Travelbug3

Q: What company can clean virus and spyware from Yosemite 10.10.3?

My email and LinkedIn accounts were hacked. I downloaded a Avast security for Mac and ran a full scan. The scan said that I had 6 files infected with a virus and spyware for Windows and 904 files that cannot be scanned. Avast told me that I needed to pay for an emergency repair service because the files that cannot be scanned are probably encrypted by a virus or spyware. It took them 6.5 hours and 7 technicians for them to tell me that their software tools are not compatible with Mac Yosemite 10.10.3!  They could not even download their own software much less diagnose or fix the problem. And they still expect me to pay them. Now I don't know what to do. Is there any company that can clean my Mac?

MacBook Pro with Retina display, OS X Yosemite (10.10.3)

Posted on May 19, 2015 9:26 PM

Close

Q: What company can clean virus and spyware from Yosemite 10.10.3?

  • All replies
  • Helpful answers

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 May 19, 2015 9:33 PM in response to Travelbug3
    Level 8 (43,827 points)
    iPhone
    May 19, 2015 9:33 PM in response to Travelbug3

    Your Mac does not need "cleaning" and does not have a virus. Anti-virus software is not helpful, and in some cases, harmful. Windows viruses cannot infect a Mac. Uninstall Avast as it is one of the more worse ones. Your email account can be hacked from anywhere, it has nothing to do with malicious files installed on a particular computer. Either you fell for a phishing attempt or someone guessed your password. If you've changed it, no further action is needed.

  • by Travelbug3,

    Travelbug3 Travelbug3 May 19, 2015 10:43 PM in response to stevejobsfan0123
    Level 1 (0 points)
    May 19, 2015 10:43 PM in response to stevejobsfan0123

    Stevejobsfan0123, thank you for your reply. I am getting a lot of conflicting information about this.

     

    I was told by someone from the Genius Bar at an Apple store that even though the malware will not affect my Mac, people with PCs can be infected if I send files with viruses to them.

     

    I believe that I was hacked because I mistakenly downloaded a file to Dropbox that I should not have downloaded. I became concerned because after I changed my email password, a few people reported receiving a scam email from me. This was up to perhaps an hour or so after I changed my password, so I am really not sure whether the email was sent after I changed my password or if it went out earlier, but was received later. As far as I know, further emails have not been sent.

     

    Also, the fraud squad at the company of someone I know advised me to close my email account because there may be a sniffer on it allowing the hacker to read my changed passwords. I really don't want to close my email account, so I was hoping to determine whether there is malware actually in my computer that can be taken out so that the hacker cannot continue to access my email.

     

    I am definitely uninstalling Avast's software if only because I am so angry with the company.

  • by thomas_r.,Solvedanswer

    thomas_r. thomas_r. May 20, 2015 4:47 AM in response to Travelbug3
    Level 7 (30,924 points)
    Mac OS X
    May 20, 2015 4:47 AM in response to Travelbug3

    Your accounts were almost certainly not hacked due to any kind of malware on your Mac. These things happen all the time for a variety of reasons not related to malware, and there is currently no known malware capable of infecting a Mac running Yosemite. Certainly, there could be something new and as-yet undiscovered by the security community, but that's unlikely unless you believe you could have been very specifically targeted by someone capable of infecting you with custom malware.

     

    Also, note that there cannot be a "sniffer" on your e-mail account unless your entire e-mail provider has been compromised.

     

    If you believe that you may have been targeted by someone you know and/or who would be able to obtain physical access to your computer, and who you suspect has installed a keylogger, the only option to ensure your computer is clean would be to erase the hard drive and reinstall everything from scratch:

     

    How to reinstall Mac OS X from scratch

     

    (Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

     

    I think this is unlikely to be necessary, of course. But if this is required to give you peace of mind, it's worth the hassle.

     

    The only thing in your story that really concerns me is the behavior of the Avast techs. How did you contact them? The reason I ask is that, as much as I lack any respect for Avast, this seems way over the top even for them. There are a lot of scams out there these days, and if you Googled something like "Avast support phone number," the top items won't actually be in any way related to Avast:

     

    Screen Shot 2015-05-20 at 7.39.38 AM.png

     

    If you called someone other than Avast, and gave them control of your computer, then I definitely, 100% would recommend erasing the hard drive and reinstalling everything. In such a case, you may very well have been compromised, and there's no way to determine for sure what they might have done.

  • by maharitho,

    maharitho maharitho May 20, 2015 5:09 AM in response to Travelbug3
    Level 1 (45 points)
    iPhone
    May 20, 2015 5:09 AM in response to Travelbug3

    Well mac have the safest environment till now and it won't be easily hacked.

     

    There is one app that have good reputations ( AdwareMedic) and its free to use and clean. If you are from those who's obsessed with security like me then I recommend checking with bitdefender as they have AV plus other security measures. They got respectful reputation and analysis from many mac experts as well, but this service not completely  free and again you will feel safe more.

  • by thomas_r.,

    thomas_r. thomas_r. May 20, 2015 5:33 AM in response to maharitho
    Level 7 (30,924 points)
    Mac OS X
    May 20, 2015 5:33 AM in response to maharitho

    AdwareMedic won't protect against malware. It's a good tool, but recommending it here is like recommending a hammer for driving a screw. (And that's coming from the author of AdwareMedic - ie, me!)

     

    As for BitDefender, using that is not something I'd recommend. Using their free App Store offering for on-demand scanning wouldn't hurt (although it wouldn't solve the problems described here), but I would not spend money on their other App Store product, nor would I install the software from the BitDefender website.

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT May 20, 2015 5:43 AM in response to Travelbug3
    Level 5 (7,803 points)
    Mac OS X
    May 20, 2015 5:43 AM in response to Travelbug3

    your genius at the bar is correct, if you get a virus sent to you and you forward it to a Windows PC user and their anti-virus does not detect it and they perform the necessary actions to enable the attack they will be affected. Theoretically a Mac Anti-Virus might alert you that you have a Windows exploit of some kind, however if you were sent a link to an dodgy site and forwarded to a Windows PC user your Anti-Virus might never notice and they could still be affected or lured into some false install of something legitimate for a less than legitimate purpose. On the Mac the best defense against virus, and more importantly scams are users who are aware of how attacks are propagated and distributed and the limits of AV on both platforms.

     

    I'm testing BitDefender on my windows 7 build and it's okay, but I would not add it to any of my macs for any reason at this time. Most of the AV testing i've done on macs is that they are more harm than good even in a mixed environment and the user who's aware of how these attacks work are a tremendous asset.

  • by Travelbug3,

    Travelbug3 Travelbug3 May 20, 2015 7:57 AM in response to thomas_r.
    Level 1 (0 points)
    May 20, 2015 7:57 AM in response to thomas_r.

    Thanks very much for your reply, Thomas.

     

    The email account that was hacked was a free web-based Outlook account, so my email provider would be Microsoft. If a sniffer cannot be put solely on my account, then I feel a lot better.

     

    This happened because I clicked on a link to download a document that someone sent to me in an email that I received via LinkedIn. I normally would not download something from an email like the one that I received -- I know better -- but I was distracted and not really thinking when I did it. My concern came from the fact that (1) I knew that I downloaded a file with a virus, (2) the infected file came from LinkedIn, but it resulted in an email account being hacked in addition to my LinkedIn account (they had completely different passwords), and (3) it appeared that someone was still in my email account after I changed the password. Then, of course, the Avast scan indicated that I did indeed have a virus and spyware in my computer.

     

    Nobody has had physical access to my computer and there is no reason to believe that anyone specifically targeted me, so I am not going to erase my hard drive and reinstall everything.

     

    After being advised by multiple people that I should scan my computer, I conducted internet research to find a scanner that would work on a Mac. I ended up going with Avast because I used them when I had a PC, I thought they were reputable (I never needed them for anything except their free security software, so I had no experience with them as a service provider), and they had a program that was clearly marked as being for Mac computers, which I downloaded from their website. While I was trying to figure out what to do with the infected files (after moving them to the chest, I didn't know what the alternative to deleting them was), I came across their phone number on their website. So I called to ask about what to do after something is moved to the chest and whether I should be concerned about the files that could not be scanned. After they told me about their emergency repair service (or pay more money and be able to call them once a month for a year), I went to the Apple Store to see what they would charge to do the repair. If not significantly more expensive (as Avast told me they would be), I thought it would be better to have Apple deal with the problem.

     

    The guy at Apple told me that they do not clean up malware or repair infected files. He said that they don't deal with data, so I should use a security company for that and then, if I want, they will take out and reinstall everything. I would like to tell you how I went through 7 techs and 6.5 hours with Avast, but that is too long a story and this message is already too long. I will just say that nobody should ever have accessed my computer because the sales rep and all of the technicians should know which operating systems are compatible with their tools so they can tell customers up front whether they can use Avast's service. Also, the customer service rep with whom I spoke at the end was awful. He insisted that because the technicians spent time "working on" my computer (they did nothing because they could not download their tools), I am responsible for paying their fee under the terms of service to which I agreed. I am still disputing this and I am even more upset now that you are telling me that, with respect to Macs, they are really operating a sham service anyway.

     

    After reading your comments, I am going to hope that the problem was resolved when I changed my passwords and do nothing further unless something else happens.

  • by Travelbug3,

    Travelbug3 Travelbug3 May 20, 2015 8:02 AM in response to JimmyCMPIT
    Level 1 (0 points)
    May 20, 2015 8:02 AM in response to JimmyCMPIT

    Thanks, Jimmy.

     

    I was thinking that I might attach infected files that are on my computer to emails that I send to other people and then if the recipients have PCs, their computers could be affected by the virus.

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT May 20, 2015 1:14 PM in response to Travelbug3
    Level 5 (7,803 points)
    Mac OS X
    May 20, 2015 1:14 PM in response to Travelbug3

    the vast majority of Windows AV is light years better than mac. If you send a virus a PC user running AV (and if you use the web on a PC you should not be without something) the AV would likely pick it up and quarantine .

    Then when your recipients say "your email had a virus attached to it" you tell them "That's why I use mac, not PC"

  • by Boyd Porter,

    Boyd Porter Boyd Porter May 20, 2015 1:38 PM in response to thomas_r.
    Level 4 (1,002 points)
    May 20, 2015 1:38 PM in response to thomas_r.

    .

  • by Travelbug3,

    Travelbug3 Travelbug3 May 20, 2015 5:36 PM in response to JimmyCMPIT
    Level 1 (0 points)
    May 20, 2015 5:36 PM in response to JimmyCMPIT

     

  • by Group6,

    Group6 Group6 Sep 16, 2016 11:26 AM in response to thomas_r.
    Level 1 (13 points)
    Sep 16, 2016 11:26 AM in response to thomas_r.

    Allow me to respectfully disagree with the suggestion Macs can't contract useful malware.  One of my Macs is a Mini, then using Yosemite, and an iPad.

     

    I have a Hotmail address as one of my e-mails.  A particularly helpful feature of Hotmail/Outlook accounts is the ability to see from where an address has been accessed.  My Hotmail address had been accessed by someone in Russia so I changed passwords. 

     

    About two weeks later I noticed the address, which now had a 17 character password, had been accessed by someone in the U.S. where I don't live and had not visited.  It's very unlikely but possible for a 17 character password to be cracked by brute force or dumb luck.  So, I put a quite different 17 character password on the account which was accessed by two U.S sites not visited by me and one in Russia.  I would argue the chances of two 17 character passwords being cracked within a month would take the entire resources of the NSA.  I took the Mini off line and sought help on these boards with the iPad.

     

    Below is a slightly edited log from the Mini.  The Mini's name has been xxxx'd out, some content omitted and some lines enhanced with a larger font.  Nothing has been added to the logs.  You'll see the iChat app has been perverted and what appears to this non-expert as evidence for 1 or 2 more spyware corruptions.  I have never used iChat.  Please let me know if I've accidentally included anything personally identifiable.

     

    I've noted:

     

    Albert Apple at 16:19:14, 16:34:14

     

    iChat & Observer at 16:44:32,  16:45:06

     

    Secret screen shot  at 16:45:02

     

    Aug 25 16:18:52 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:18:52 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:19:14 --- last message repeated 92 times ---

    Aug 25 16:19:14 xxxxxxx-Mac-mini.local apsd[72]: Got connection error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo=0x7fa380764ea0 {NSUnderlyingError=0x7fa380546dd0 "The Internet connection appears to be offline.", NSErrorFailingURLStringKey=https://albert.apple.com/deviceservices/deviceActivation?device=MacOS, NSErrorFailingURLKey=https://albert.apple.com/deviceservices/deviceActivation?device=MacOS, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=The Internet connection appears to be offline.}

    Aug 25 16:19:14 xxxxxxx-Mac-mini.local apsd[72]: <APSCertificateManager: 0x7fa380622880>: Failed to get client cert on attempt 51, will retry in 900 seconds

    Aug 25 16:19:14 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:19:44 --- last message repeated 109 times ---

    Aug 25 16:19:44 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:19:44 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:20:14 --- last message repeated 118 times ---

    Aug 25 16:20:14 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:20:14 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:20:44 --- last message repeated 118 times ---

    Aug 25 16:20:45 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:20:45 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:21:15 --- last message repeated 118 times ---

    Aug 25 16:21:16 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:21:16 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:21:46 --- last message repeated 118 times ---

    Aug 25 16:21:46 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:21:46 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:21:53 --- last message repeated 34 times ---

    Aug 25 16:21:53 xxxxxxx-Mac-mini.local cloudphotosd[362]: Wait for push token timeout after 300s

    Aug 25 16:21:55 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet gener

     

    Aug 25 16:34:01 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:34:14 --- last message repeated 58 times ---

     

    Aug 25 16:34:14 xxxxxxx-Mac-mini.local apsd[72]: Got connection error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo=0x7fa3807464f0 {NSUnderlyingError=0x7fa382923610 "The Internet connection appears to be offline.", NSErrorFailingURLStringKey=https://albert.apple.com/deviceservices/deviceActivation?device=MacOS, NSErrorFailingURLKey=https://albert.apple.com/deviceservices/deviceActivation?device=MacOS, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=The Internet connection appears to be offline.}

     

    Aug 25 16:34:14 xxxxxxx-Mac-mini.local apsd[72]: <APSCertificateManager: 0x7fa380622880>: Failed to get client cert on attempt 52, will retry in 900 seconds

    Aug 25 16:34:17 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:34:47 --- last message repeated 119 times ---

     

    Aug 25 16:44:08 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:44:32 --- last message repeated 94 times ---

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local WindowServer[141]: CGxDisplayDidWakeNotification [42537479086824]: posting kCGSDisplayDidWake

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local WindowServer[141]: handle_will_sleep_auth_and_shield_windows: Deferring.

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>: notification observer: com.apple.iChat   notification: __CFNotification 0x7fc289fd32b0 {name = _NSDoNotDisturbDisabledNotification}

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local loginwindow[88]: ERROR | -[LWBuiltInScreenLockAuthLion askForPasswordBuiltIn:] | Attempted to add an observer when already observing

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>:    NC Disabled: NO

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>:   DND Enabled: NO

    Aug 25 16:44:32 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>: Updating enabled: YES   (Topics: (

         "com.apple.private.ids"

      ))

    Aug 25 16:44:33 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:45:02 --- last message repeated 119 times ---

    Aug 25 16:45:02 xxxxxxx-Mac-mini.local WindowServer[141]: device_generate_desktop_screenshot: authw 0x7fd53f1b97a0(2000), shield 0x7fd53f244980(2001)

     

    Aug 25 16:45:02 xxxxxxx-Mac-mini.local WindowServer[141]: device_generate_lock_screen_screenshot: authw 0x7fd53f1b97a0(2000)[0, 0, 1280, 1024] shield 0x7fd53f244980(2001), dev [1280,1024]

     

    Aug 25 16:45:02 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>: notification observer: com.apple.iChat   notification: __CFNotification 0x7fc28bb013a0 {name = _NSDoNotDisturbEnabledNotification}

    Aug 25 16:45:02 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>:    NC Disabled: NO

    Aug 25 16:45:02 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>:   DND Enabled: YES

    Aug 25 16:45:02 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>: Updating enabled: NO   (Topics: (

      ))

    Aug 25 16:45:05 xxxxxxx-Mac-mini.local apsd[72]: Certificate not yet generated

    Aug 25 16:45:06 --- last message repeated 11 times ---

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local WindowServer[141]: CGxDisplayDidWakeNotification [42571646988996]: posting kCGSDisplayDidWake

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local WindowServer[141]: handle_will_sleep_auth_and_shield_windows: Deferring.

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local loginwindow[88]: ERROR | -[LWBuiltInScreenLockAuthLion askForPasswordBuiltIn:] | Attempted to add an observer when already observing

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>: notification observer: com.apple.iChat   notification: __CFNotification 0x7fc289fd55e0 {name = _NSDoNotDisturbDisabledNotification}

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>:    NC Disabled: NO

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>:   DND Enabled: NO

    Aug 25 16:45:06 xxxxxxx-Mac-mini.local identityservicesd[265]: <IMMacNotificationCenterManager: 0x7fc289f8ed10>: Updating enabled: YES   (Topics: (

         "com.apple.private.ids"

      ))