Today I will document the interminable, ridiculous process of removing the infamous MacKeeper Trogran. I'm working on a macbook pro 2,1. Its running Mavericks 10.7.5 and has been completely hijacked by a highly resilient piece of malware. Oddly enough, this is one of the most difficult projects I've ever taken on. Perhaps it is not so odd, considering I don't have as much experience working on Apple computers as I do on Linux & Windows PC's and Android phones. I will now document the situation:
My client has an older Macbook Pro (version 2,1). It is a pretty rugged device, and probably would be still be working great is some simple, pre-emptive failsafe measures were used. Unfortunately, (and rather incredibly, considering this is 'bugproof' Apple...yeah right) my client did not use these tools, as she is not super tech-savy, and Macs are notorious for not getting fd up, like Windows PC's do. In other words, my client purchased this computer (used, with no recovery discs), specifically to avoid these malware situations that have followed her around throughout her life.
Some of the pre-emptive measures that should/could/would have been in use are:
- Using time machine restore points (Apple's main user recovery thing)
- Setting basic security settings like enabling the firewall, etc...
- Or even setting an administrative password (!!!) to lock the system down.
- Removing the MacKeeper Trogran. I followed several tutorials, including this one, to no avail. I did manage to (on the surface, anyway) remove the program except it still somehow is hijacking Safari, no matter what I do.
- Burning a Maveriks installer to USB and booting to that in attempt to wipe the system. It won't boot. This is when I started to learn about the
joys ofstructure of an EFI boot system, and the lack of BIOS on these machines... - Using all of my BASH knowledge to hunt the f***er down and extract it from the root. This thing is a little devil. It changes PID's every millisecond, and seems to guess what I'm thinking before I even know myself.
- Various built in options, about 10 hours of research, to no avail, so I...
- Asked for help on the macrumors.com forum, and finally got some answers that made a little sense:
Hi, I am new to the mac world in general and am currently trying to fix a friends macbook pro. It's an old one, the 2,1 edition:##--- post from Nov 22, 2014, 02:53 PM -- ##
There is no recovery partition and I don't have any backup disks. It is running Maveriks 2.7.5 and I cannot find a copy. I would assume Apple would help me out here because obviously the system was purchased at some point, since every new mac has OSX on it. I'm from the Linux world and am struggling despite mac's similarities to the linux kernel. I tried making a Maveriks USB flash drive with a later edition. I also have a 2008 iMac running Yosemite. Can anyone please point me in the right direction?Code:Hardware Overview: Model Name: MacBook Model Identifier: MacBook2,1 Processor Name: Intel Core 2 Duo Processor Speed: 2.16 GHz Number of Processors: 1 Total Number of Cores: 2 L2 Cache: 4 MB Memory: 2 GB Bus Speed: 667 MHz Boot ROM Version: MB21.00A5.B07 SMC Version (system): 1.17f0
My friend got the infamous "mackeeper" virus and I've successfully removed it except it still hijacks Safari, no matter what I do. I need to reinstall the OS. Other people seem to have this problem too. What is the next step? Should I contact Apple or a boot disc..?
Any help would be appreciated. I can't get it to boot to a USB disc I made with my iMac. Thanks.
Originally Posted by linuxjustworks
- [1] What exactly is a 'faff'?
[2] I read somewhere that "downgrading" OSX can make things messy, but in this case it should work okay?
[3] Isn't Snow Leopard Server Edition available for free download, and could I use that? As long as I can get the computer to boot & it's secure I will be hapy. Is Snow Leopard available on a 64 bit architecture (& for free)?
[4] So Apple will sell me a Mountain Lion boot disc for $20? That sounds like the best option, would you agree? I can do the rest as long as I can get it to boot.
[5] Can you tell me all the different boot options? Example, I thought either 'alt' or "alt+R" is recovery, but does that vary from model to model? So holding "C" (without or with alt?) boots to opticial drive, correct?
[6] We have no time machine backups or other backups whatsoever, or recovery partition, and my friend is fine with having to manually redownload everything. Is that ok?
[7] Is there a service manual somewhere online for this machine? I have repaired countless Linux/Windows PC's and never had such a hard time doing things like getting into the BIOS and booting to external media, so a service manual would be very useful...
Once again, thank you for your answer. This is enough information for me to get started in the right direction. Truly appreciated.
I read your OP and you must be mixing things up quite a bit. The computer cannot be running OS X 10.9 Mavericks and not have a recovery partition. That gets installed along with the OS whether you like it or not. Same goes goes for any OS X version later than(and including) 10.7 Lion.##------END QUOTE------##
Thus, with no recovery partition present, the computer is most likely running 10.4 Tiger(which it originallly came with), 10.5 Leopard or 10.6 Snow Leopard.
With that said, here's your questions, answered to the best of my knowledge.
1. Not a clue.
2. That CAN be true, if you try to install it overtop an existing installation. A good rule of thumb for Macs is that you cannot install an OS X version that is earlier than the one it came with. So basically, for that computer, anything later than 10.4.X (can't remember exactly which one it was for that model) will install fine. Support for such an old computer was dropped in Lion (10.7) I believe, you should check Apple's website for that. If you erase the disk and start from scratch, downgrading OS X will not be a problem.
3. No version of Snow Leopard was ever free. Snow Leopard is a 32 and 64bit hybrid. It can run 64 bit apps even when booted in 32 bit mode. Since the computer you are speaking of can only address 3.25GB of RAM, 64 bit doesn't matter one bit.
4. Lion was a downloadable app on the App store, you cannot get a physical disc for it, there never was one. You can probably still get 10.6 Snow Leopard retail discs.
5. CMD+R is the correct keystroke, not ALT. That could be why you're not seeing any recovery. Alternatively, you can hold the Option (ALT) key (alone) during bootup to see the boot options to it. If there is a recovery partition, it will be listed there.
6. Sure. Just make sure you give a sharp whap to the back of the head of your friend for not keeping backups for me, that is just begging for lost data. All hard drives eventually die.
7. There was one that came with the machine. You will not find instructions regarding the BIOS as Macs do not have one. They've been running EFI since the switch to Intel so there isn't much you can do on that front as the EFI is locked down nice and tight.
Your friend should have recovery discs though, they are the grey discs that came with the machine. Unless he/she threw out all the packaging and its content, he/she still has them.
So, I think I have finally obtained some useful information! It appears that I have a few options, none of which are ideal...
- Re-Purchase OSX (thanks Apple) in the form of an optical boot disc
- Pirate it because f*** that if at all possible, considering OSX was obviously purchase at one point (you can't even buy an Apple computer without OSX installed)
- Hire Apple to fix it. Umm nope... (why does this always lead to giving Apple more money for software that has already been paid for, and didn't even work?!?)
And if all else fails, I will submit and end up purchasing a recovery disk from Apple... more coming later after I see what comes next. If you have any advice for me, please comment or email me! That would be great. I'll post part II when I fix this damn thing.
No comments:
Post a Comment