john288 wrote:
There are different variants of names for this malware but the steps of removal should be the same unless it has advanced.
Oh, my god someone who "skates to the where the buck is going to be" !
Good job there John! Your absolutely correct.
To be a bit more through in one's eradication efforts, one should assume that ANY malware or installer that's malicious that one gave their Admin password too has done everything imaginable to their machine.
The reason for that is that malware does advance! Others alter it to make it more lethal knowing the half applied measures are going to be applied. 😉
Note: If you didn't give this (or any malware) your admin password then you should be safe with just the simple delete methods.
The only sure fire method is to return the machine to as close to factory conditions as possible and then update.
This means:
1: Backing up of files manually (not Time Machine as it's infected as well) Turn off any router, disconnect from networks.
2: Hold c and boot off the OS X installer disk that came with your computer (or the latest OS disk your using)
3: Select Disk Utility > Your boot drive > Erase > Security Option Zero > Format HFS+ Journaled and let it rip for hour or so. (all data will be destroyed!)
4: Quit > Install OS X fresh and Software Update via your modem connection with a Ehternet cable (not the router if possible as it can be infected and the DNS changed)
5: install programs from fresh sources, manually reset your router (flash the firmware if possible) set all new passwords and SSID's. If your ISP will change the IP address you should do that do.
6: Once this is done, use a brand new external drive (formatted HFS+ Journaled) and use the free Carbon Copy Cloner to clone this pristine OS X version to the external drive. CCC makes the external drive hold option bootable, test it out and Disk Utility repair permissions on both. Once your happy, disconnect this external drive and only hook it up to a Mac to clone again. If you get infected, c boot off the installer disk and Disk Utility Zero the hard drive again before hooking up the clone or the clone will get infected. Again, don't hook up a clone to a infected Mac, boot from the insteller disk and Erase the drive first.
7: Install a anti-malware program of some sort (not Norton) that you can scan files with and scan all outside media that was in contact with the infected machine, return files you have deemed safe.
8: If you have TimeMachine, simply reformat the drive with Zero Erase procedures and then start over with new TM again.
My above steps are considerable amount of work, you are rebuilding your drive of everything you use, sorry, that's the pain for giving malware your Admin password.
If it's too hard for you, perhaps you should have a professional look at doing it for you.
Malware is rare on a Mac, it doesn't occur often. Better be safe than sorry for the next 5-7 years until you buy a new Mac.
Remember all the personal data, banking sites, passwords and files you have on your computer, decide if it's worth risking or not.