Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: npdl
npdl Author
User level: Level 1
8 points

Malware persist AFTER REFORMAT. PARTITIONED ITSELF ALIVE

Almost lost access to my Mac while trying to reformat my computer. As I reformatted, I watched as 2 drives tried to install themselves as multiples of "APPLE SDD" and "APPLE HDD" . I understand that these are also the default drive names, however , since I was reformatting the computer , there shouldn't have been any more than the single drive I intentionally picked that should have been set up . Unfortunately the reformat process would not complete unless I allowed for a 2nd partioned drive to exist. I really need some help on this one. I monitored the logs as the installation consistently failed . Every time I tried to install the OS I noticed that a bluetooth network request kept firing and crashing during the process. It actually even had a name in the system logs called "mariadynlib" . Please take a look at my system logs . I realize the Erte reports that I have been submitting have always had line items marked (?) . Im realize now why . What do I do if I cannot reformat to remove this thing?

EmbeddedOSInstallService


EmbeddedOSInstallService


system_installd


FollowUpUI



MacBook Pro 15″, macOS 10.12

Posted on Oct 19, 2020 12:09 PM

Reply

Similar questions

13 replies
User profile for user: K Shaffer
K Shaffer
User level: Level 8
35,002 points

Oct 19, 2020 2:14 PM in response to npdl

Could be your 'system time may need to be reset' should this discrepancy be

the issue. For some reinstall from older systems downloader, the date in Mac

would need to be set to avoid a specific problem caused by older installers.


"OS Version: Mac OS X 10.12.6 (Build 16G2136)" may have an older installer.


Newer downloads of most/all of these installers were offered last fall.

If you have not upgraded or used any newer/different one since then

you'd have to try work-around date-change, to make old one work still.


Pages with new/er URLs exist; that may Still not cure your time issue.



~ Your issue may be due to this; a few means to change the system time, to

be able to use older installer software, have been stated in Apple community.


• Redownload Archived MacOS Installers to Address Expired Certificates | TidBITS

https://tidbits.com/2019/10/28/redownload-archived-macos-installers-to-address-expired-certificates/


Read through the above page, and see how to re-install system, by changing the date.

(There had been no 'malware' seen in the reports you attached in this thread.)


Any other actual cause of problems could be resolved with a clean install on

the Mac's hard drive. Given a date via command-line or reset to reflect an old

installer that you may have kept in your Mac from a few years ago.


Those older download/installers had depreciated; so change of date is possible.

If the main problem is clear, that may fix it. A wiped drive and fully new download

file can allow recent dated files to be written on the drive.


Anyway, your statements fail to support theory of malware. ~ However that said

I've set preferences, so I no longer see any notification; perhaps another can assist.


Good luck & happy trails!🐌|🐢

Reply
User profile for user: K Shaffer
K Shaffer
User level: Level 8
35,002 points

Oct 19, 2020 12:36 PM in response to npdl

There are tools available within the online recovery/install utility, that can also fully erase and reinstall..


• How to reinstall from macOS Recovery - Apple Support

https://support.apple.com/en-us/HT204904


If you need to erase before installing macOS, select Disk Utility from the Utilities

window, then click Continue. See: Learn more about when and how to erase.


Good luck & happy trails!🌞🌜

Reply
User profile for user: BDAqua
BDAqua
User level: Level 10
239,483 points

Oct 19, 2020 4:21 PM in response to npdl

Safe Boot, (holding Shift key down at startup), does the problem occur in Safe Mode?


Safe mode attempts to repair Disks & clears lots of caches & loads safe Drivers, & prevents loading of 3rd party extensions, so if Safe Mode works try again in regular boot.


If that doesn't do it, we might find the problem with an etrecheck report.

EtreCheck is a FREE simple little diagnostic tool to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac. It will not display any personal info.

https://www.etrecheck.com/


Pastebin is a good place to paste the whole report if you capture the URL while there…

https://pastebin.com/

Whew, they've changed pastebin & made it harder, but after pasting in, click Create new paste button, then Embed button, then copy the URL...

<script src="https://pastebin.com/embed_js/KuvnghqA"></script>


The important part is...


https://pastebin.com/embed_js/KuvnghqA


Workable but harder for me to work with...the Note tool on the bottom of this editor's toolbar, as shown in the image, to copy and paste the output from EtreCheck. In a Reply before you click post, look for this to add longer texts...

Reply
User profile for user: K Shaffer
K Shaffer
User level: Level 8
35,002 points

Oct 19, 2020 12:55 PM in response to npdl

IF the drive that you see in Disk Utility is the only physical one

inside the Mac, and that may be a damaged partition, instead;

then a full erase and reformat, from top of the drive, is advised.


The link I posted can help the Mac go online and install

from the internet; so 'brand new' hard drives may be used.


Separate physical drives, if only files have been damaged, can

be restored to a new installation; careful use of Time Machine

may help. ~ Just do not bring junk into new systems.


Take care!🌻🐝

Reply
User profile for user: npdl
npdl Author
User level: Level 1
8 points

Oct 19, 2020 1:19 PM in response to K Shaffer

im certain its the primary drive thats infected. I tried to use the internet to reinstall the the OS again , and the OS installation kept failing without a second partition available . One thing that was clear was that the TIME setting was used to prevent the complete os install . If I had 1 partition , the time would always be different

Reply

Malware persist AFTER REFORMAT. PARTITIONED ITSELF ALIVE

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up