Macbook hackers are constantly overwriting system files. Reinstalling doesn't help! HELP!

Do yourself a huge favor and stop looking at the macOS system logs. These logs are no longer useful for troubleshooting these days and they always contain lots of cryptic & scary sounding entries. These logs are only meant for software developers that are creating those logs entries in the first place. Unfortunately most of those log entries should never even be enabled on a production OS since they are more for debugging software they are creating.

If you perform a clean install of macOS by first erasing the whole physical drive (Intel Macs only), then your system is clean and anything you are seeing is 100% Mac. Once you begin to restore from a backup, then you may be bringing back your problems if you are restoring apps in addition to your user account(s). Same thing applies when you start installing third party apps....only download & install third party apps from the App Store or the app developer's official site......and then only install the apps you absolutely need. Avoid installing any anti-virus apps, cleaning/optimizer apps, third party security software, and VPNs since they are not needed on a Mac and will only cause more problems.

macOS already has great built-in security as long as the user does their part by practicing safe computing habits as outlined in the following article which I think everyone should read:

Effective defenses against malware and other threats - Apple Community

Or take the device to a professional Apple Authorized Service Provider to perform the clean install & restoration of your data.

To help in fulfilling this request " I have a question, how do I reinstall the system so that nothing from the old system remains, not even the smallest file? "

Part 1 of 2

Scorched Earth Method 

This method will WIPE ALL Data and there is No DATA Recovery - Period.

>> Only works on Intel Based Apple Computer <<

To perform this action will require booting from a Bootable Installer. 

The Bootable Installer can Only be performed on an Apple Computer 

This will have to be performed from a Qualifying Computer to run the version of macOS to be made on the Bootable Installer. Example : Bootable Installer of Big Sur would have to be done on a computer that Qualifies to run Big Sur.

Notation: If the computer being used to perform this action is Too New or Too Old to qualify to run the version of macOS - this computer can’t be used.

Alternative is, to gain access to a Qualifying Apple Computer from a family member, friend or associate.

Shutdown computer and disconnect all external drive Except the newly created Bootable Installer.

Restart and immediately hold the OPTION key until the Startup Manager appears and choose the USB Drive. 

It will present options >> Disk Utilities >> View >> View ALL attached Drives. 

Choose the Upper Most Drive ( not the volumes indented and list below ).

The drive normally is called Apple Media or Apple SSD - that is the drive to Erase and format as APFS with the GUID Partition Map. This applies to macOS 10.14 Mojave and above. 

Formatting for macOS 10.13 High Sierra and below requires HFS Journaled with the GUID Partition Map

Once that is done >> backup out of Disk Utilities and choose install macOS. 

Follow the prompts and it may automatically reboot several time. 

Upon a final reboot - Setup Assist will present with the newer version of macOS.

DO NOT >> use Setup Asset and point it to the Time Machine Backup Drive.

Doing so will migrate all the Older software and application back into the computer

Part 2 of 2

Rooting around in Console looking for problems is a waste of your time

Most of what appears in the Console logs will drive a person mad / crazy

Not since OS X 10.6 Snow Leopard was Console a useful toll to trouble shoot

Why in God's name do you think that you have been hacked? There is nothing - literally nothing - in any of your posts to suggest that. In fact, everything - literally everything - you have posted is consistent with a system that is functionally normally.

All those "greyed out" folders like /net, /var, /etc...they are supposed to be there. They are part of the Unix subsystem of a macOS system. The files with the red circles through them are things like the file system events database (.fseventsd) and the Spotlight search indexes. The red circle means that you don't have permission to modify or even read them because they belong to the OS itself.

Those thousands of log entries - are the OS literally logging all the things it does. It does a lot, lot, lot of things.

So here's a better question - why did you toggle "show hidden files and folders" in the first place? And why would you toggle it and then freak out because it showed you hidden files and folders?

And here's a better recommendation - press Shift-Cmd-Period(.) and toggle the hidden files and folders back off, stop looking at the console, and stop wasting your time trying to remediate a non-existent "hack". You are literally reinstalling the OS over and over again for no reason. Good lord, the time and effort you must have wasted for no purpose.

That's probably it alright.

To recap:

1. Do not turn on SIP
2. Make sure there is HD in machine
3. Reinstall from installer only (non installers can cause errors)
4. Avoid reinstalling files you know are corrupted or other hacked files
5. Reboot everything

Let us know how you get on.

Just to add

The premise of " being hacked " is somewhat misguided

To Hack an Apple Computer would have required the hacker to have direct and physical access to the computer

Then to have management to bypass both the User Account Password by some means

Then to have installed the Hacking Software into the Operating System

Since you have reformatted the drive multi times and reinstalled several different versions of OSX / macOS

It would seem plausible that the computer has never been " Hacked "

The user just thinks they have been

You asked a very specific question and ice one has forgotten

Here it is again " I have a question, how do I reinstall the system so that nothing from the old system remains, not even the smallest file? "

To which a semi reasonable detailed reply has been supplied

MurphD76 wrote:

Yes, that sometimes works but not always.

Delve in, in summary recap.

Perhaps you what to direct your above to those who need help / assistance ?

Be aware, that disabling System Integrity Protection could only be done once a version of macOs has been successfully installed

Not before

Yes, I am paying attention to some of the Posting that appear to be relevant to this question

You are not being hacked. What issue are you having with your Mac?

1. Are you aware that you installed Google on that Mac?
2. Do you know what it does?

Ah, the 👀s for details stricks again 👍