Malware Removal for MacBook Pro

Morning all,

My partners MacBook Pro (A1502 EMC 2835) has come up with a warning for a Trojan Horse_BO8DF831059 which needs to be removed.  Not being particularly Mac savvy, could someone point me in the right direction of a decent bit of malware removal please?

It will be just a pop-up window from a bogus website. Do not under any circumstance install anything that describes itself as malware software on a mac, totally un-needed and will do more harm than good.

https://forums.malwarebytes.com/topic/292907-trojan-b08df8310/

will do more harm than good.

I’d say there’s no harm in installing the free version of Malwarebytes and getting it to do a scan.

A photo of the message might help, but almost certainly this:

It will be just a pop-up window from a bogus website.

I’d say there’s no harm in installing the free version of Malwarebytes and getting it to do a scan.

100% unnecessary – anti-virus/malware has been built into to OSX for many years and is always working in the background. The best (indeed, only) thing you need to do is make sure you keep OSX up-to-date. (aside from generally practising good internet hygiene – not going to dodgy websites or running dodgy downloaded apps etc!!)

^^^ two different quotes got mangled together there, but you get the idea!! 🙂

Thanks for the advise, I’ve advised her to download malwarebytes and run that alongside any onboard anti virus she has with it and see what comes up.

Its a bit tricky as she is even less tech savvy than me and we don’t live together so having to try to help via WhatsApp while at work isn’t the easiest lol

I’ve advised her to download malwarebytes and run that alongside any onboard anti virus she has with it and see what comes up.

I don’t think that’s going to do anything. What she is seeing is a rouge notification from a dodgy website. She needs to block notifications from that website.
When people have mentioned built-in anti-malware that might have given the impression that the OS can/will pop up warning messages, and that is what she is seeing. It doesn’t.

I’ve advised her to download malwarebytes

Careful with this, as per the last thread on this sort of thing. My ex FiL downloaded the “antivirus” proposed by the pop up.

So, yeah. That was fun to fix.
More than once.

I’d say there’s no harm in installing the free version of Malwarebytes and getting it to do a scan.

Agreed, it may give some reassurance. I’ve used it on and off over the many years I’ve been on Mac. It’s never found a thing, probably because:

100% unnecessary – anti-virus/malware has been built into to OSX for many years and is always working in the background.

It will be just a pop-up window from a bogus website.

Agreed.

Other one on a recommendation I got from this Parish was a free version of Bitdefender.

When people have mentioned built-in anti-malware that might have given the impression that the OS can/will pop up warning messages, and that is what she is seeing. It doesn’t.

Apparently, it does! (although I’ve never seen it, and this would be only when attempting to run a file, not just randomly when surfing the web!)

Apparently, it does! (although I’ve never seen it, and this would be only when attempting to run a file, not just randomly when surfing the web!)

I kinda thought as I was typing I was probably wrong! Anyway, point remains – she has no malware, it’s just a notification. Harmless but can be blocked. Don’t install anything to ‘protect’ yourself – I see another candidate has popped up :eyeroll:

So by way of update…

My OH has said she can’t locate xProtect on her Mac and can’t download Malwarebytes as this requires macOS12 onwards.  She can’t upgrade to Monterey as there isn’t enough storage so is trying to delete things she doesn’t need but not been able to instal this yet.

Now if my understanding is correct, being the slightly less luddite of the pair, this isn’t a virus as such, more of a nuisance pop up from a dodgy website and she can turn the notifications off for this.  Where would she need to go to do this please?

If this is the case, then is any of her data at risk and does she need to upgrade to Monterey?

I’m guessing the pop-up only occurs in a web-browser? If so first place to start is clear the cache for that browser.

If you are concerned about security, then upgrading to Monterey is not going to be a great help, since it is out of support so gets no security updates. You need to get it to at least Ventura, which should be updated through until Sept next year.

My OH has said she can’t locate xProtect on her Mac

There’s nothing to locate, xProtect is all OS level, background stuff. Slightly impressed you/her have even managed to find what it’s called – I’d consider myself a mac guy and I’d never heard of it. Which really should go to illustrate you don’t need to actively be engaging with xProtect to look after yourself.

can’t download Malwarebytes as this requires macOS12 onwards

Good. In case I hadn’t mentioned it, installing a third party app is just going to use up space and CPU cycles on her machine for imperceptible gain.

this isn’t a virus as such, more of a nuisance pop up from a dodgy website and she can turn the notifications off for this. Where would she need to go to do this please?

Yes. The link in my first response had it, but look here (bottom of page); https://support.apple.com/en-by/guide/safari/sfri40734/16.0/mac/11.0 (As you say she can’t upgrade to Montery (12.0), I’m assuming she’s on Big Sur (11.0) – if not select the correct OS version in the drop down at the top. That link is to stop notifications for specific websites – so she’ll need to probably block any that don’t look familiar (or all). To go nuclear you can just turn off all notification for Safari in System Prefs > Notifications.

then is any of her data at risk and does she need to upgrade to Monterey?

No. Up to her but wouldn’t be a bad idea as Big Sur security updates ceased 30 Nov 2023 (and Montery will cease 30 Nov 2024). From model number I think Montery is as up to date as you can go.

My OH has said she can’t locate xProtect on her Mac and can’t download Malwarebytes as this requires macOS12 onwards.

it’s not a separate app, it’s part of macOS so is always running in the background, you don’t need to actually do anything to benefit from it. Except… keep up to date with (security) updates. macOS 12 is in itself quite old (we’re on 15 now!!) so presumably she is on something older than that, is she applying updates to it at least (assuming it’s still getting updates)?

Now if my understanding is correct, being the slightly less luddite of the pair, this isn’t a virus as such, more of a nuisance pop up from a dodgy website and she can turn the notifications off for this.  Where would she need to go to do this please?

assuming it hasn’t changed too much – from Safari click on the “Safari” menu then “Settings”, then the “Websites” tab. From here you can choose “Notifications” on the left and “deny” (I don’t think this is a notification, though) and also “Pop-up Windows” (which I think this is) and choose “block”

If this is the case, then is any of her data at risk and does she need to upgrade to Monterey?

I would say not, unless she follows the link from the pop-up. But yes it’s good practice to keep your OS up-to-date!

EDIT: basically as per above 🙂

Thanks for the feedback all, will pass this over to her and see how she/we get on 🙂

assuming it hasn’t changed too much – from Safari click on the “Safari” menu then “Settings”, then the “Websites” tab. From here you can choose “Notifications” on the left and “deny” (I don’t think this is a notification, though) and also “Pop-up Windows” (which I think this is) and choose “block”

Perhaps also go to Settings then Privacy. Click on “Manage Website Data” search for the website in question and click Remove.

Oh and don’t go there again.

then is any of her data at risk

Is it not backed up?

more of a nuisance pop up from a dodgy website and she can turn the notifications off for this. Where would she need to go to do this please?

You know the website she’s going to where it’s generating spurious malware alerts? Where she needs to go to in order to avoid this is every other website bar that one.

Is it not backed up?

This.

If it were me I’d flatten the ****ing thing and start again. Life’s too short to be sodding about with shite like “making space,” flapping about malware alerts which may or may not be bogus, and an absence of backups (and believe me I’ve spent many MANY hours doing exactly this). Back up your data or learn an important life lesson, then just hose it.

I assume there’s some sort of Vulcan Nerve Pinch you can do during boot on a Mac to factory reset it?

You know the website she’s going to where it’s generating spurious malware alerts? Where she needs to go to in order to avoid this is every other website bar that one.

From the description this isn’t a pop up window, this is a notification. You don’t need to subsequently visit the website for it to send you notifications. Worth noting that she will have had to click yes to “Do you want to allow the website Badshit.com to send you notifications?” for this to happen.

I assume there’s some sort of Vulcan Nerve Pinch you can do during boot on a Mac to factory reset it?

Yes, but as there is no malware that’s mega overkill (especially as there is likely no backup!). Fix the problem with a few clicks, start backing up*. No need to go nuclear.
*really, really start doing that – this is a 2015 machine we are talking about.

I agree with timmya, no need to flatten it. If backups are not currently being done I would suggest as a minimum to get a USB SSD and back up to that now and then using Time Machine.

If space is currently an issue regarding the update then it might also be an issue for Time Machine to do a backup (or not).

If Time Machine won’t work then just move some stuff off onto the external drive using Finder. After backup/moving files get the OS updated then think long and about what needs to go back on from the external drive/backup. If your “user” is anything like my “user” persuading them to do this will be the most onerous task.

You could also consider buying a bit of iCloud space to move some stuff to. It’s not that expensive and you can just do it temporarily while you clean up the machine.

Not sure that I’d follow Cougar’s guidance here. A bit extreme if you can resolve the problem by clearing the cache and web history.

however I absolutely agree with Cougar on BACK UPs. backups are essential. Time Machine does them OK but Backblaze (online backup) and Carbon Copy Cloner (back up to external HDD for onsite and off site storage).

Edit – provided there is enough storage to install and run carbon copy cloner she should be able to clone the Mac’s boot drive with all the user data. Then you can figure out where all the space has gone after emptying the trash

And always keep up to date with MacOS updates and upgrades.

OP please say that her day to day account does not have admin rights.

edit edit. Might be time to think about a shiny new Apple Silicon MacBook?

OP please say that her day to day account does not have admin rights.

Mine does, but I’m the bugger who maintains it. I have a separate admin account in case my user account gets knackered.

Might be time to think about a shiny new Apple Silicon MacBook?

I did this last year. The Silicon MacBook Air is a wondrous thing.

Not sure that I’d follow Cougar’s guidance here.

I know nothing about Macs. I do know that I’ve hemorrhaged weeks of my life worrying at on-the-wonk PCs out of sheer bloody-mindedness that I wouldn’t be beaten when I could’ve just wiped the damn things. My thinking today is “if this is on there then what else is that I haven’t discovered yet?”

Plus on a ten year old machine where disk space is at a premium and the user is scratching her head over what she doesn’t use any more, it’s likely faster and certainly more efficient to blat it and then reinstall what she does use. It’s overdue a rebuild.