iMac infected with virus that creates hidden windows partition, won’t boot from USB or internet recovery

soundboy13 Said:

"I tried that in recovery mode and I get command not found"

-------

Thank you for the Screenshot. What it infers is that you have nothing on your drive - it's time for a new drive. Your drive is dead.

---

Get this Serviced - Get a New Hard Drive:

Is this covered by AppleCare?

If so, take this up with Apple. Being that Coronavirus Pandemic is going around, Apple Stores are Closed. So, Send-In Service is all that there is at the moment. If not, then contact and AASP.

Verify if it is Covered

Enter your Serial Number Here: Check Your Service and Support Coverage - Apple Support

---

A. Using Send-In Service:

The only option, as of this post, would be to contact Apple, and have it sent it for service/replacement.

1. Apple: would send you a box
2. You: would package it and send it to Apple
3. Apple: would fix it or replace it, if applicable
4. You: would receive it back from Apple

---

B. Contacting Apple Support:

A. Phone Support Info:

• Contact Us - Choose Locations
• USA: 1(800)MY-APPLE
• Proceed from there as Necessary
• NOTE: Calls are taking a moment, so, just stay on the line. Someone will be with you.

C. Chat Session Info:

Being that phone calls are taking a moment, perform a chat session with Apple Support.

Setting Up the Chat Session:

1. Go to: support.apple.com
2. Scroll Down to "Tell us how we can help"
3. Select: Get Support
4. Proceed from there as Necessary

or...

D. Contact an AASP: 

1. Go Here: Find Locations - Apple Authorized Reseller
2. Click: Service & Support
3. Enter: your location information
4. See: if there is an AASP nearby
5. Contact: an AASP (Apple Authorized Service Provider) that shows up, and find out more about the services that they offer to fix the iPhone

soundboy13 Said:

"I appreciate everyone’s help and feedback but I just wanted to focus on reinstalling the OS from USB so I could fix the issues and I didn’t even really go into all of the strange behaviours I keep having every time I format the c1. omputer."

-------

Find Out the following in Terminal:

1. Use: this Command in Terminal:

 system_profiler

2. Scroll Down to: Storage:

To easily find this, use Find

• [ Hold Down: Command + Tap: F ]
• Type: System Software Overview:
• Press: return until it id

3. View: Storage: (The Next Item Down)

• How Many Hard Drives Do You See?
• What Are the File System?
• What is the Capacity?
• How much is Free?

The Output: (Don't Provide It in a Reply)

It Would Look Something Like This:

Macintosh HD - Data:

      Free:

      Capacity:

      Mount Point:

      File System:

      Writable:

      Ignore Ownership:

      BSD Name:

      Volume UUID:

      Physical Drive:

          Device Name:

          Media Name:

          Medium Type:

          Protocol:

          Internal:

          Partition Map Type:

          S.M.A.R.T. Status:

    Macintosh HD:

      Free:

      Capacity:

      Mount Point:

      File System:

      Writable:

      Ignore Ownership:

      BSD Name:

      Volume UUID:

      Physical Drive:

          Device Name:

          Media Name:

          Medium Type:

          Protocol:

          Internal:

          Partition Map Type:

          S.M.A.R.T. Status:

You have been advised by several people all saying the same things.

You don't believe any of us.

Contact Apple support.

Whatever you're seeing, it's not Windows. If you format the drive correctly, there will be nothing left.

To erase everything, boot into Recovery Mode or Internet Recovery Mode (which I presume you've been doing). Launch Disk Utility. Now, choose the topmost, leftmost indented drive in the left column. That's the actual drive's name. Do not select the right indented volume name below that.

Now erase the drive, not the volume. When it's done, close Disk Utility and reinstall the OS.

So It’s absolutely normal to be able to download items (like the Catalina install disk) from the App Store without connecting your Apple ID to your account and without logging in?

From Recovery Mode, or Internet Recovery Mode, yes. In that boot mode, the Mac will only pull the OS from Apple's own servers. It doesn't need your permission to acquire the OS from the safest source possible. There's also no means to login to your account from Safe Mode.

Is it regular to have two thunderbolt bridge connections added to your Ethernet settings, and if you remove them they come back?

Yes, they're part of the Mac's hardware. It will always list what exists. Stop trying to modify it.

I didn’t think I should be able to Install the 15.4 combo update on a system which is already running 15.4, shouldn’t it say it’s already installed?

You can still download and run the 10.15.4 Combo Updater if you want, but what would be the point?

and should IOBoot setting always prevent you from changing login settings in terminal by default? And booting in recovery and using terminal to start in verbose mode will turn itself off by default?

No idea what you're trying to find there. In Safe Mode, Terminal will always behave with a set of predetermined defaults.

and terminal should always go to from bash to zsh mode by default and save a log file of all the commands you enter?

It's not changing from bash to zsh, it's starting up with the zsh shell because that's the default Apple switched to in Catalina.

and if I disconnect the Ethernet cable, wifi will turn itself on and connect to my router using the SSID info and password which I have removed?

Since Wi-fi is automatically enabled with a fresh install of the OS, yes, it will switch. No, it can't connect automatically to your router after installing the OS unless you already provided that information when you installed the OS while in Safe Mode. Otherwise, you have to provide that information again since it's no longer stored anywhere on what was an erased drive.

The behaviour on my “fresh“ installs is not normal. Besides the fact that boot from USB is not working with a fresh install made from terminal using the commands in the Catalina installer, lots of stuff on the computer is not working correctly. Commands which should work in terminal are disabled and settings which I change myself and lock are later changed back to the way they changed on their own.

Now we're back to La-La land. If you insisted in installing third party partitioning software, as it appears you did, just what do think is going to happen to the stability of the OS? As etresoft said, STOP IT!

Seriously, start over in Internet Recovery Mode. Fully erase the drive. Reinstall the OS. STOP installing garbage!

What others suggested in loading EtreCheck is a good idea.

Sure couldn't hurt anything to look.

It will reveal hidden launch daemons that might have installed as trojan horses.

That is the most common thing we look for in the reports. Malware or adware the user installed.

Where a virus will come onto your computer without even provocation.

Except, there has yet to be a single self-propagating virus in OS X / macOS. And we both of course know a Windows virus can't run in the Mac OS. So it wouldn't matter if you had a million of those on your drive. They'd all be nonfunctional.

soundboy13 Said:

"iMac infected with virus that creates hidden windows partition, won’t boot from USB or internet recovery".

-------

Reinstall the macOS Anew. Putting the "virus" controversy aside, it should work like new once installed.

Perform the following in the order provided:

I.  If it applies: Back up your Mac with Time Machine - Apple Support. Also, write down or take a photo of all of your Applications - you will need to reinstall them all later, by contacting the Developer(s) of the app(s). Ask them for a new install key.

Then...

II. Reinstall the macOS Anew:

1. Boot: into Recovery Mode.
2. Open: Disk Utilities
3. Delete: the partition
4. Reinstall: the macOS

Once Installed Anew...

III. Reinstall All the Software:

1. Use Migration Assistant to move Apps a Files back in.
2. Ask developers for new software keys - but contact the developers only --- none other --- or you may end up with malware and spyware installed.

I am not yet convinced the drive is dead.

try internet restore. command-option-shift-R on restart.

while plugged into the ethernet port of your computer. with an ethernet cord to your modem. If it can see your hard drive after erasing with Disk Utility to run the installer, just the restore partition was munged.

Back to your desire to get Catalina on your machine, I don't know why you wanted to use a flash drive instead of the Apple Mac App Store to install Catalina. I am familiar with one program that will put Catalina on a flash drive, and that's Disk Maker. I don't know if it works for Catalina in particular but it does for other operating systems. If you used something else to put it on your flash drive, it may not have been made bootable. Your flash drive should be formatted APFS before making it into an installer. Otherwise the installer won't work.

APFS is not readable by Sierra or earlier, but is the default formatting for all bootable flash drives and SSDs. in High Sierra and above. You need to boot using the startup manager (the option key) to see APFS formatted partitions when your system is only running Sierra or earlier.

You are not getting it, THERE ARE NO MAC OS VIRUSES'!!!!!!!!!!!!!! Post an EtreCheck report of your system and we can look for any obvious issues.

Nope. No virus.

There are no known viruses in the wild that can infect your Mac, certainly not in that fashion.

You are badly misinterpreting what you're seeing.