I have a very persistent and troublesome rootkit in both my macbook and iPhone.

To get to the bottom of this, let me explain how it got there. A guy driving around my neighborhood, was hacking peoples WiFi, cell phone signals and such from his car. he would stop and try to break into a system. My neighbor caught him and reported him to the police, I actually saw him first trying to break into my system through my logs, then actually building stuff in upper memory and he also loaded bots into my MacBook.

These bots pushed a sandbox all the way to just about 5 seconds from when my macbook starts up. They also installed several things named "mac buddy", "mini buddy" and even one called "buddy" I have also seen one called "RT Buddy".

Once their bots have a setup, they appear to call out marco? not sure if this is the bots or something in the ios! I avoided this hacker until I left and he broke into my house, then I do not know what he did! but I do know what he looks like (too bad for him!) I did several things to keep their server from running properly and it seems to have worked.

Just last week, I took the macbook into the apple store and they tested the hard drive. the bots had corrupted my user account. they fixed it, everything came back the way it is supposed to be and all seemed fine for then.

The Apple store even got the malware stopped and I was good to go. then while I was looking at some logs, I noticed that something was wrong, immediately, it started trying to get me to log in even before the apple icon comes up. I got back into the repair section and read the install logs there, Somehow the keychain had forced the server to start up again! So I shut down again and decided to check out my other accounts on the internet. They are getting in and controlling this through facechat or some other video chat that they might install.

If you turn off video chat, chat, message in Facebook, they can not get into your system. when I checked my Facebook account, two people, both from the continent of Africa were trying to friend me. I used scripts to block these bots from taking over, they kept putting me into a folder and usually that folder went into the trash, I simply told finder to remove me from the trash, now I am stuck there again and Finder is not helping me now, because at startup, they have some corrupt bridge that forces my Anonymous account (not signed in) over the bridge and into a folder which may or may not be the trash, I doubt it since it is way before the actual sign in and in the sandbox area that the bots built. If I manage to get past that, I get a Block sign as in a circle and a slash through it not allowing me to the normal login area. before apple fixed it, I had a folder with a question mark in it. I know for a fact that Apple store fixed it, but the bots got the server back some how. I have tried several tool things to fix this and can't get one to work. now Apple store tells me that I am on my own! they do not investigate! I don't want them to investigate, I want my admin rights back!

so I need a good suggestion. I took the hard drive out. we did try to change it and somehow because the bots force it to sleep or hibernate, the setting is stored in memory. so a new hard drive will still set up the same. there is a page that claims people get stuck in this thing forever with no way out. I can prove that I got out more than once. but I need a good way to block or disable that bridge forever! it is corrupted and changed so that it forces my sign in over it before the actual sign in on my macbook. then there is a mini mirrored os in the folder and that appears to be this mac buddy. when I check my hard drive in the repair section, it shows a main hard drive as being 1s1 and me being located in 2s2 yet, I get a message that I am admin of disk 0, not allowed in 1s1 where the keychain and all reside... there is nothing listed in my area! I have no files, no admin tools and even if I change things, I still cant log into the main area. I even saw there two logging into my computer a ways back when they did this. I doubt that they even suspect the changes I made to their stuff they were trying to load into my macbook. they ended up with only 2 items because I kept taking the stuff and dealing with it when the second guy opened the back door on my macbook, it was right next to my remote login, in fact, I can not even find my remote log in anymore.

does anyone have any suggestions? I am taking python through some classes and hope that I might be able to use it to get all of this stopped. Facebook and my iCloud are now clean. so this is not getting out, my iPhone is not letting anything out. If I turn this problem over to the authorities, I am going to lose both my MacBook and iPhone for quite some if not forever! Several people have tried to hack me on Facebook and I have seen everyone since getting my Facebook cleaned up. One even threatened me if I turned in his page....

I said most of it, does anyone have any suggestions on what to try, these bots have access all the way out due to that sandbox they installed over the operating system. I still believe that my operating system is intact because they did install a sandbox over the top of it, the bots can't get below that sandbox and everything appears to be running ok, just that they have tons of ports and things opened, they also use messages, video chat and email. they do try to use cloud computing but I never set my macbook up for that.

IPhone is trying to take control, but unable to do so. I will not repeat what is going on there, only that it appears to be calling out marco... as in marco polo.... there is a password too and also one of those guys logged into my MacBook as "poweruser" I tried that but it didn't work or I put it in wrong....

I am thinking of taking just the hard drive back to apple, let them test it again. My MacBook is supposed to be running sierra, but I think it is still El Cap, at least that is what I saw when I looked through the logs, old old files from the first few weeks when I got this computer...

I have also resorted to other ways of surfing as well. another thing to note about this rootkit, it uses tor and also a VPN to hide it's activities, it also tunnels through. although, I have found a way of finding out where it has gone to... that was the easy part. finding where it goes and securing that section. That's why I think these bots do not touch the actual OS, they do corrupt those things they need out of the way, like my user account! I'm not even sure that since my account is corrupt, that I could fix it myself.

Another thing, putting an account in the trash, stops the trash from being emptied. but if the account is removed, you can easily move these bots (actual files running under the "Automator") and what they need to run into the trash! One of these bots usually broadcasts to the others what they need, when you shut them down... they tend to call out for ====SUPPORT==== and ====BOSS====. That is how those two ended up at my house, somehow that message got out when I didn't think it could get out.

Any suggestions or theories on this would be much appreciated. I'm sure that the Apple store took a sample of this since it was completely shut down, I can only hope that a fix or at the very least, a block will come out soon. One of these guys that broke in also did something to icloud keychain. I never logged into iCloud to have a keychain there, but somehow I do have it.