Announcement: Upgrade to macOS Mojave

With features like Dark Mode, Stacks, and four new built-in apps, macOS Mojave helps you get more out of every click. 
Find out how to upgrade to macOS Mojave > https://support.apple.com/macos/mojave

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Possible New Mac Virus?

This is really for my brother. He received a Mac Install message, and clicked on the install button on the screen, and now his Mac is in a suspended state. This was obviously not an update from Apple, but it sounds like some kind of scam. Does anyone know if this is a new type of Mac virus? I believe that his operating sytem is macOS Sierra.

iMac, OS X Mavericks (10.9.1), So far everything else seems OK.

Posted on

Reply
Question marked as Helpful

Nov 14, 2017 10:35 AM in response to tzmal In response to tzmal

If he got this via a web browser or an email, then it was definitely a SCAM


Try MalwareBytes (that and EtreCheck are the 2 trusted utilities the forum favors for dealing with this kind of thing)

<https://www.malwarebytes.org>

The free, run it manually, is all that is being suggested.


EtreCheck can be found at:

<https://discussions.apple.com/docs/DOC-6174> or <https://etrecheck.com>

Generally you post the output for the forum to review.

Question marked as Helpful

Nov 14, 2017 10:53 AM in response to JimmyCMPIT In response to JimmyCMPIT

Thanks for taking the time to include all of your input.


My brother is currently not home and his wife said that he carried the IMac downstairs so that it he can give it to his buddy when he comes over today. So I doubt that he will plug it back in.


It did sound like his choir buddy was going to run some kind of virus programs that were going to take a few hours, so God only knows what that's going to accomplish!


I will try and forward the links that you gave me to his buddy.

There’s more to the conversation

Read all replies

Page content loaded

Question marked as Helpful

Nov 14, 2017 10:35 AM in response to tzmal In response to tzmal

If he got this via a web browser or an email, then it was definitely a SCAM


Try MalwareBytes (that and EtreCheck are the 2 trusted utilities the forum favors for dealing with this kind of thing)

<https://www.malwarebytes.org>

The free, run it manually, is all that is being suggested.


EtreCheck can be found at:

<https://discussions.apple.com/docs/DOC-6174> or <https://etrecheck.com>

Generally you post the output for the forum to review.

Nov 14, 2017 10:35 AM

Reply Helpful (1)

Nov 14, 2017 6:34 AM in response to BobHarris In response to BobHarris

Thanks Bob. Right now his Mac is in a suspended state, so he is unable to even log on. A window that took up about a quarter of his screen kept popping up that identified itself as a "Mac OS install" and displayed a button for him to click and start the install. So he clicked on it! But that's my brother. When he holds the power button down to restart, a message eventually appears telling him to click on any key, but clicking on any key does nothing. I am wondering now if his keyboard is actually powered on. I'll have to ask.


At any rate, I told him to take it in to an Apple store and have them troubleshoot it, but he has some guy from the church choir that apparently is some sort of PC wiz coming over to take it to his home to work on it.

Nov 14, 2017 6:34 AM

Reply Helpful

Nov 14, 2017 7:00 AM in response to tzmal In response to tzmal

you don't want that. I work for corporations using both Windows "PC's" and Macs and they are intergalactically different in how to approach them from a software issue. There are NO Mac virus in the wild - none - any credible securities lab in the world will attest to that. If you start putting "Windows credible" AV product on your mac you will seriously screw up that Mac. any 3rd party cleanup garbage and again your screwed as well. There are about 2 3rd party packages that are any good and Bob mentioned them both. NEVER use a windows mindset to administrate and protect your Mac. Do not use your mac to detect windows virus (2nd defense - horrifyingly bad idea) and do not use AV on a Mac which is totally slap-dash crap from vendors who would rather make up stats and cause you problems to sell you their useless garbage or add space and give you software that has been documented on these forums ad nauseam to cause problems and fix nothing.

Best software defense: Keep your system up-to-date with patches from Apple.


for now; force quit the browser.

How to force an app to quit - Apple Support


if it's Safari you need to relaunch it holding down the SHIFT key, if it's something else you should check the support page on how to do that mac. once you do that follow bobs advice to the letter and hold of on the PC Wiz kid before you get yourself into a Windows quagmire.


if you cant get the system to respond to anything see these instructions:

Disconnect all external devices (except keyboard, mouse or video if you are not on a a laptop, imac, etc.)

reset the smc

https://support.apple.com/en-us/HT201295


reset the NVRAM

How to reset NVRAM on your Mac - Apple Support


then boot into safe mode

https://support.apple.com/en-us/HT201262


then reboot normally with devices disconnected - then proceed with Bob's instructions if you have not done so already.

Nov 14, 2017 7:00 AM

Reply Helpful

Nov 14, 2017 7:40 AM in response to tzmal In response to tzmal

If he has a backup and the above doesn't work, boot to the Recovery Volume (command - R on a restart). Run Disk Utility/First Aid. Reformat the drive using Disk Utility/Erase Mac OS Extended (Journaled), then click the Option button and select GUID. Quit Disk Utility, then re-install the OS.


OS X Recovery


OS X Recovery (2)



When you reboot, use Setup Assistant to restore your data.

Nov 14, 2017 7:40 AM

Reply Helpful
Question marked as Helpful

Nov 14, 2017 10:53 AM in response to JimmyCMPIT In response to JimmyCMPIT

Thanks for taking the time to include all of your input.


My brother is currently not home and his wife said that he carried the IMac downstairs so that it he can give it to his buddy when he comes over today. So I doubt that he will plug it back in.


It did sound like his choir buddy was going to run some kind of virus programs that were going to take a few hours, so God only knows what that's going to accomplish!


I will try and forward the links that you gave me to his buddy.

Nov 14, 2017 10:53 AM

Reply Helpful (1)

Nov 14, 2017 12:49 PM in response to tzmal In response to tzmal

avoid the AV at all costs. If your friend/whoever want's to dismiss my claims that's fine, however this forum has a long list of users who reported systems that were either a little flakey or outright panicking (thats the OS X equivalent of BSOD) and in cases where a singe or multiple instance of any/all commercial virus product known to mankind was installed - and the issue could be traced back to that.

Just check these forums for cases, they are prevalent.

Malwarebytes for mac and etrecheck are the only packages that combat malware do not fall into this category AFAIKT. And AV products for mac do a TERRIBLE job of finding malware. Again; no virus for OS X, but yes on Malware and Adware which Mac AV products cant find and which do not appear anywhere near the variations that Windows has to put up with.

Nov 14, 2017 12:49 PM

Reply Helpful
User profile for user: tzmal

Question: Possible New Mac Virus?