Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

AndyMacAndMic

macrumors 65816
May 25, 2017
1,108
1,666
Western Europe
What about this: My computer is pretty new and doesn't have a ton of stuff on it. I'm thinking about saving all my work files onto Google Drive, then backing up all my media files (photos and stuff) on iCloud.

From there, I could restore the computer to factory settings.

I'd be losing maybe a couple unimportant apps which I could then easily download again.

Is there any reason why I shouldn't just try that? I've already backed up all my work files. It'll just be a matter of backing up my photos, videos and keychain.

What do you guys and gals think?

Go for it! You can always reinstall apps by hand if you need them. Life is complicated enough as it is ;)
 
  • Like
Reactions: revmacian

Brian33

macrumors 65816
Apr 30, 2008
1,471
371
USA (Virginia)
What about this: My computer is pretty new and doesn't have a ton of stuff on it. I'm thinking about saving all my work files onto Google Drive, then backing up all my media files (photos and stuff) on iCloud.
...
Is there any reason why I shouldn't just try that? I've already backed up all my work files. It'll just be a matter of backing up my photos, videos and keychain.
Good thinking; I think that's would be pretty safe, as long as you don't overlook something! And a lot easier.
 
  • Like
Reactions: revmacian

MacKarmaTech

macrumors newbie
Dec 12, 2017
22
29
From what you described, I suspect that either you still have a hidden malware extension somewhere, or more likely, if you've already run Malwarebytes and it cannot find anymore PUP's (Potentially Unwanted Programs), then it's quite probable that even after you've cleaned out all traceable Malware/Adware, your browsers (Chrome, Safari..etc.) are still holding the offending start page's redirecting URL, and possibly the search option as well. Even after running Malwarebytes, you might still have to sometimes manually "reset" these all of the effected browsers homepage, startpage, and search preference settings to whatever you have them set to before the Malware/Adware corruption.

I end up cleaning out these increasingly common Malware/Adware infections a least a dozen macOS system computers every month as a routine part of my Mac Tech services.

And I do concur with another poster concerning the "Clean My Mac" program. Other than a reputable anti-Malware program like Malwarebytes (which I do suggest purchasing - since it delivers real-time protection), I do not recommend these third party applications that are more invasive to the system than they are effective.

Good Luck to you..
 

revmacian

macrumors 68000
Oct 20, 2018
1,745
1,468
USA
What about this: My computer is pretty new and doesn't have a ton of stuff on it. I'm thinking about saving all my work files onto Google Drive, then backing up all my media files (photos and stuff) on iCloud.

From there, I could restore the computer to factory settings.

I'd be losing maybe a couple unimportant apps which I could then easily download again.

Is there any reason why I shouldn't just try that? I've already backed up all my work files. It'll just be a matter of backing up my photos, videos and keychain.

What do you guys and gals think?
That’s actually a great idea, just make sure you have backups of files you want to keep. I actually do a complete reinstall with every new version of macOS.. just a personal habit. Some say this is a waste of time but it seems to clean out the cruft and speed up my computers.

I say go for it.. just make double sure you have backups of important files.
 

hobowankenobi

macrumors 68020
Aug 27, 2015
2,116
928
on the land line mr. smith.
What about this: My computer is pretty new and doesn't have a ton of stuff on it. I'm thinking about saving all my work files onto Google Drive, then backing up all my media files (photos and stuff) on iCloud.

From there, I could restore the computer to factory settings.

I'd be losing maybe a couple unimportant apps which I could then easily download again.

Is there any reason why I shouldn't just try that? I've already backed up all my work files. It'll just be a matter of backing up my photos, videos and keychain.

What do you guys and gals think?

Nope. That will be fine...again, as long as you have copies of all unique user data (that you want to keep/reinstall)

Before you do that, you could try making a new user account (make sure it has admin rights), and run the machine from it for a bit, testing the things you have listed.

Some malware may be user account specific; If the Mac has no issues with the test user account, you could skip the OS reinstall. If on the other hand, you see any of the problems you have previously listed while using the new test account....the issues are global/system-wide....so a wipe and reinstall would make good sense.
 
Last edited:

Gregg2

macrumors 604
May 22, 2008
7,266
1,237
Milwaukee, WI
Other than a reputable anti-Malware program like Malwarebytes (which I do suggest purchasing - since it delivers real-time protection), I do not recommend these third party applications that are more invasive to the system than they are effective.

I have the free version. I've only used it as a curiosity, not because I thought something was amiss. I'm totally satisfied with "on demand" use. I don't need the automatic scans.
 

joaqslam

macrumors newbie
Jan 20, 2020
6
1
Malwarebytes didn't quite do it for me but Scanguard pretty much removed all the crap from my mac.
 

satcomer

Suspended
Feb 19, 2008
9,115
1,977
The Finger Lakes Region
What about this: My computer is pretty new and doesn't have a ton of stuff on it. I'm thinking about saving all my work files onto Google Drive, then backing up all my media files (photos and stuff) on iCloud.

From there, I could restore the computer to factory settings.

I'd be losing maybe a couple unimportant apps which I could then easily download again.

Is there any reason why I shouldn't just try that? I've already backed up all my work files. It'll just be a matter of backing up my photos, videos and keychain.

What do you guys and gals think?

You should really invest in a NAS on your network for local backup!
 
  • Like
Reactions: revmacian

1boomer

macrumors member
Nov 9, 2015
36
5
Seattle area
This past summer, while on vacation in western Canada, I opened up my trustee 13" MBP circa 2012, to find out that I was the victim of ransomware or some other malevolent piece of software. I try to run a tight ship, but this email that was addressed specifically to me at my email address, mentioned several of my old, but active passwords, stating that they had gained access to my computer and I should comply with their demands or else. It certainly caught my attention. The message rambled on telling when and where to pay them the sum of 900 bit coins (worth about USD$11,000 at that time), or all of my confidential info would be exposed to the open internet. This was about the time when a lot of small US towns were having their municipal computer systems hacked and ransomed had to be paid or else. I quickly phoned my local police department back home and filed a police report regarding this attempted extortion, and got a case number. After alerting some of my critical financial accounts, I contacted a buddy who does electronic security work for a very big aerospace company, asking him for advice. He said that I may have gotten hacked by one of those funky internet ads that seem to always be popping up in my spam file. I did recall several weeks before that I had gotten a rather strange message from Microslop wanting me to do something with my outlook email program. I thought it a bit odd, but responded to the message. I have had this old hotmail account for years and still use it. Anyway thinking back, I think that was the hack-in. My buddy told me that I basically had only a couple of choices, and paying the ransom was not on the short list. He said I could take my MBP to a computer shop and they could try to selectively scan the data SSD and maybe snag the malware (likely, pretty speedy), or I could wait until I got home, pick up a new SSD and quarantine the old SSD. Do a clean install of the OS on the new SSD and start from scratch. He further suggested that I install a good anti-virus program, I went with Kaspersky, and start using a VPN, I went with Nord VPN. Then he suggested that I change all of my passwords for my accounts, programs, sites, routers, modem, etc, making them all strong passwords, i.e., upper/lower case letters, numbers and special characters. The password changing took some time, I now have over two pages of strong passwords that I change (shift) monthly. After getting my system back up and running, I then turned off the wi-fi and put the quarantined SSD in an external enclosure and ran a full scan of the drive. The virus software quarantined three areas where there was a trojan infestation. I removed the trojan infestation and slowly went back periodically to salvage some data, after scanning again. It was during this period, that I received another email message from the ransomers claiming that they still had control of my system (which they did not). This time they were using old passwords that I had long since changed. At this juncture, I decided to file a report with the FBI Cybercrime Complaint Center. I additionally instituted two-step verification processes with as many of my financial and online accounts as I could. Finally, I started using the VPN. Since then, I have had no further intrusions, though I believe that I had one attempt to infiltrate my browser, during the middle of the night, but the attempt was thwarted by the two-step verification process. Now, I make sure to turn off anything with a CPU before I go to bed, including my phone. Finally, I am more vigilant about what plops into my in-box, and tend to reject most of it....if I don't recognize it, it gets tossed.

YMMV.
 

Fishrrman

macrumors Penryn
Feb 20, 2009
29,177
13,225
"This past summer, while on vacation in western Canada, I opened up my trustee 13" MBP circa 2012, to find out that I was the victim of ransomware or some other malevolent piece of software."

That was a totally phony email and your best course of action would have to been to ignore and delete it.
 
  • Like
Reactions: lgjay

chrfr

macrumors G5
Jul 11, 2009
13,702
7,264
This past summer, while on vacation in western Canada, I opened up my trustee 13" MBP circa 2012, to find out that I was the victim of ransomware or some other malevolent piece of software. I try to run a tight ship, but this email that was addressed specifically to me at my email address, mentioned several of my old, but active passwords, stating that they had gained access to my computer and I should comply with their demands or else.
These emails stem not from malware on your computer but from customer information databases at companies which have been compromised. It's a necessity to use unique passwords everywhere, and when possible, to use 2-factor authentication. Whether you turn off your computer at night has no bearing on, and offers no protection against, this sort of credential leak from a company with which you've done business.

 

iluvmacs99

macrumors 6502a
Apr 9, 2019
920
673
This past summer, while on vacation in western Canada, I opened up my trustee 13" MBP circa 2012, to find out that I was the victim of ransomware or some other malevolent piece of software. I try to run a tight ship, but this email that was addressed specifically to me at my email address, mentioned several of my old, but active passwords, stating that they had gained access to my computer and I should comply with their demands or else. It certainly caught my attention. The message rambled on telling when and where to pay them the sum of 900 bit coins (worth about USD$11,000 at that time), or all of my confidential info would be exposed to the open internet. This was about the time when a lot of small US towns were having their municipal computer systems hacked and ransomed had to be paid or else. I quickly phoned my local police department back home and filed a police report regarding this attempted extortion, and got a case number. After alerting some of my critical financial accounts, I contacted a buddy who does electronic security work for a very big aerospace company, asking him for advice. He said that I may have gotten hacked by one of those funky internet ads that seem to always be popping up in my spam file. I did recall several weeks before that I had gotten a rather strange message from Microslop wanting me to do something with my outlook email program. I thought it a bit odd, but responded to the message. I have had this old hotmail account for years and still use it. Anyway thinking back, I think that was the hack-in. My buddy told me that I basically had only a couple of choices, and paying the ransom was not on the short list. He said I could take my MBP to a computer shop and they could try to selectively scan the data SSD and maybe snag the malware (likely, pretty speedy), or I could wait until I got home, pick up a new SSD and quarantine the old SSD. Do a clean install of the OS on the new SSD and start from scratch. He further suggested that I install a good anti-virus program, I went with Kaspersky, and start using a VPN, I went with Nord VPN. Then he suggested that I change all of my passwords for my accounts, programs, sites, routers, modem, etc, making them all strong passwords, i.e., upper/lower case letters, numbers and special characters. The password changing took some time, I now have over two pages of strong passwords that I change (shift) monthly. After getting my system back up and running, I then turned off the wi-fi and put the quarantined SSD in an external enclosure and ran a full scan of the drive. The virus software quarantined three areas where there was a trojan infestation. I removed the trojan infestation and slowly went back periodically to salvage some data, after scanning again. It was during this period, that I received another email message from the ransomers claiming that they still had control of my system (which they did not). This time they were using old passwords that I had long since changed. At this juncture, I decided to file a report with the FBI Cybercrime Complaint Center. I additionally instituted two-step verification processes with as many of my financial and online accounts as I could. Finally, I started using the VPN. Since then, I have had no further intrusions, though I believe that I had one attempt to infiltrate my browser, during the middle of the night, but the attempt was thwarted by the two-step verification process. Now, I make sure to turn off anything with a CPU before I go to bed, including my phone. Finally, I am more vigilant about what plops into my in-box, and tend to reject most of it....if I don't recognize it, it gets tossed.

YMMV.

A lot of people don't really realize that physical routers can be easily hacked and that is usually what happens to most people, because people focused solely on either their computers and phones security or use a VPN, and have updated virus and malware security running. But those are ONLY to protect your computer or your phone, BUT it does nothing to protect your router. That is because, a physical internet router has its own firmware and most of the routers you get from your ISP aren't capable to be updated and those you buy from BestBuy are running router firmware written like 4-5 years ago and haven't since been updated to counter a number of ransom ware sites that a hacked router can re-route a legitimate DNS request one one site to another site that is infested with any number of malware. An internet router is basically acting as an interpreter to the world wide web. You send a request to go to a site and the router routes that DNS request so you can go to the site. But what if your router is hacked and infected with Malware? Well, it will re-route your DNS request to another site while you think you are going to that site. Then all of a sudden, you get a site you don't recognize or email that suddenly pop up because your infected router allowed this to happen. That is how hackers infect the system now, because hackers know most people run a tight ship on their computer, but don't run a tight ship on their routers and switches, especially if you are running those easy to setup routers like the Airport Express kinds.

What you are doing is basically using a VPN which acts as a condom protection of sort through an infected router, if your router is infected. So basically you need to keep wearing that to prevent DNS re-route, but your throughput will be lowered. Worse, if your VPN supports a kill switch, you'll loose the entire internet connection. If you don't have a kill switch, then it'll be back to having your system infected again.

Make sure your internet router has the latest firmware, like having a firmware issued in 2019 at least with the latest security patches. If you are running an old router; perhaps it's time to re-consider purchasing one that allows updating with the latest security patches.

When your router is secured with security patches, you won't have any issues with malware and ransomeware, because it will prevent any DNS re-route, which is the sole mechanics of infecting your machine in the first place.

Ever since I installed a security gateway router and running the latest firmware, I have no issues with malware and ransomeware on all my devices including iPhone, iPad, PCs and Macs, because my security router takes care of all that. I still run some kind of security program on all my machines, but that just adds an extra layer of protection. The real protection comes from having a SECURED UNHACKED router. Is yours truly confirmed to be unhacked?

Check this site out.. routersecurity.org and you will learn more about router security.
 

lgjay

macrumors member
Nov 12, 2019
38
22
This past summer, while on vacation in western Canada, I opened up my trustee 13" MBP circa 2012, to find out that I was the victim of ransomware or some other malevolent piece of software. I try to run a tight ship, but this email that was addressed specifically to me at my email address, mentioned several of my old, but active passwords, stating that they had gained access to my computer and I should comply with their demands or else. It certainly caught my attention. The message rambled on telling when and where to pay them the sum of 900 bit coins (worth about USD$11,000 at that time), or all of my confidential info would be exposed to the open internet. This was about the time when a lot of small US towns were having their municipal computer systems hacked and ransomed had to be paid or else. I quickly phoned my local police department back home and filed a police report regarding this attempted extortion, and got a case number. After alerting some of my critical financial accounts, I contacted a buddy who does electronic security work for a very big aerospace company, asking him for advice. He said that I may have gotten hacked by one of those funky internet ads that seem to always be popping up in my spam file. I did recall several weeks before that I had gotten a rather strange message from Microslop wanting me to do something with my outlook email program. I thought it a bit odd, but responded to the message. I have had this old hotmail account for years and still use it. Anyway thinking back, I think that was the hack-in. My buddy told me that I basically had only a couple of choices, and paying the ransom was not on the short list. He said I could take my MBP to a computer shop and they could try to selectively scan the data SSD and maybe snag the malware (likely, pretty speedy), or I could wait until I got home, pick up a new SSD and quarantine the old SSD. Do a clean install of the OS on the new SSD and start from scratch. He further suggested that I install a good anti-virus program, I went with Kaspersky, and start using a VPN, I went with Nord VPN. Then he suggested that I change all of my passwords for my accounts, programs, sites, routers, modem, etc, making them all strong passwords, i.e., upper/lower case letters, numbers and special characters. The password changing took some time, I now have over two pages of strong passwords that I change (shift) monthly. After getting my system back up and running, I then turned off the wi-fi and put the quarantined SSD in an external enclosure and ran a full scan of the drive. The virus software quarantined three areas where there was a trojan infestation. I removed the trojan infestation and slowly went back periodically to salvage some data, after scanning again. It was during this period, that I received another email message from the ransomers claiming that they still had control of my system (which they did not). This time they were using old passwords that I had long since changed. At this juncture, I decided to file a report with the FBI Cybercrime Complaint Center. I additionally instituted two-step verification processes with as many of my financial and online accounts as I could. Finally, I started using the VPN. Since then, I have had no further intrusions, though I believe that I had one attempt to infiltrate my browser, during the middle of the night, but the attempt was thwarted by the two-step verification process. Now, I make sure to turn off anything with a CPU before I go to bed, including my phone. Finally, I am more vigilant about what plops into my in-box, and tend to reject most of it....if I don't recognize it, it gets tossed.

YMMV.

Just as pointed out by two previous replies in this thread, the email is from someone who got your usernames(emails) and passwords from leaked website databases.

While you definitely should ignore the threats and claims the person made via that email, you still need to change the leaked passwords ASAP as the person (and others like him) will try to steal your online accounts using the information they have which potentially could lead to real losses.
 

Sam Luis Obispo

macrumors regular
Feb 7, 2006
150
83
A lot of people don't really realize that physical routers can be easily hacked and that is usually what happens to most people, because people focused solely on either their computers and phones security or use a VPN, and have updated virus and malware security running. But those are ONLY to protect your computer or your phone, BUT it does nothing to protect your router. That is because, a physical internet router has its own firmware and most of the routers you get from your ISP aren't capable to be updated and those you buy from BestBuy are running router firmware written like 4-5 years ago and haven't since been updated to counter a number of ransom ware sites that a hacked router can re-route a legitimate DNS request one one site to another site that is infested with any number of malware. An internet router is basically acting as an interpreter to the world wide web. You send a request to go to a site and the router routes that DNS request so you can go to the site. But what if your router is hacked and infected with Malware? Well, it will re-route your DNS request to another site while you think you are going to that site. Then all of a sudden, you get a site you don't recognize or email that suddenly pop up because your infected router allowed this to happen. That is how hackers infect the system now, because hackers know most people run a tight ship on their computer, but don't run a tight ship on their routers and switches, especially if you are running those easy to setup routers like the Airport Express kinds.

What you are doing is basically using a VPN which acts as a condom protection of sort through an infected router, if your router is infected. So basically you need to keep wearing that to prevent DNS re-route, but your throughput will be lowered. Worse, if your VPN supports a kill switch, you'll loose the entire internet connection. If you don't have a kill switch, then it'll be back to having your system infected again.

Make sure your internet router has the latest firmware, like having a firmware issued in 2019 at least with the latest security patches. If you are running an old router; perhaps it's time to re-consider purchasing one that allows updating with the latest security patches.

When your router is secured with security patches, you won't have any issues with malware and ransomeware, because it will prevent any DNS re-route, which is the sole mechanics of infecting your machine in the first place.

Ever since I installed a security gateway router and running the latest firmware, I have no issues with malware and ransomeware on all my devices including iPhone, iPad, PCs and Macs, because my security router takes care of all that. I still run some kind of security program on all my machines, but that just adds an extra layer of protection. The real protection comes from having a SECURED UNHACKED router. Is yours truly confirmed to be unhacked?

Check this site out.. routersecurity.org and you will learn more about router security.

As a curiosity, what router are your running?
 

emians

macrumors newbie
Mar 25, 2023
7
1
Hi,

I get alerts Mac style on desktop from unidentified issue and after had clicked on a phishing email link from my university mail account. Malware's pop ups says "Your system is at risk! Update your antivirus!". Any clue? I've been running etrecheck, malwarebytes, bitdefendere and cleanmymacX but couldn't find anything. Also the message seems repeating every about 17-18 minutes, either Safari stands open, either it is closed.
 
Last edited:

emians

macrumors newbie
Mar 25, 2023
7
1
Did that, also take the step to solve this definitively by going to Safari 'preferences' 'websites' and then, 'notifications', and eliminate the incriminate junk enabled.
 
Last edited:

hobowankenobi

macrumors 68020
Aug 27, 2015
2,116
928
on the land line mr. smith.
If it runs even without a browser open, I would wonder if it installed a simple LauchDameon or LaunchAgent?

You could look for odd or suspicous items in both your Home directory and the main Library:


/Users/[your home directory]/Library/LaunchAgents
/Library/LaunchAgents
/Library/LauchDameons

Anything in those locations will automatically run, and can be set to restart automatically.

There are other places an executable could run...and hide. You could also fire up Activity Monitor and look for clues there.
 

emians

macrumors newbie
Mar 25, 2023
7
1
If it runs even without a browser open, I would wonder if it installed a simple LauchDameon or LaunchAgent?

You could look for odd or suspicous items in both your Home directory and the main Library:


/Users/[your home directory]/Library/LaunchAgents
/Library/LaunchAgents
/Library/LauchDameons

Anything in those locations will automatically run, and can be set to restart automatically.

There are other places an executable could run...and hide. You could also fire up Activity Monitor and look for clues there.
Yes, been looking there but there was nothing. I thought too that maybe, since it was running off browser, it was something else around. A bit too easy for someone who launch a phishing email through a state university system and just leaves you with pop up like that. Was well made, just had to click on it once. Either small time loser trying to skill and score crappy. No weird activity on monitor as well, and did not restart after the notification signal was eliminated from the Safari settings.
 
  • Like
Reactions: hobowankenobi

emians

macrumors newbie
Mar 25, 2023
7
1
You might try and see if it still runs in Safe Boot mode...or is it dead now? With a little luck the app or process might show up in logs.
I mean the issues did not restart, it disappeared. Seems dead. No signs of it since I deleted the notifications on Safari. Maybe is merely lurking somewhere doing something I don't know. Maybe was just something to embarrass the maker while he/she was thinking he did something great. How do I get the logs from the boot or from the safe boot mode anyway? Ok, I am using Console maybe, but what and how should I look/check for?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.