'll sandbox the 8tb in a vm and take a deeper look at it just in case, fingers crossed it's fine

Reply

Answer 6

Jan 22, 2023 11:27 AM in response to Stageman88

it is vanishingly unlikely that you have a spontaneous attack.

MacOS built-in protections require your admin password before they can become executable.

You may have a problem on your Mac, but it is unlikely to be a Virus attack.

Reply

Virus on Mac. Can't boot, please help!

Similar questions