Sometimes, you can be your own worst enemy…
A while back, I posted an article about how anybody could get a computer virus. It was telling, because the anybody was me. I ran afoul of a bad ad network somewhere and picked up something that caused me to, I thought, pick up a key logger. In the end, it turned out I was wrong, but I’ll get to that in a bit.
Instead I had picked up a couple other viruses, both of which came through a bad ad network and both of which, it turned out, were responsible for my spam situation. Unfortunately, NONE of the anti-virus products that I had on my machine – Webroot Secure Anywhere and MacScan, could remove the software, though it had no problems at all identifying the viruses on my Time Machine drive.
Based on this information, it was clear to me that the malware was 1) on my Mac, and 2) actively hiding from the real time scanner of one app and the manual scanners of both apps. To be blunt MacScan didn’t detect a thing. Webroot found everything, but only on my Time Machine drive, and couldn’t remove all of it.
I had a couple options at this point – 1) Rebuild the system (which involved blowing the drive, putting the OS back on and then reinstalling everything from scratch, and 2) Finding an anti-malware app that could remove everything. After trying Malwarebytes for Mac and having it fail miserably, I started looking for another Mac malware scanner and removal system.
What I found, was FixMeStick; but even THAT had issues. It works very well with Yosemite and earlier based Macs; but when I purchased it in January of 2016, it didn’t work with El Capitan based Macs, and my MacBook Pro runs El Capitan. Unfortunately for me, FixMeStick didn’t know about their inability to work with El Cap Macs when I bought the product. I helped them confirm the issue.
FixMeStick is an offline anti-malware scanner. You purchase a self-booting USB stick. You stick it in a USB port, boot from it, it scans your drive, finds the goo and removes it. Unfortunately, El Capitan’s default drive format makes use of journaling, and (up until about 2 days ago, as of this writing), FixMeStick couldn’t even READ a drive that was HSF+ Journaled/ Journaled, Case Sensitive. So it was effectively USELESS to me.
I checked in with them every three to four weeks, asking if they had resolved the issue. They would always say they were close, and that they would have an update to users and a release in about four to eight (4-8) weeks. Those deadlines were always missed, and I came very close to demanding a refund.
I’m going to jump to the end, here, as its going to make this a lot more valuable to everyone in the end…
In the end, they figured it out. Their product now works with El Cap formatted Macs, and the product found three bugs on my Mac and removed them… on the first scan after the issue was resolved… but not without some last minute drama – none of the bugs were the key logger that Webroot Secure Anywhere had identified (and I THOUGHT was the cause of my Google Apps (Gmail) account getting hacked). I thought there was a problem.
Thankfully, I was very wrong.
What I learned is that Webroot has a known issue with identifying false positives when their scanner scans your Time Machine drive. While Key Logger.Spector.Pro.r is a real problem, it isn’t when Webroot Secure Anywhere ONLY identifies it on your Time Machine drive and ONLY on your Time Machine drive.
According to Webroot, and I traded email with their tech support team this past weekend, what Secure Anywhere finds is a false positive on a info.plist file in a kext file that Gatekeeper uses to identify software that can run on your Mac without you having to constantly approve it; AND it ONLY identifies it in this kext file on your Time Machine drive. It’s well documented in their support forums.
So… after 9 months… not only am I virus free; but I never had a key logger, and I shouldn’t have anything or anyone else hijacking my Google Apps account (though thankfully, I actually haven’t had that happen for about four (4) months).
But as I said in November, anybody can get a computer virus. Just because you do, doesn’t (necessarily) mean you’ve been somewhere you shouldn’t nor does it (necessarily) mean that you’re careless. It just means that you picked up a bug. What you do need to do is pick up the right tool to get rid of it, and then make certain you have a real time scanner on your computer.
For me, this is FixMeStick and Webroot Secure Anywhere for Mac.