Removing all windows emulation programs

Question: how do I remove all the application that emulate a Microsoft Windows environment? Does anyone know of a site that list all the available MAC software that runs natively on MAC OS X, does not use an windows emulator? I migrated form SUSE Linux, which I used for about 2 years. It is still better then MAC OS X but hardware support is terrible. I was attacked and infected by a malicious web site claiming I had opened a illegal web page and was now being tracked by the CIA. It claimed I had pay a fine to have the infection removed. I am certain this got in through a windows script or EXE while I was using Firefox. I have removed all traces of Parallels which was running at the time of the infection. I have since recovered thanks to time machine. However I want to remove all the applications that allow a windows based program to run on the MAC OS. Warning to all MAC users; running emulation software on your PC will probably result in being infected if you surf the web.

Mac mini, OS X Mavericks (10.9)

Posted on Dec 13, 2013 6:16 PM

Reply
8 replies

Dec 13, 2013 6:22 PM in response to Tubewizard

SUSE is a valid OS, but I agree that searching for the exact correct device driver for the exact hardware (especially graphics) you have is difficult. Which is why I have to respect OSX because despite its "limited support", it is very stable in supporting the specially selected hardware in Apple systems.


Software that natively runs Windows software *must* be installed intentionally ... Parallels, Wine, BooCamp. Also Windows viruses do not run in OSX ... different OS.


As to the "emulation environments" being vulnerable to Windows viruses, you are right. That is why all smart people who help here advise adding some Windows anti-virus in emulation environments.

Dec 13, 2013 10:29 PM in response to Tubewizard

When you remove Windows virtualization applications, be sure you don't do it manually (by throwing stuff in the Trash). Use the application's official uninstaller whenever possible! The reason is that virtualizers often install kernel extensions and other files in the various system support folders that you won't easily find just by looking around.


Just nitpicking here, but technically Macs no longer run "emulation" programs ever since Macs went Intel. Because the processor is now native, it's referred to as "virtualization."


I don't know of an official list, but some of the most common ones are Parallels Desktop, VMWare Fusion, VirtualBox, and Crossover.

Tubewizard wrote:


Warning to all MAC users; running emulation software on your PC will probably result in being infected if you surf the web.

Again technically that is not completely correct. A Windows virus can certainly infect a virtual machine, but if it is written for Windows it cannot run on OS X and therefore cannot install itself into and damage OS X.


There are ways that a Windows virus can trash parts of a Mac disk when run from a Windows virtual machine. For example, if you allowed the Windows virtual machine to have write access to one or more OS X folders, when Windows is running the virus could erase or damage files in those folders. But that's not the same as infecting OS X.

Dec 17, 2013 3:23 AM in response to Tubewizard

I was attacked and infected by a malicious web site claiming I had opened a illegal web page and was now being tracked by the CIA. It claimed I had pay a fine to have the infection removed. I am certain this got in through a windows script or EXE


First, note that there's not a Windows script or .exe on the planet that can infect a Mac. Even if you manage to make it run in emulation, it still can't infect your Mac. It's simply not built to do so, and in most cases has limited to no access to the Mac file system anyway.


Second, that web page you encountered is not malware of any kind. It is simply a web-based scam that uses nothing more than JavaScript to prevent you from easily navigating away from the site. Once you're off that page, you're fine... there are no lingering effects, and no malware to be removed. See the following description of one variant of this scam:


FBI ransomware “virus” rampant

Dec 17, 2013 9:49 PM in response to Tubewizard

Tubewizard wrote:


Maybe I was never very clear. I want to remove any software from my Mac mini (Mavericks) that can execute an EXE or windows/msdos script file. I have indentified the following:

wine

X11

Xquartz


How do I remove these and any other programs that can run an EXE?

There is no single way because it depends on how each individual program is set up by its developers. You may be able to uninstall some by dragging to the trash, you may be able to run an uninstaller, but because those apps all come from different developers, to know for sure you should look up the installation/uninstallation notes for every title you come across.

Dec 19, 2013 6:35 AM in response to Network 23

I ran SUSE Linux for several years and it was very simple to remove or reinstall any software. You could even roll the kernel back to the previous revision. The program was called YAST and I was hoping Apple had a similar installer application. To expand on my MAC mini infection; the malware infected my kernel which was using 1.6GB of memory and constantly scanning my hard disk. Good thing I have a hard drive (which makes noise when in use) or I would have never noticed anything. Does anyone know how much memory the kernel normally uses? I took it to the genius bar at the apple store and the technician told me there was nothing he could do. I had to do a complete reinstall. This all started after Firefox was locked up by the ransom web page virus. I believe Firefox runs on the MAC OS using WINE or some other emulator. This is why I want to remove any type of windows emulator or virtualizing software. I have seen this page again while using safari and nothing happen, other then the browser locking up.

Dec 19, 2013 10:48 AM in response to Tubewizard

The kernel_task process can frequently use a lot of RAM. It's one of the core processes of Mac OS X, and generally the one that uses the most RAM. My kernel_task process is currently using 700 MB and I just rebooted yesterday. I've seen it go as high as a little over 1 GB.


None of what you describe is a symptom of malware. I'm not sure whether you're actually having performance issues or not... if you are, see my Mac Performance Guide for some potential fixes. If you're just looking at numbers in Activity Monitor and spooking yourself, don't do that.


Regarding Firefox, it is certainly not run using WINE on Mac OS X. It is a native Mac OS X app.

Dec 23, 2013 5:41 PM in response to thomas_r.

I was having performance issues mostly when booting as shutting down. When new my Mac mini took about 15 seconds to boot and 5 seconds to shut down. After the attack it took about 2 minutes to boot and about 5 minutes to shout down. Apple was not able to fix this, hence the time machine roll back which did fix this. It is is a little slower then when it was new.


Well using time machine apparently did not solve the disk scanning problem. Does anyone know how to determine which program is accessing the hard drive? Is there anyway to tell if my harddrive is failing? Something is continually reading and writing data to the hard drive and using the network while I have all my application closed.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Removing all windows emulation programs

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.