Malware / Virus on Logic Board Purchased on Ebay ???

<< PFM006 and PPN001 errors. >>

decoder for those codes is here:

Apple Diagnostics reference codes - Apple Support

they indicate fairly un-ambiguously that the board is bad, and the System Management [micro-]Controller (SMC) is either not working or cannot determine that state of the temperature sensors, so the fans Fail-Safe at maximum speed.

if that board was sold you you as tested, working, that is NOT its condition, and you should return it for a refund based on "goods not as advertised"

if your local security number or credit card info was also sold or stolen, that is a separable issue, and NOT caused by this board.

The boot sector of a disk is still on the disk. A logic board doesn't have storage where malware could be hidden - well, not unless you are a Nation-state intelligence service target and they are willing to go to all the expense of a custom supply-chain attack...via a used logic board...from an eBay reseller...

gknitz wrote:

I am under the impression that the Apple Diagnostics and Apple Updates run from different partitions than the Macintosh HD Volume you normally see mounted.

Diagnostics (aka AHD) is located in /System/Library/CoreServices. The updates app is located in /System/Library/AssetsV2. They are both inside the Macintosh HD system volume and as such are contained within the Sealed System Volume (SSV) and would not be accessible to a hacker ... even if they do access the network when running.

There are so many sources for your personal information to have been put on the dark web that it is far more likely your recent credit alert came from one or more of the well known data breaches across the world than from an unlikely boot virus on your Mac. Coincidence ≠ causality.

If you are convinced that there is some hidden malware in your logic board then return it to the seller and get a refund.

Even if you could somehow change permissions on an SSV-protected file, your Mac would be rendered inoperable because the o/s's cryptographic signature would no longer pass Apple's boot time checks. That's the whole point of securing the operating system in a signed system volume.

The 'boot sector' is on the hard drive, and is not capable of making independent network connections to rat you out to the dark web. Also, it does not yet have any access to your locked information, and likely no access to your social security number at all.

You are Massively over-thinking this.

Are you a national calibre activist or politician? if yes, you need to take extra steps at every turn to protoct your information from national calibre hackers.

if not, I recommend you not worry about viruses sent to you by being implanted in the boot blocks of a board that does not even work properly. It has no access to your passwords until you supply your Admin password, and YOUR encrypted passwords would only be on that board AFTER you migrated your information from your previous Mac.

When you ERASE the EFI partition on that drive, NOTHING gets added to MacOS that was not already in the Mac's Read-Only Memory. (Way too hard for ordinary hackers)