User profile for user: Royal Cascadian
Royal Cascadian Author
User level: Level 1
17 points

Malware has setup a hidden partition

Malware has setup a hidden 70 gig partition. The only way I found it was to save a web page as a pdf and it asked where. Under possible locations a "k" drive was an option. I then reset the computer to see hidden devices and hidden files. I found a 70 gig drive hidden. It seems to have been activated on May 14th. I can't unmount or eject from the sidebar.It's not allowing me to do anything with it because I don't have permission. I downloaded the flashback security file from Apple and it says that my drive doesn't meet the requirements for this update.


How do I get the permission to get this off and how do I get it off?

Mac mini, OS X Mountain Lion (10.8.3)

Posted on May 27, 2013 9:55 AM

Reply
55 replies
User profile for user: Royal Cascadian
Royal Cascadian Author
User level: Level 1
17 points

Jun 3, 2013 3:46 PM in response to putnik

I'm about to start on the disk utilitiy, but I've got to say that it's very frustraing and very discouraging to do anything when I'm told it's ME who just renamed my own machine without knowing I did. It would be a lot more encouraging if I wasn't dismissed as just someone who doesn't understand Mac's. I wonder how many other people have this happen to them. I should note on the Microsoft support forums the very first reply was a huge detailed list of what to do and nothing about it being me. I expected more from Apple than from Microsft.


I reinstalled OSX but the downloaded flash player is still there and now Chrome opens on start up. Which I didn't do since I don't know how or why I would. In addition, I reinstalled Firefox but when I did and it told me to quit Firefox, I did. And it still asked to shut down Firefox even though it wasn't open or on. I did this twice and both times it kept telling to quit Firefox even though it wasn't on. Which leads me to believe the malware has infected my browsers and has started to rewrite code on my machine.


I'm also working on my PC at the same time which is completely taken over, so this will take a little bit to work through but I will reply with the results of the terminal/disk utility.


Thanks for everyone who has given me advice, I really appreciate it.

Reply
User profile for user: Royal Cascadian
Royal Cascadian Author
User level: Level 1
17 points

Jun 25, 2013 12:42 PM in response to Csound1

Thanks for the suggestion of installing over an earased drive. The problem is there isn't an option to erase the drive. On the 3rd page I have taken photos of the reinstall options. Erease isn't one of them. I asked what to do, but no had an answer. So, I just reinstalled it. But I've got to say that didnt' seem like it would fix the deeply inbedded scripts from just being passed along. Espeicially if it keeps downloaded installed programs on the HD. How much could it "fix" if it doesn't change programs?


I know this is malware.


The links on these types of pages are what wold of downloaded. If you spend your time looking for malware here's a great place to start looking.http://firstrowus.eu/watch/192733/2/watch-mali-vs-greece---u20,-wct-2013.html


Thomas Reed, please don't respond to this thread. You only add to the frustration and the "it's me" not malware issue. If you don't want to believe me, then just stay off this. If you want to take me seriously, then add something that isn't directed to the dumb user being dumb. It's insulting and given what I'm dealing with almost as bad as the malware itself


I have a trackpad and a slight glancing touch is all that is needed to start downloading something. It's not just someone sitting at a desk with a mouse being deliberate with every single click.


When I tried to update Firefox it asked to close it. I did and it still said it was open. That to me says that a version is running in the background to track and follow. And it won't update to the new version. That isn't normal and it's exactly what malware would do. Additionally Chrome has been set internally (not by me) to open on start. Most llikely malware resetting my computer to it's directions, which is what malware does.


All want to do is start over for everything on HD, which I still don't believe will remove these programs, as they would write themselves into being protected from something as easy as reinstall. Just like PC's. But that seems to be the best that Macs can do.

So, What do I do to erase my HD? Please read my post and question on the 3rd page to help me. Thanks.

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Jun 25, 2013 2:30 PM in response to Royal Cascadian

Thanks for the suggestion of installing over an earased drive. The problem is there isn't an option to erase the drive.


You don't erase the drive from the installer, you have to use Disk Utility. What you did will not do the trick, it simply reinstalls over the old system, leaving everything else you have installed in place. See the link in my last post on this topic for explicit instructions.


Thomas Reed, please don't respond to this thread. You only add to the frustration and the "it's me" not malware issue. If you don't want to believe me, then just stay off this. If you want to take me seriously, then add something that isn't directed to the dumb user being dumb.


I never said anything about you being a "dumb user," and it's not that I don't believe what you're saying, I'm just trying to get you to understand why you are misinterpreting what you're seeing. It's not malware. However, at this point, the attitude you're showing means that I will grant your wish. This will be my last reponse to you on this topic.

Reply
User profile for user: Royal Cascadian
Royal Cascadian Author
User level: Level 1
17 points

Dec 16, 2013 6:59 PM in response to Royal Cascadian

So, now I'm unable to open disk utility and erase during start up. Additionally there are now 6 different users with admin privileges. 2 of which have made many hidden files locked while giving them "read and write" privileges.
User uploaded fileUser uploaded file

User uploaded file

This is what my User list looks like in preferences.

User uploaded file

I can't even add files from a usb or external drive.


Now that someone else has hidden and higher admin privilidges than me, how do you erase a drive that you can't access disk utility during start up?

Reply
User profile for user: coldair
coldair
User level: Level 1
10 points

Jan 11, 2014 7:23 AM in response to Royal Cascadian

did you ever solve this? I have macbook pro with a 500 gig SSD that only shows I have a total of 179 gigs of drive space after a maleware attack that occurred around 10-19 that also infected by 8 tb NAS and my 2 window machines on the network. I was able to get rid of the maleware on the pc with the help of some fine folks over at bleeping computer dot com but no help on getting rid of it on the mac. yeah I know that mac's don't get attacked but that is BS


some of my of other symptoms are all emails from 2013 have been deleted, large amounts of pictures are missing, like over 130 gigs. plus there is a hidden account set up with my first name only that I can't access. notes have been scrambled or deleted. my NAS is loaded with empty folders and apple double files, even in window's folders. its a mess and the apple community seems to stand on the idea that macs will not get attacked and not work to find a solution

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Jan 11, 2014 11:13 AM in response to coldair

I would advise you to start a new topic, rather than tacking onto this one. It's not fair to the originator of this topic to divert it with your own concerns that don't sound related to his.


It's very unlikely that the problems you describe are due to malware on the Mac, but we'll need further details before we can say anything for sure. Provide all the details on your new topic, without interpretation of how you think those problems were caused. Be sure to be specific - for example, where were these pictures stored that are now missing, what e-mail service are you dealing with, etc. It could be that one or more of your online accounts have been hacked, but again, nothing can be said definitively without additional information.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,233 points

Jan 11, 2014 11:32 PM in response to coldair

Please give us a link to your new topic so we can follow along in case it is something new, but it sound a lot like someone was able to hack into your computer either from having used the PC malware to find the Mac on your network or by physically accessing it while you were away. Another possibility is hard drive failure, but with all the issues with the NAS and windows machine it seems less likely.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Malware has setup a hidden partition

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up