Royal Cascadian

Q: Malware has setup a hidden partition

Malware has setup a hidden 70 gig partition. The only way I found it was to save a web page as a pdf and it asked where. Under possible locations a "k" drive was an option. I then reset the computer to see hidden devices and hidden files. I found a 70 gig drive hidden. It seems to have been activated on May 14th. I can't unmount or eject from the sidebar.It's not allowing me to do anything with it because I don't have permission. I downloaded the flashback security file from Apple and it says that my drive doesn't meet the requirements for this update.

 

How do I get the permission to get this off and how do I get it off?

Mac mini, OS X Mountain Lion (10.8.3)

Posted on May 27, 2013 9:55 AM

Close

Q: Malware has setup a hidden partition

  • All replies
  • Helpful answers

first Previous Page 4 of 4
  • by Csound1,

    Csound1 Csound1 Jun 3, 2013 3:53 PM in response to Royal Cascadian
    Level 9 (50,486 points)
    Desktops
    Jun 3, 2013 3:53 PM in response to Royal Cascadian

    Concentrate on OSX's own applictions for now, 3rd party browsers later.

     

    And to put the malware idea away finally, reinstall to an erased drive, not over whatever you have now. (make sure that your backup is current and complete)

  • by thomas_r.,

    thomas_r. thomas_r. Jun 3, 2013 4:17 PM in response to Royal Cascadian
    Level 7 (30,924 points)
    Mac OS X
    Jun 3, 2013 4:17 PM in response to Royal Cascadian

    You say Chrome is opening on its own at startup... is it also open when you shut down or restart? If so, that's normal behavior.

     

    Screen Shot 2013-06-03 at 7.13.25 PM.png

    As for what else might be going wrong with your machine, again, it's not malware. My bet is that it is simple lack of full understanding of the way the system works. However, I agree with Csound... at this point, you should simply wipe the slate clean and ease your mind. For instructions on how that should be done, see:

     

    How to reinstall Mac OS X from scratch

  • by MadMacs0,

    MadMacs0 MadMacs0 Jun 3, 2013 4:24 PM in response to Royal Cascadian
    Level 5 (4,791 points)
    Jun 3, 2013 4:24 PM in response to Royal Cascadian

    Royal Cascadian wrote:

     

    I expected more from Apple than from Microsft.

    Nobody commenting here is an Apple Employee, and if they were they would not be able to admit to it.

    I reinstalled OSX but the downloaded flash player is still there

    Where? It's been so long I you may have told us, but I can't seem to locate where you did so.

    Chrome opens on start up. Which I didn't do since I don't know how or why I would.

    I'm working with a couple of other users that have this complaint. In one case, it's because it keeps being added to his Login Items in System Preferences->Accounts. The way to stop that is to right-click / command-click on the Chrome Icon in the dock when it is running and select "Options" and make sure that "Open at Login" is not checked.

     

    The other possibility is that starting with Lion, I believe, any applications that are running when you log out, shut down or restart is automatically re-opened when you log in. Some users have reported that they see this behavior even when they quit the application first, so there must be a way the previous state records become correupted.

    I reinstalled Firefox but when I did and it told me to quit Firefox, I did. And it still asked to shut down Firefox even though it wasn't open or on. I did this twice and both times it kept telling to quit Firefox even though it wasn't on. Which leads me to believe the malware has infected my browsers and has started to rewrite code on my machine.

    I see this happen all the time with Safari since the WebKit framework "WebProcess" is still running after quiting Safari. I can't say that I've ever observed the same thing with Firefox, but that's one possibility. I do see an mdworker process start right after Firefox, but it stops as soon as I quit Firefox. The two suggestions I have there are to restart and do the install before starting Firefox again and if that doesn't work restart into "Safe Mode".

     

    I know I'm a broken record, but there is no currently known malware that could impact OS X or Firefox in this manner. It's a bit hard to believe after this length of time that you are the only one infected by it.

  • by Royal Cascadian,

    Royal Cascadian Royal Cascadian Jun 25, 2013 12:42 PM in response to Csound1
    Level 1 (0 points)
    Jun 25, 2013 12:42 PM in response to Csound1

    Thanks for the suggestion of installing over an earased drive. The problem is there isn't an option to erase the drive. On the 3rd page I have taken photos of the reinstall options. Erease isn't one of them. I asked what to do, but no had an answer. So, I just reinstalled it. But I've got to say that didnt' seem like it would fix the deeply inbedded scripts from just being passed along. Espeicially if it keeps downloaded installed programs on the HD. How much could it "fix" if it doesn't change programs?

     

    I know this is malware.

     

    The links on these types of pages are what wold of downloaded. If you spend your time looking for malware here's a great place to start looking.http://firstrowus.eu/watch/192733/2/watch-mali-vs-greece---u20,-wct-2013.html

     

    Thomas Reed, please don't respond to this thread. You only add to the frustration and the "it's me" not malware issue. If you don't want to believe me, then just stay off this. If you want to take me seriously, then add something that isn't directed to the dumb user being dumb. It's insulting and given what I'm dealing with almost as bad as the malware itself

     

    I have a trackpad and a slight glancing touch is all that is needed to start downloading something. It's not just someone sitting at a desk with a mouse being deliberate with every single click.

     

    When I tried to update Firefox it asked to close it. I did and it still said it was open. That to me says that a version is running in the background to track and follow. And it won't update to the new version. That isn't normal and it's exactly what malware would do. Additionally Chrome has been set internally (not by me) to open on start. Most llikely malware resetting my computer to it's directions, which is what malware does.

     

    All want to do is start over for everything on HD, which I still don't believe will remove these programs, as they would write themselves into being protected from something as easy as reinstall. Just like PC's. But that seems to be the best that Macs can do.

    So, What do I do to erase my HD? Please read my post and question on the 3rd page to help me. Thanks.

  • by Csound1,

    Csound1 Csound1 Jun 25, 2013 12:52 PM in response to Royal Cascadian
    Level 9 (50,486 points)
    Desktops
    Jun 25, 2013 12:52 PM in response to Royal Cascadian

    Royal Cascadian wrote:

     

    Thanks for the suggestion of installing over an earased drive. The problem is there isn't an option to erase the drive.

    Yes there is, look under Disk Utility in Recovery.

     

    This is not malware, you just need t do it correctly.

  • by Barney-15E,

    Barney-15E Barney-15E Jun 25, 2013 1:20 PM in response to Royal Cascadian
    Level 9 (50,141 points)
    Mac OS X
    Jun 25, 2013 1:20 PM in response to Royal Cascadian

    I know this is malware.

    Congratulations. You are the first an only recipient of this malware. It was explicitly targeted at you and only you so we could see how long it would take someone to detect its existence. Expect to be contacted by the Nigerian Embassy for explicit instructions on how to claim your prize.

  • by thomas_r.,

    thomas_r. thomas_r. Jun 25, 2013 2:30 PM in response to Royal Cascadian
    Level 7 (30,924 points)
    Mac OS X
    Jun 25, 2013 2:30 PM in response to Royal Cascadian

    Thanks for the suggestion of installing over an earased drive. The problem is there isn't an option to erase the drive.

     

    You don't erase the drive from the installer, you have to use Disk Utility. What you did will not do the trick, it simply reinstalls over the old system, leaving everything else you have installed in place. See the link in my last post on this topic for explicit instructions.

     

    Thomas Reed, please don't respond to this thread. You only add to the frustration and the "it's me" not malware issue. If you don't want to believe me, then just stay off this. If you want to take me seriously, then add something that isn't directed to the dumb user being dumb.

     

    I never said anything about you being a "dumb user," and it's not that I don't believe what you're saying, I'm just trying to get you to understand why you are misinterpreting what you're seeing. It's not malware. However, at this point, the attitude you're showing means that I will grant your wish. This will be my last reponse to you on this topic.

  • by Royal Cascadian,

    Royal Cascadian Royal Cascadian Dec 16, 2013 6:59 PM in response to Royal Cascadian
    Level 1 (0 points)
    Dec 16, 2013 6:59 PM in response to Royal Cascadian

    So, now I'm unable to open disk utility and erase during start up. Additionally there are now 6 different users with admin privileges. 2 of which have made many hidden files locked while giving them "read and write" privileges.

    This is what my User list looks like in preferences.

    I can't even add files from a usb or external drive.

     

    Now that someone else has hidden and higher admin privilidges than me, how do you erase a drive that you can't access disk utility during start up?

  • by coldair,

    coldair coldair Jan 11, 2014 7:23 AM in response to Royal Cascadian
    Level 1 (0 points)
    Jan 11, 2014 7:23 AM in response to Royal Cascadian

    did you ever solve this? I have macbook pro with a 500 gig SSD that only shows I have a total of 179 gigs of drive space after a maleware attack that occurred around 10-19 that also infected by 8 tb NAS and my 2 window machines on the network. I was able to get rid of the maleware  on the pc with the help of some fine folks over at bleeping computer dot com but no help on getting rid of it on the mac. yeah I know that mac's don't get attacked but that is BS

     

    some of my of other symptoms are all emails from 2013 have been deleted, large amounts of pictures are missing, like over 130 gigs. plus there is a hidden account set up with my first name only that I can't access. notes have been scrambled or deleted. my NAS is loaded with empty folders and apple double files, even in window's folders. its a mess and the apple community seems to stand on the idea that macs will not get attacked and not work to find a solution

  • by thomas_r.,

    thomas_r. thomas_r. Jan 11, 2014 11:13 AM in response to coldair
    Level 7 (30,924 points)
    Mac OS X
    Jan 11, 2014 11:13 AM in response to coldair

    I would advise you to start a new topic, rather than tacking onto this one. It's not fair to the originator of this topic to divert it with your own concerns that don't sound related to his.

     

    It's very unlikely that the problems you describe are due to malware on the Mac, but we'll need further details before we can say anything for sure. Provide all the details on your new topic, without interpretation of how you think those problems were caused. Be sure to be specific - for example, where were these pictures stored that are now missing, what e-mail service are you dealing with, etc. It could be that one or more of your online accounts have been hacked, but again, nothing can be said definitively without additional information.

  • by MadMacs0,

    MadMacs0 MadMacs0 Jan 11, 2014 11:32 PM in response to coldair
    Level 5 (4,791 points)
    Jan 11, 2014 11:32 PM in response to coldair

    Please give us a link to your new topic so we can follow along in case it is something new, but it sound a lot like someone was able to hack into your computer either from having used the PC malware to find the Mac on your network or by physically accessing it while you were away. Another possibility is hard drive failure, but with all the issues with the NAS and windows machine it seems less likely.

first Previous Page 4 of 4