Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wiping iMac Drive Sufficient to Remove Viruses/Malware

G

goose61

macrumors newbie
Original poster
Feb 4, 2019
4
0
Need to help a friend who accidentally ran afoul of a phishing email, and need some advice.

The reason is that they were using an iMac running Snow Leopard (a necessary evil due to project software), and as a consequence, an out of date browser as well.

My recommendation was to be on the safe side and do a complete multi-pass wipe of the hard drive using Disk Utility, and then do a full restore from a backup (fortunately it was disconnected from the computer at the time).

My only concern, is the fact that since they were using such an old system, combined with an out of date browser, is there any possibility that any malware might have embedded itself and therefore be immune to a drive wipe (possibly reinfecting the HD, and in turn, the backup as well)?
 
Last edited:
Yes, most likely a wipe would do it. The main question is was it just a phishing email? Did he click any links in the email that prompt for any credential? or downloaded anything from the email?

Did your friend recently lost or have any of his device stolen? Most phishing attempts start after such instance because they are trying to get that credential to remove the iCloud Activation Lock.
 
It was an Amazon Prime phish, with a link that appeared to lead directly to their proper account page, with no prompts. There were also apparently no links to download any attachments or files (which was why I wondering if it might have been an attempt to install a keylogger via a browser exploit).

As for any lost devices, the answer would be no.
 
Last edited:
goose61 said:
It was an Amazon Prime phish, with a link that appeared to lead directly to their proper account page, with no prompts. There were also apparently no links to download any attachments or files (which was why I wondering if it might have been an attempt to install a keylogger via a browser exploit).

As for any lost devices, the answer would be no.
Click to expand...
Odds are the goal was just to get the account credentials; there's far more value, and much less effort, in that than in adding a key logger to the computer.
A multi-pass wipe is overkill. If your friend entered any credentials on the phishing site, they should be more concerned with making sure to change the password for any accounts which share the Amazon password.
 
Important:
WHAT KIND of a "backup" does the user have?

If it's a "bootable cloned backup" (created with either CarbonCopyCloner or SuperDuper), the procedure is simple:

1. Connect backup
2. Boot from backup
3. ERASE internal drive to Mac OS extended with journaling enabled
4. RE-clone the contents of the backup BACK TO the internal drive
5. Done.
 
  • Like
Reactions: ronharp
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back