Can someone confirm the legitimacy of these "Unknown" restore images?

A new MBA can netboot from Apple's data center and install the Mac OS, even if the internal drive is completely wiped. If you have reason to suspect that your recovery partition has been tampered with, that's what you should do.

But when I boot from the Recovery Partition or the Internet recovery process, these images all get loaded up every time. I have reason to believe they're dubious

What's the basis for your fears?

That looks like a typical Recovery Boot setup. I suspect it's due to the fact the various recovery mount points are stored as compressed disk images and are uncompressed on mount (which is why you get 1.4GB of data out of a 650MB partition.

In short, I'm not worried about it. Why do you think it's wrong?

Hey man, I feel your pain as I have been going through this same exact mess for 2 years now... Exact same symptoms to the letter... I have gone through 3 macbooks in 1.5 years.. I have posted to the forums to no avail... They are clueless man... My mac turns into a managed client.. WHat was the outcome for you finally? Have you been able to fix this... Any help or guidance would be greatly appreciated... Thinking of placing a suit against them..

Thanks

Hey man, I feel your pain as I have been going through this same exact mess for 2 years now... Exact same symptoms to the letter... I have gone through 3 macbooks in 1.5 years.. I have posted to the forums to no avail... They are clueless man... My mac turns into a managed client.. WHat was the outcome for you finally? Have you been able to fix this... Any help or guidance would be greatly appreciated... Thinking of placing a suit against them..

Thanks

Apple's customer service people know very little about the real inner workings of the OS and I'm not sure what you are expecting of them. You'd have to speak to one of their DTS or engineering support people (and pay) for someone who understands any of the detail of this.

I am not an Apple staff member, but I do know quite a lot about the internals of the OS and firmware. I can confirm that those mounts you are seeing are part of a normal recovery boot. If you open up the BaseSystem.dmg on the recovery partition and look at /etc/rc.cdrom you'll see a section where it creates a bunch of RAM disks - these are virtual filesystems contained entirely in RAM that are basically used to make sure that a bunch of normal operating system services don't fail when they try to write to "disk" (e.g. for logging, etc). This is absolutely part of the normal recovery boot or boot from an install disk.

I'm not saying that you do not have a reason to be concerned for your security, or that are not other things going on with your machine, but those are most certainly normal mounts.

HAS anyone figured this out above.. and if it is only the basesystem ram disks let us know. Besides that

I have had this same problem for 8 months. It has wrecked a 17" Macbook pro, an iMac, a iBook ( 6years old) Also, same thing happened to 2 brand new mac book pros I bought this month.

First one I used wifi in another location to download all updates if necessary, and I put webroot on, and littlesnitch, but on a fairly reasonable mode.

Anyway, it seems that any time, the computer gets attacked, watching it in the Console. It looks as though it is reaching out to a remote computer rather than callin in. I have many times copied the console code to paste here, to no avail. The computer usually crashes, by slowly not alowing me access to specific applications. Like text edit, then it blocks all apps. Till the point where you no longer have access to even your system preferences, because it askes for a password, or an SecurityAgent prompt shows up saying I don't have priveledges. Even though 2 minutes before I did have privledges.

So from hard drive, to hard drive, swapping out memory, and booting externally. Using brand new retail disks, it looks as though while installing, it calls out to another source for some files. I watch it happen time and time again, after reinstalling the OS, either OS 10.6 to Mavericks or back. I watch the install logs as they look to access remote account or local filesystems that are malicious. Reason I say that, is because after it is installed, it appears to be fine, but the audio is accessed, as well as the camera. Then if left alone, the OS seems to try audio facetiming people in intervals. Now I have gone as far as removing my bluetooth chip and my WiFi to see if this could stop it. Doesn't seem to do the trick. All I am left with is possibly an EFI rewrite of some sort. I have been dealing with this since July 26 2013 when my computer was accessed, apps were uploaded to it, and all my accounts were accessed and passwords changed. (My Fault) I had same passwords for a few years, I became to confident macs didn't get rootkits or malware.... jeez was I slapped in the face with a major reality check.

Not sure what to do, I am a Senior Visual Designer that can't work from home. I can install ubuntu and it works great... just no adobe apps. Also I tried the refit efi boot maintenance, but have no clue what to do.

Well if anyone knows something, greatly appreciated.

I have had all my electronics hijacked since 2008. My macbook pro has had the exact same occurrences as described in this thread, and ultimately the system locks me by turning me into a read~only user. The techs at apple cannot resolve my issues and the managers higher up flat out deny my claims and refuse to acknowledge them. I have come to realize that every operating system is purposefully nested with military protocols to ensure that they have control over the security rights of all electronics. By the time hackers find these specific weaknesses, a new version is released. You might consider the possibility that you have been targetted by national security. My own brother became an agent just to stalk me, and nobody believes what I know is true. If you find a solution to your problems please let me know. Davidofjerusalem@gmail.com

I had the same problem and I believe this was caused because a rootKit virus....

I used the installation dvd to get into terminal, then I had to "force" unmount each of those partitions

then I converted each of those partitions into MBR and MS-DOS type because the size of the partitions where so small that it would not take the JHFS+ format

I am still not able to merge all those little partitions into a single bigger one

Can anyone please tell me if there is another way to handle this problem?

I called the apple support and not even the "senior" support guys were able to help me.

please advise,

best regards,

sysboris

hi all,

has has there been any progress on this problem? i am having the exact same problem using the latest version of osx and iOS.

i Was fortunate enough to capture logs when the computer was going nuts all by itself - scanning my network Nd updating any device hanging off it and making calls using FaceTime and activating cameras and microphones. I also have the logs when it became a creepy read only profile instead of my pwn administrative profile.

i gave my Mac to Apple who did a deep format and reinstall and ignored me when I said i had already done this and it produced the same result - the events above. their OS X version is also infected again and its back to read only mode and I'm locked out 5/10 password tries. Weird.

has a solution been found - I would really like someone to explain what my Mac is doing and if it is safe to use

EJ