My macbook pro has a virus/trojan that is resetting the EFI via apci and it is getting root access privileges. It seems to be creating multiple aliases that bundle with rogue apps and preferences so it is very difficult to control or fix. Please help..

java-attack wrote:

I thought I was very specific in my first explanation about when I completly wipe my Mac setup an Admin Account, put every security measure in place and don't put an info about my iCloud account, don't login to iTunes nor the APP Store in the Admin account and then create a Standard Account.

Try this - stop being so paranoid. Don't wipe anything. Whatever you were doing before to "secure" your machine - stop doing it.

This APP downloads without me clicking on it, giving it Admin permission and the box for Permission that pops up is one that looks different than the typical Mac Box that would ask for permission of chaning settings or installing software in a Standard Account. This box says "storeagent is attempting to download software to your computer" and next to this storeagent is a grey box with the green letter "exec" It doesn't matter if choose cancel, OK or simply ignore it the Mountain APP still downloads.

That dialog sounds like something that LittleSnitch might display. However, Little Snitch would only display that if it were horribly misconfigured.

If you are installing Little Snitch or any other kind of "security" or "clean up" software, then stop doing that. Macs don't need any of that. There are a handful of legitiate security tools like Little Snitch and a couple of legitimate antivirus tools like Sophos or Norton, but the other 99% of it is just scamware that will do more damage than harm. Your machine will work perfectly fine without any of it.

If you really want to see what is going on with your system, try running EtreCheck. Download EtreCheck from http://www.etresoft.com/etrecheck, run it, and paste the results here.

Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

Hey Etersoft...

Thanks for the recommendation with the software. With the the past couple reinstalls I have only setup an Admin and Standard account and the basic security items toggled on that come with Mac. I definately agree that most of the 3rd party or APP Store security software is certainly not going to help and as you said might cause harm or certainly do nothing to help.

Again.. thanks for the recommendation and in the next day or two I will be certain to check this out as I have this form page bookmarked!

Thanks!

I have looked at that APP, the crazy thing is that I never purchased it and I have never seen it in the upper right hand corner with other items I have had installed previously.

That would suggest that it has never run and it was not placed in the Login Items for the User.

Hey xnav,

Thanks for the reply, no it certainly was never put in the login items. I have been meaning to throw up a screenshot of what I am talking about however I am typing this away from home.

I guess my main worry with this situation is two fold:

1. Why does this paricular APP download automatically wihtout me clicking on it or entering any Admin credentials to allow a software install and also like every other APP in the Mac Store why doesn't it pop up with the Mac Store icon "You know the Blue A" and ask for Admin credentials, instead of the "storeagent" with the Grey Box with green EXEC inside logo?

2. Even though maybe never run and certainly not in the startup items, because it is an approved Apple Store APP, does it have the ability to install a certificate that would then open the gateway to further attacks.

Anyway I will shoot over the screenshot hopefully this weekend.

...and I am continuing to work with my Apple Certified IT Professional.

Thanks,

Mike

@ALL,

boys, I just stumbled on this very interesting thread. This IS serious!

Never seen so many capitals in one thread.

And I did not think so much time could be lost ... and I lost by reading this 5 pages... I completely understand what happened to the Samurai's EFI, but I will not tell you.. except that nbar on page 3 came closest. 😎

LexSchellings wrote:

@ALL,

boys, I just stumbled on this very interesting thread. This IS serious!

Never seen so many capitals in one thread.

You know, I have a theory that the internet would be a far more pleasant place if people understood that sarcasm and irony simply do not work they way we expect them to work, not in an online context. What say we all test that hypothesis for a while and see what happens.

😀

Samurai184

I think it's very likely I've been experiencing the same or something unbelivabley similar to what you have with respect to the EFI, malware and the boot process. Of course, as you've seen, most don't believe. I have read the article regarding the ease with wich some of this stuff can be done. It's amazing and it's happening "right under our noses" - The question is who can we get to help confirm and/or fix this probelm?

I think it's very likely I've been experiencing the same or something unbelivabley similar to what you have with respect to the EFI, malware and the boot process.

That's very unlikely.

This topic became a serious joke before it finally died. Rather than posting here, I'd strongly encourage you to start your own topic. Rather than describing what you think is causing the problem, describe the symptoms you are seeing, in as much detail as you can.

Sounds like you're a victim of...

Guys, come on... it's hard enough to talk to folks about these kinds of issues without ridicule being heaped on. Sometimes, I could probably have a productive discussion on topics like this without people constantly chiming in to make fun or bad jokes, and if a reasonable discussion isn't possible, the topic should simply be ignored and allowed to die.

Thanks for the professional response. Symptoms are too detailed and copious to explain, in this fashion anyhow. I'll do my best in an effort to be succinct: Quickly reoccurring ( over the last couple years) malware per several AV'S after the Genius Bar folks and eventually some pretty high level Apple employed Techs went through every re - imaging, re - flashing firmware " technique" possible. Apple has tried very hard to properly erase and install ( at the deepest level possible) new operating systems. Unfortunately, on all of our devices we pick up malware very quickly. We've been told they are root kitted and that's one explanation as to why they were being operated without a network connection AT ALL!! I must admit that part ( system certs being created via a hidden guest user account ) has been fixed. Although, many more, constant and hard to believe let's call " activities" for lack of a better word still seem to be a question mark. This is not just my opinion. We've paid technologists to analyze but it got far to expensive. I'm not software savvy and don't pretend to be. I'm here to look for advise and help.

The most recent professional opinion is "it's very possibly in the firmware or bios or some customized malware is somewhere else on the LAN and it's just continued to reinfect.

I've had to take our computers in for re- image and/or hard drive replacement so many times that some of the Apple employees have said, " we've never seen anything like this"

Whatever the above describes or sounds like is.... from my non- technical, non computer professional, opinion sounds very similar to some type of EFI, boot process, firmware/malware.

Who knows, It appears our best option is to simply replace all of the hardware.

Since this is not a previously popular topic I'm happy to place it elsewhere if that's the best path.

Thanks All!

For the record, this is next level comedy Snarez :)

To all the hobby-skeptics out there: learn to accept what you don't know, keep all eggs out of a single basket, and avoid this otherwise very technical discussion. Focus on something more gratifying!

Who cares anyway eh? #radBIOS4life hahaaha

If you (or one of your technical advisors) can operate a copy of `flashrom` (and the chipset on your model Mac is supported), feel free to dump the EFI flash chip and send it to me. I will take a cursory look and probably be able to tell you if there's anything out of the ordinary there.

I'm afraid there's very little that can be said from any of that. There's far too little specific detail and far too much speculation and discussion of the opinions of some "techs" (in a world where many techs couldn't find their USB ports with both hands).

There is no known malware capable of compromising the Mac's firmware. Further, it's completely normal for a Mac to gather all manner of Windows malware "cruft," either by exchanging files with Windows users or attached to junk email messages. Without knowing what specific malware your AV software found, and where, no conclusions can be drawn from that statement.

Again, I'd advise you to start your own topic. This particular topic is old and unproductive, and generated a lot of sarcastic and otherwise negative comments... you really don't want to associate yourself with it. Go back here, choose a forum and start a new topic of your own. Be sure to discuss only the specific symptoms you are seeing, concisely but in detail, and any specific details reported by anti-virus software (name of malware found, path to file identified, etc). We don't really need to know what any techs have told you, because you'll find that most of the experts here don't have a very high opinion of the average tech, myself included.

Today's announcement explains some of the troubles I've been dealing with. I'm afraid folks simply don't want to believe that Apple products are very "exposed" In my opinion.

http://www.zdnet.com/major-apple-security-flaw-patch-issued-users-open-to-mitm-a ttacks-7000026624/

I'm hopeful they release the patch for the computers and not just IOS devices very soon.

I've been suggesting MITM for a while now and most folks said ' it's not possible ". It appears our SSL security that we've counted on is not so SSL.

On to the next thread.

Best to all.