Scammer takes control of iMac through infected Canon printer driver

Without knowing exactly what the criminal did (which is probably an impossible task) a comprehensive answer is not possible.

Restoring a Time Machine backup created prior to the intrusion or completely erasing the Mac are the only guaranteed solutions.

• Restore TM backup: Restore your Mac from a backup - Apple Support
• Erase the Mac: Erase your Mac and reset it to factory settings - Apple Support

There’s no point in installing a compromised Canon driver, given full access to a Mac. And no reason not to install Canon- and other-flavored backdoors. The whole configuration is suspect, and best assumed entirely compromised.

There are better and easier and more pernicious paths, as well as sensitive info and passwords to liberate.

Erase, and your backup from prior to whatever modifications were made, and change all of your passwords.

This includes your Apple Account.

If you think your Apple Account has been compromised - Apple Support

If you don’t have a backup created prior to the compromise, you’re either going to lose data, or lose data, or have greater risks, or lose data, and added risk, unfortunately.

Yes How do I get rid of the spyware.

There may not be anything like that. Those were the words of a criminal who took control of your Mac, and may have installed something malicious, or not. In either case that Mac should now be considered compromised. Erase it.

iHelper_SK wrote:

Good tip but many hacks are strong so they last after Erasing too…

It appears that you have been led astray. When a Mac is erased in accordance with Erase your Mac and reset it to factory settings - Apple Support, nothing will remain.

iHelper_SK wrote:

Good tip but many hacks are strong so they last after Erasing too…

Ithink it need to totaly delete all files and MacOS too to see this Ak sa Mac spustí s otáznikom - Apple Support (SK) (maybe its slovak sorry…)

And that means the comuper is without an operating system and than download new MacOS

Erasing means deleting everything and reinstalling the operating system. John Galt's advice is excellent.

Good tip but many hacks are strong so they last after Erasing too…

Ithink it need to totaly delete all files and MacOS too to see this Ak sa Mac spustí s otáznikom - Apple Support (SK) (maybe its slovak sorry…)

And that means the comuper is without an operating system and than download new MacOS

iHelper_SK wrote:

That means your Mac doesnt have MacOS or cant boot it

I'm well aware of that. But it is not the problem the original poster is having. They still have their OS. They may need to erase and reinstall it. John Galt provided those instructions.

I think you need to find the spyware in ActivityMonitor and than uninstall it if possible…

But first find it in ActivityMonitor before you think about uninstalling process

iHelper_SK wrote:

Good tip but many hacks are strong so they last after Erasing too…

If you are potentially a target for exploits with that value and with that persistence, then you need vastly better advice with your security generally, with this device, with the printer itself, and with the rest of your data management and security practices. Not the sort of security advice that can be offered around here, as the questions can be quite sensitive.

This for normal operations, and for not getting tangled with a tech support scam.

And if you are a potential target for such exploits, then you’ll be replacing most or all of the gear here, Apple, printer, network, and otherwise. In addition to password changes and the rest.

iHelper_SK wrote:

You cant erase the mac?

If so, its very hard problem…

Certainty is a hard problem in information security.

Got sensitive data? Erase it, grind it and melt it down, bury it under concrete, and guard it. Results: Probably secure.

If you are a sufficiently valuable target, you’ll have different threats to consider.

Might those threats include persistence past a reinstall? Sure. That’s more expensive. It might also include easy re-introduction of the problem. (The latter of which is clearly less of an issue here, given how the access was granted here. If the folks had these exploits, they wouldn’t be pretending to be tech support.)

Or there can any number of other exploits encountered, whether electronic or physical or otherwise.

Some other folks of my acquaintance believed themselves targeted by what would be expensive exploits too, though they were encountering other issues unrelated to their electronics.

But for most people, the recommendations by John Galt from earlier in this thread are entirely appropriate, and what I would also suggest.

Do you have a question? Tech support scams are quite common.

Here is the link in english If your Mac starts up to a question mark - Apple Support

iHelper_SK wrote:

Here is the link in english If your Mac starts up to a question mark - Apple Support

If the Mac is starting up with a question mark, that's a different issue.

That means your Mac doesnt have MacOS or cant boot it