Q: My macbook pro has a virus/trojan that is resetting the EFI via apci and it is getting root access privileges. It seems to be creating multiple aliases that bundle with rogue apps and preferences so it is very difficult to control or fix. Please help..

Hey xnav,

Thanks for the reply, no it certainly was never put in the login items.  I have been meaning to throw up a screenshot of what I am talking about however I am typing this away from home.

I guess my main worry with this situation is two fold:

1. Why does this paricular APP download automatically wihtout me clicking on it or entering any Admin credentials to allow a software install and also like every other APP in the Mac Store why doesn't it pop up with the Mac Store icon "You know the Blue A" and ask for Admin credentials, instead of the "storeagent" with the Grey Box with green EXEC inside logo?

2. Even though maybe never run and certainly not in the startup items, because it is an approved Apple Store APP, does it have the ability to install a certificate that would then open the gateway to further attacks.

Anyway I will shoot over the screenshot hopefully this weekend.

...and I am continuing to work with my Apple Certified IT Professional.

Thanks,

Mike

Anyway I will shoot over the screenshot hopefully this weekend.

You should start a new thread.

I might do that as I know this one started off with some sort of EFI trojan claim.  Who knows anyway I figured I would drop the screenshot in, to give people a better idea of what is happening...

Maybe I will start a new Thread as well with the original statement I wrote along with this screenshot...

Thanks guys!

@ALL,

boys, I just stumbled on this very interesting thread. This IS serious!

Never seen so many capitals in one thread.

And I did not think so much time could be lost ... and I lost by reading this 5 pages... I completely understand what happened to the Samurai's EFI, but I will not tell you.. except that nbar on page 3 came closest.

LexSchellings wrote:

 

@ALL,

boys, I just stumbled on this very interesting thread. This IS serious!

Never seen so many capitals in one thread.

You know, I have a theory that the internet would be a far more pleasant place if people understood that sarcasm and irony simply do not work they way we expect them to work, not in an online context. What say we all test that hypothesis for a while and see what happens.

OK, this thread is the example

Samurai184

I think it's very likely I've been experiencing the same or something unbelivabley similar to what you have with respect to the EFI, malware and the boot process. Of course, as you've seen, most don't believe. I have read the article regarding the ease with wich some of this stuff can be done. It's amazing and it's happening "right under our noses" - The question is who can we get to help confirm and/or fix this probelm?

I think it's very likely I've been experiencing the same or something unbelivabley similar to what you have with respect to the EFI, malware and the boot process.

That's very unlikely.

This topic became a serious joke before it finally died. Rather than posting here, I'd strongly encourage you to start your own topic. Rather than describing what you think is causing the problem, describe the symptoms you are seeing, in as much detail as you can.

Sounds like you're a victim of...

Guys, come on... it's hard enough to talk to folks about these kinds of issues without ridicule being heaped on. Sometimes, I could probably have a productive discussion on topics like this without people constantly chiming in to make fun or bad jokes, and if a reasonable discussion isn't possible, the topic should simply be ignored and allowed to die.

Thanks for the professional response. Symptoms are too detailed and copious to explain, in this fashion anyhow.  I'll do my best in an effort to be succinct: Quickly reoccurring ( over the last couple years) malware per several AV'S after the Genius Bar folks and eventually some pretty high level Apple employed Techs went through every re - imaging, re - flashing firmware " technique" possible. Apple has tried very hard to properly erase and install ( at the deepest level possible) new operating systems. Unfortunately, on all of our devices we pick up malware very quickly. We've been told they are root kitted and that's one explanation as to why they were being operated without a network connection AT ALL!! I must admit that part ( system certs being created via a hidden guest user account ) has been fixed. Although, many more, constant and hard to believe let's call " activities" for lack of a better word still seem to be a question mark. This is not just my opinion. We've paid technologists to analyze but it got far to expensive. I'm not software savvy and don't pretend to be. I'm here to look for advise and help.

The most recent professional opinion is "it's very possibly in the firmware or bios or some customized malware is somewhere else on the LAN and it's just continued to reinfect.

I've had to take our computers in for re- image and/or hard drive replacement so many times that some of the Apple employees have said, " we've never seen anything like this"

Whatever the above describes or sounds like is.... from my non- technical, non computer professional, opinion sounds very similar to some type of EFI, boot process, firmware/malware.

Who knows, It appears our best option is to simply replace all of the hardware.

Since this is not a previously popular topic I'm happy to place it elsewhere if that's the best path.

Thanks All!

Thanks Thomas -:)

For the record, this is next level comedy Snarez :)

To all the hobby-skeptics out there: learn to accept what you don't know, keep all eggs out of a single basket, and avoid this otherwise very technical discussion. Focus on something more gratifying!

Who cares anyway eh? #radBIOS4life hahaaha

If you (or one of your technical advisors) can operate a copy of `flashrom` (and the chipset on your model Mac is supported), feel free to dump the EFI flash chip and send it to me. I will take a cursory look and probably be able to tell you if there's anything out of the ordinary there.

I'm afraid there's very little that can be said from any of that. There's far too little specific detail and far too much speculation and discussion of the opinions of some "techs" (in a world where many techs couldn't find their USB ports with both hands).

There is no known malware capable of compromising the Mac's firmware. Further, it's completely normal for a Mac to gather all manner of Windows malware "cruft," either by exchanging files with Windows users or attached to junk email messages. Without knowing what specific malware your AV software found, and where, no conclusions can be drawn from that statement.

Again, I'd advise you to start your own topic. This particular topic is old and unproductive, and generated a lot of sarcastic and otherwise negative comments... you really don't want to associate yourself with it. Go back here, choose a forum and start a new topic of your own. Be sure to discuss only the specific symptoms you are seeing, concisely but in detail, and any specific details reported by anti-virus software (name of malware found, path to file identified, etc). We don't really need to know what any techs have told you, because you'll find that most of the experts here don't have a very high opinion of the average tech, myself included.