Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: fudgenut
fudgenut Author
User level: Level 1
4 points

iMac bash shows trojan virus?

Freaking out here. I'm on an iMac 2017. Called for help with a Brother printer. Using TeamViewer, the man pulled up iMac - bash - 80x24. There are a ton of numbers on it like these:

2b985d728fafd                0


3d82b985d728f8a5 dgram       0      0                0 3d82b985d729800d                0 3d82b985d7290205


3d82b985d7290205 dgram       0      0                0 3d82b985d729800d                0 3d82b985d7298d55


And at the bottom it says "iMac$ found trojan virus" .


Eeek! What now? Please explain like you're talking to your mom. Thanks!

iMac Line (2012 and Later)

Posted on Dec 30, 2021 11:46 AM

Reply
Question marked as Best reply
User profile for user: HWTech
HWTech
User level: Level 9
56,168 points

Posted on Dec 31, 2021 5:33 PM

Run MalwareBytes to see if anything is found.


You can also run EtreCheck and post the report here using the "Additional Text" icon which looks like a piece of paper. If you give EtreCheck "Full Disk Access", then the summary of the recent logs will also be included.


Edit: Personally I would perform a clean install by first erasing the whole physical drive before installing macOS and restoring from a backup made before you had the incident. Who knows what that person did to your Mac. They could easily have compromised the security and installed a back door to get access to the Mac later on. You can either boot into Internet Recovery Mode (Command + Option + R) or by creating & booting from a macOS USB installer. Within Disk Utility you will need to click "View" and select "Show All Devices" so that the physical drive appears on the left pane of Disk Utility. Select the physical drive and erase it as GUID partition and APFS (top option). The physical drive will be named something like "Apple SSD ....".

View in context

Similar questions

5 replies
Question marked as Best reply
User profile for user: HWTech
HWTech
User level: Level 9
56,168 points

Dec 31, 2021 5:33 PM in response to fudgenut

Run MalwareBytes to see if anything is found.


You can also run EtreCheck and post the report here using the "Additional Text" icon which looks like a piece of paper. If you give EtreCheck "Full Disk Access", then the summary of the recent logs will also be included.


Edit: Personally I would perform a clean install by first erasing the whole physical drive before installing macOS and restoring from a backup made before you had the incident. Who knows what that person did to your Mac. They could easily have compromised the security and installed a back door to get access to the Mac later on. You can either boot into Internet Recovery Mode (Command + Option + R) or by creating & booting from a macOS USB installer. Within Disk Utility you will need to click "View" and select "Show All Devices" so that the physical drive appears on the left pane of Disk Utility. Select the physical drive and erase it as GUID partition and APFS (top option). The physical drive will be named something like "Apple SSD ....".

Reply
User profile for user: fudgenut
fudgenut Author
User level: Level 1
4 points

Dec 30, 2021 12:04 PM in response to stedman1

Wow! I'm usually not that stupid. So that means someone has installed a Brother lookalike page with a chat box which tells you to give them your name and phone number. Then the scammer calls you on the pretense of fixing your problem. Wow. As soon as I saw the words "trojan virus" I got off the phone and closed Teamviewer.


So all the numbers on the iMac bash are okay?


What about "found Trojan virus"?

Reply
User profile for user: HWTech
HWTech
User level: Level 9
56,168 points

Jan 2, 2022 11:26 AM in response to fudgenut

Keep in mind that does not mean the person did not do something else to compromise your computer such as lower some security settings in order to attempt to remotely access your computer later on. It is also possible the person could have left some app behind which is unknown to MalwareBytes since it is difficult to detect brand new types of nasty apps.

Reply

iMac bash shows trojan virus?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up