User profile for user: Bails96
Bails96 Author
User level: Level 1
8 points

Malware blocking safe mode/updates/filevault

Hi there, I have run into a pesky malware that seems to be the ''Iworm'' malware that was going around in the last few years.




Problem is, it seems to be more advanced.


The malware has blocked me from performing updates, from turning file vault OFF so that i can enter safe mode (have also tried entering safe mode via the terminal but it blocks me from entering my password) and if it lets an antivirus run it won't pick up on anything. I have searched my library folder and found that I had the JavaW folder in Application Support. But there are no files in the JavaW folder it is (seemingly) empty. I have also looked through the LaunchAgents and LaunchDaemons folders and seen nothing relating to JavaW in them. In addition to this when turning on the computer it makes me log in twice and has done for quite some time. But i changed my password yesterday and the first time it asks me to log in I can only log in using my old password - and then the second password is the updated one? Im not sure whats going on with that but figured it was worth mentioning. It also won't recognise any USB devices plugged in so I can't back up my files or run an antivirus from a USB. Oh and it has blocked me from changing keyboard backlight and has locked volume off as well.


I can usually figure this stuff out but I've spent close to 24 hours straight researching but have come up empty. Any insight or help would be greatly appreciated. Please find attached my system specs.


IOS 10.11

MacBook Air (13-inch, Mid 2013)

Processor 1.3 GHz Intel Core i5

Memory 4 GB 1600 MHz DDR3
Graphics Intel HD Graphics 5000 1536 MB

MacBook Air, OS X El Capitan (10.11), null

Posted on May 8, 2016 10:29 PM

Reply
35 replies
User profile for user: appreciate
appreciate
User level: Level 4
1,278 points

May 10, 2016 12:28 AM in response to Bails96

how to enter root user a/c apple has formed the article : support.apple.com/en-in/ht204012 follow the article & if www.malwarebytes .org/antimalware/mac is installed in system scan from there it will squeeze the malware .

but its is never safe to use root a/c for a normal user do your task then log out from there always .


note : sudo commands can be executed from root user a/c not in opening terminal in normal mode . also when sudo commands are executed you have to type command on key board very carefully they will never be visible in terminal window .

also if one has executed the command how to verify that command ran successfully : it will clearly state if you type incorrectly not found or an error , so type any word ex : abc you will be able to type on key board that'll word for ex abc will be seen in terminal window .it means that command is executed successfully .


note : if one has enabled firmware password + file vault : it is impossible to enter in root user a/c or run SMC , PRAM , safe mode .

to enter in root user a/c first of all disable firmware password + file vault - IF IT IS ENABLED .

it should work .

Reply
User profile for user: appreciate
appreciate
User level: Level 4
1,278 points

May 10, 2016 2:01 AM in response to Bails96

sometimes DNS is poisoned how to flush it : support.apple.com/en-in/ht202516 . to find the address to a site , your computer asks another computer ( a so called domain name server or DNS ) which stores this information

if this DNS gives your computer the wrong address to some sites it is known as DNS poisoning . the code for DNS cache poisoning is often found in URLS sent via spam mails . these emails attempt to frighten users into clicking on the supplied URL which in turn infects the computer .

banner ads & images - both in emails & untrustworthy ( vogue ) websites - can also direct users to this code .

once poisoned , a users computer will take them to fake websites that are spoofed to look like the real thing exposing them to risks such as spyware , key loggers or worms .

to prevent DNS poisoning user should never click in link they don't recognise & regularly scan their computer for malware since poisoning could spoof web based results ( so www.malwarebytes.org/antimalware/mac is quite sufficient to eradicate malware .

DNS RESOLUTION = GREEN your computer appears to be looking up IP addresses correctly .

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Malware blocking safe mode/updates/filevault

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up