WOULD RESTORING OUR SYSTEM TO SOME PRIOR DATE FROM A TIME MACHINE BACKUP KEPT ON A SEPARATE DRIVE ERASE THE TIME MACHINE BACKUPS FOLLOWING THAT RESTORATION DATE?

I have removed tens of thousands of files /System/Library, /Library, and /Users/*/Library the arrogant, rogue, Internet app either installed, changed or let rogue sites install or change on our High Sierra mac.

I have somehow managed to stabilize our mac after repairing hundreds of files changed by the app in /Users/*/Library. But I still have 52,502 files in /Users/*/Library to wade through and decide whether to keep or delete the changed files. It will take me weeks to wade through the mess. Since Time Machine will not restore any /Users/*/Library directory en masse without a complete system restore to the specified date, to keep any of these files I must manually restore each file individually from an offline source.

I changed many of these files with Contacts, Mail, and iTunes because the rogue app let a thief grab passwords to 100s of sites we use, allowed villain to add names and addresses to our contacts while also changing emails of friends and family. Plus we've received hundreds of photos from family and friends since the app was removed that we might lose without properly restoring files in /Users/*/Library.

I have worked on Unix systems since the 1970s and have only twice seen messes that approach this one, 9/11 and the "let's find the size of the Internet" virus that brought down most of the Internet in the 1980s. This rogue app's arrogant disregard for TCP/IP NSLOOKUP protocols, protocols Apple follows and that were fought over by many hundreds of intelligent people over decades, is a root cause of millions of security breaches around world today.

It found defecation that I know I removed because it's listed in one of my "~/defecate/REMOVED.mm-yy-dddd.LIST." But it has not found the virus that keeps defecating in /Users/*/Library nor in /Library. I have turned on full access. Maybe that will work. Maybe, despite running as root, my attempted removals failed. This tool seems to work well and may help me select more the files to keep or remove from /Users/*/Library after in run a complete restore.

Thanks again

Thanks, but it's not necessary. Plus, thanks for the LONGER TEXTS BUTTON. That may be useful in the future. Today is so much different and easier than old interest groups on DARPA net when we didn't have DNS servers and had to know the route to the server of interest.

I've been doing Unix systems since the late 70s so I know how to read such reports. Although macOS isn't Unix, it's close enough for me to love it. I just don't think purchasing an EtreCheck upgrade would be worthwhile, given how little it found for me. Especially, since everything it found would have disappeared when I completed the restore. It found stuff in /Library, not in /Users/*/Library, which would be erased in step 2 below. If I wade through 52,500 files in two weeks I will try this:

1. Copy good /Users/*/Library files to X/*/Library
2. Time Machine Restore / to day before ABC defecation installed on our system
3. Time Machine Restore of /Users to most recent backup
4. Copy snapshot /User/*/Library to Y/*/Library
5. Copy /X/* to /Users/*/Library
6. Resolve any conflicts between Y/*/Library and /Users/*/Library (note, we should have any, but I am old, forgetful, and might screw up)

Again, thanks for your aid and offer of aid.

I do this all the time. I am old and dotty and must correct myself often. Step 3 will restore all /Users/*, except the /Users/*/Library files.

Actually, you can update ~/Library configuration files, you just cannot use Time Machine, but must use a script. This is the reason I'm going through each ~/Library file one at time. To determine whether I keep it in /X/*/Library to restore after moving back in time or leave it. Plus, if I decide to leave it, I'm going to remove it from /Users/*/Library before it goes into another backup.

One problem I have is that /Users/*/Library keeps growing, and growing, and growing. I've processed over 47,000 files in the 52.5K list, but now have another 41K files to wade through. Though it probably wouldn't work, I might just run "for each user; do sudo rm -rf ~user/Library;done" before the last backup before I start restoring files. I'm so sick of this Chrome disease on our system. WHY DOES ABC THINK IT CAN BYPASS EVERYONE'S NSLOOKUP SECURITY? WHY? WHY? WHY?

When I worked at a Wall Street firm nearly 2 decades ago, anyone who installed software that bypassed our network security, which included forbidden NSLOOKUP sites, would have been escorted to the sidewalk immediately, permanently, and with a short "don't come back, wait here for you personal stuff" ceremony. While those trying to use direct IP addresses saw our routers' NAT tables ruin their breaches. The latter would get one warning. And now there's an international company promoting this lack of security.

Thank you, I will give this a try. I and my family added over 600 files to our list.

I read all those pages 3 times before asking this question. Your answer, however, reassures me. So I will try the double restores ASAP, OS to older version, /Users (except for ~/Library) thereafter. The reason I asked is simple, a friend lost his job when an application tossed the forward backups after a restore from the night before 9/11. But that was MS, not Apple.

Thanks very much