User profile for user: losouno
losouno Author
User level: Level 1
4 points

Need help removing a potential keylogger

Long story short, I believe that I accidentally downloaded a keylogger onto my mac mini when I downloading software from https://goheard.io/ for a call. I tried installing it despite some of the warning signs and at the end of it I heard the system with a file movement sound, similar to when you send something to the trash. With my suspicion, I then proceeded to scan the file on internxt.com and virustotal.com which confirmed that the file I installed did indeed contain a keylogger virus (screenshots) provided. I've ran avast and mackeeper scans to no avail. I'm currently scanning via malware bytes and kaspersky, hopefully these software can find it and eradicate!


My question is should I just wipe the machine and start over or is there a better way I can locate and remove the malware? I'm also trying the activity monitor route but I'm afraid of bricking the machine if I force quit something crucial.


Thank you in advance!!

Mac mini (M1, 2020)

Posted on Mar 27, 2024 9:29 AM

Reply
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
154,880 points

Posted on Mar 27, 2024 11:25 AM

You will not brick the Mac by force-quitting anything. It's quite impossible.


Before you delve too deeply into things, the best, fastest and easiest way to ameliorate the situation is to restore a Time Machine backup created prior to installing the suspect malware: Recover all your files from a Time Machine backup - Apple Support


If you did not create a TM backup then yes, erase the Mac. The reason is that it is literally impossible to ensure all remnants of whatever it was you installed are eradicated. You might, for example, find a keylogger installed and successfully uninstall it, while another, more difficult to find keylogger or similar malicious process remains.


If you are morbidly curious though, go ahead and post a screenshot of Activity Monitor. Be sure to select "all processes" and capture everything, even inactive processes. Bear in mind the caveats I posted above.


Place zero trust in any so-called "virus scanner" regardless of how "trusted" or popular they may be. Keyloggers are not viruses and they are not malware. If it were my Mac I'd erase it (or restore a TM backup; same thing).


FYI I loaded the website in question and it did not prompt me to download anything such as the "Setup(2).dmg" you alluded to. If it did I might be able to determine just what it attempted to install.

View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: John Galt
John Galt
User level: Level 10
154,880 points

Mar 27, 2024 11:25 AM in response to losouno

You will not brick the Mac by force-quitting anything. It's quite impossible.


Before you delve too deeply into things, the best, fastest and easiest way to ameliorate the situation is to restore a Time Machine backup created prior to installing the suspect malware: Recover all your files from a Time Machine backup - Apple Support


If you did not create a TM backup then yes, erase the Mac. The reason is that it is literally impossible to ensure all remnants of whatever it was you installed are eradicated. You might, for example, find a keylogger installed and successfully uninstall it, while another, more difficult to find keylogger or similar malicious process remains.


If you are morbidly curious though, go ahead and post a screenshot of Activity Monitor. Be sure to select "all processes" and capture everything, even inactive processes. Bear in mind the caveats I posted above.


Place zero trust in any so-called "virus scanner" regardless of how "trusted" or popular they may be. Keyloggers are not viruses and they are not malware. If it were my Mac I'd erase it (or restore a TM backup; same thing).


FYI I loaded the website in question and it did not prompt me to download anything such as the "Setup(2).dmg" you alluded to. If it did I might be able to determine just what it attempted to install.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
154,880 points

Mar 27, 2024 12:42 PM in response to losouno

I have been perusing that website, but without a meeting ID I can't join anything (and I don't want you to post a meeting ID on this site). However, if you were prompted to download an .exe file it can't do anything on a Mac anyway.


The file you scanned was a .dmg — a macOS disk image file, which may expand to include that useless .exe file, which may have included some Windows malware, which in turn may have been identified by whatever product you used to scan it.


I held off commenting about "MacKeeper" which is arguably malware. If you installed it, uninstall it according to its instructions, which are ironically effective.


If you actually used it (as opposed to merely installing it) then erase the Mac.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Need help removing a potential keylogger

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up