HT201222: Apple security updates

Learn about Apple security updates
Deborah Hughes

Q: facebook says I may have malware on my macbook.  what do I do?

Facebook has blocked my account and sends me to the Apple updates page.  According to Apple, I have all the current updates.  Do I have malware on my macbook? What do I do?

MacBook (13-inch Late 2009), Mac OS X (10.7.3)

Posted on Nov 26, 2012 8:56 AM

Close

Q: facebook says I may have malware on my macbook.  what do I do?

  • All replies
  • Helpful answers

  • by mende1,

    mende1 mende1 Nov 26, 2012 8:57 AM in response to Deborah Hughes
    Level 10 (93,329 points)
    Desktops
    Nov 26, 2012 8:57 AM in response to Deborah Hughes

    Facebook has nothing to do with your Mac. What error did it show?

  • by thomas_r.,

    thomas_r. thomas_r. Nov 27, 2012 4:12 AM in response to Deborah Hughes
    Level 7 (30,934 points)
    Mac OS X
    Nov 27, 2012 4:12 AM in response to Deborah Hughes

    Generally, this sort of thing happens when your Facebook account gets hacked and used to send Facebook spam. On a Mac, it has nothing to do with malware of any kind. You will need to get Facebook to let you back in and make sure to change your password once it is enabled again (assuming that's not already a part of the re-enabling process). See this document:

     

    http://www.facebook.com/help/185747581553788/

  • by nhyankee,

    nhyankee nhyankee Nov 3, 2014 9:38 PM in response to thomas_r.
    Level 1 (0 points)
    Nov 3, 2014 9:38 PM in response to thomas_r.

    Replied in wrong place. Only see that I can edit, not delete. Ignore this.

  • by nhyankee,

    nhyankee nhyankee Nov 3, 2014 9:32 PM in response to Deborah Hughes
    Level 1 (0 points)
    Nov 3, 2014 9:32 PM in response to Deborah Hughes

    I'm going through this now for the 2nd time this year, the first time Facebook kept me from posting from my Macbook Pro for 3 weeks. The 1st time, I ran Sophos and it came up clean so I did nothing, they just let me in one day. My iMac, iPad & iPhone each still had access.

     

    Today: I ran Sophos earlier and came up with "no threats found" as well as "issues detected", came to this community and found several posts stating that "issues detected" is nothing to be concerned about, just Sophos finding encrypted files (same with a Google search). I decided to also download ClamXav from the App store and am running it now... 21 Win Trojans detected, so far. All related to Ebay and selling on Ebay. Thought I had cleaned up the computer good, as it is very limited on space and I'm not upgrading until next May. I'll contact FB tomorrow to clear this up, don't contact through their help center, Google best way to contact facebook and you get more direct options.

     

    Bottom Line: ClamXav - download it Free from the App store.

  • by RoyalFlushAK(s),

    RoyalFlushAK(s) RoyalFlushAK(s) Nov 3, 2014 11:25 PM in response to Deborah Hughes
    Level 1 (8 points)
    Mac OS X
    Nov 3, 2014 11:25 PM in response to Deborah Hughes

    I did have the same trouble and took my MacBook to the Apple store where a genius recommended to get a new laptop because the malware could not be removed. I did and since that time I'm back in business. So, get out there in the world and get yourself a new machine.

  • by MadMacs0,

    MadMacs0 MadMacs0 Nov 4, 2014 12:29 AM in response to RoyalFlushAK(s)
    Level 5 (4,801 points)
    Nov 4, 2014 12:29 AM in response to RoyalFlushAK(s)

    RoyalFlushAK(s) wrote:

     

    a genius recommended to get a new laptop because the malware could not be removed.

    Although you probably made the right decision, I don't think much of your Genius' reasoning. I don't believe there is any Mac Malware that I could not remove, unless it was something installed by somebody with physical access to your computer. Most Geniuses I know would offer to erase your drive and reinstall the System for you, which would give you a totally clean and useable Mac again. Obviously you would have needed to have backed up your document files to restore them.

  • by thomas_r.,

    thomas_r. thomas_r. Nov 4, 2014 3:12 AM in response to RoyalFlushAK(s)
    Level 7 (30,934 points)
    Mac OS X
    Nov 4, 2014 3:12 AM in response to RoyalFlushAK(s)

    RoyalFlushAK(s) wrote:

     

    I did have the same trouble and took my MacBook to the Apple store where a genius recommended to get a new laptop because the malware could not be removed.

     

    I'll say it a bit more strongly than MadMacs0 did... that "Genius" deserves to be fired! There is no such thing, on the Mac, as malware that cannot be removed. Worst case scenario, the hard drive needs to be erased and everything reinstalled from scratch. There's never any call for replacing Mac hardware just because of a malware issue.

     

    In the case of this particular topic, as has already been said, these Facebook notifications don't actually have anything to do with malware on a Mac at all, and are usually the result of your account getting hacked... so you definitely shouldn't be replacing your Mac just because Facebook said you may have a virus!

  • by nhyankee,

    nhyankee nhyankee Nov 4, 2014 4:46 AM in response to RoyalFlushAK(s)
    Level 1 (0 points)
    Nov 4, 2014 4:46 AM in response to RoyalFlushAK(s)

    That genius needs to return to Cupertino, California for more training. I would wipe the drive, then remove or avoid the files from by back up and then restore before buying a new machine.

  • by WZZZ,

    WZZZ WZZZ Nov 4, 2014 6:29 AM in response to thomas_r.
    Level 6 (13,112 points)
    Mac OS X
    Nov 4, 2014 6:29 AM in response to thomas_r.

    I agree the Genius was talking through his hat and certainly wasn't thinking of the following. But--and must be very rare, if it exists at all, and probably only hypothetical--what about malware infecting the firmware? Not talking about USB firmware hacks either.

  • by thomas_r.,

    thomas_r. thomas_r. Nov 4, 2014 6:40 AM in response to WZZZ
    Level 7 (30,934 points)
    Mac OS X
    Nov 4, 2014 6:40 AM in response to WZZZ

    There is no known Mac malware that infects the firmware. Such things have been theorized from time to time, but have never actually been done. There was, at one point, a vulnerability in certain keyboards that could be used to install malware in the keyboard's firmware, but the utility of doing this was so limited that it was never actually implemented in real malware.

  • by nhyankee,

    nhyankee nhyankee Nov 4, 2014 8:12 AM in response to Deborah Hughes
    Level 1 (0 points)
    Nov 4, 2014 8:12 AM in response to Deborah Hughes

    Update:

    I had set ClamXav to put the infected files into a new "Quarantine Folder" (need to set this in clams settings & then create the folder). I awoke this morning to the completed scan, selected the folder and performed the Secure Empty Trash function (not standard empty trash). Restarted my Macbook Pro and ta-da, allowed to post in facebook again. Didn't even need to contact them. Cost: $0

  • by MadMacs0,

    MadMacs0 MadMacs0 Nov 4, 2014 10:52 AM in response to nhyankee
    Level 5 (4,801 points)
    Nov 4, 2014 10:52 AM in response to nhyankee

    nhyankee wrote:

     

    I awoke this morning to the completed scan, selected the folder and performed the Secure Empty Trash function (not standard empty trash).

    Glad you got that taken care of.

     

    Secure Empty Trash didn't do any more than a regular one would have except take more time. That only needs to be used when you get rid of the hard drive (or computer) and are concerned that somebody will go to the trouble of trying to recover that information from the hard drive, which is a laborious process that probably only a forensic law enforcement person would have time to do. A regular empty trash will completely disable any malware you may run across.

     

    Also it sounds like you deleted the entire quarantine folder, which is also not necessary. Just drag the folder contents to your Trash Can and empty it next time.