Forum language: EN | FI
Remember Davinci Malware can infect both Mac and Windows.
DO NOT copy your previous files that you work with to your clean computer.
Document any incidents on a notebook or notepad, write the date and time and place.
Do a video recording of your innocent.
Do a video recording to your computer what is happening.
I don't know, if you intend to sent the infect file to F-Secure.
You have to send the infected file via Air post to Finland. If you want to and write a letter.
Corporate Headquarters &Finland
F-Secure CorporationTammasaarenkatu 7PL 2400181 HelsinkiFinlandTel. 358 9 2520 0700Fax 358 9 2520 5001
You can always send the infected file via online to F-Secure.
Make sure you see the videos and the links that I have given you.
That is all I can help you.
Hope you get your life back on track again.
If you follow what I told you.
Half of the battle have been won!!!
Sometimes the malware did not come from you, maybe you accidently get your computer infected.
If someone have a heart to sabotage your computer.
That can be possible also.
First, just do the steps that I given you.
Don't buy a new laptop yet. See if this steps works.
Remember don't copy back the backup files. It is infected!
Oh yeah, I forgot to tell you one thing.
Disable you Parental Control on your Mac OS X.
Make sure it is disable and turn off.
The reason is because I suspected that someone is already gain access to your computer and remotely desktop to you mac with Parental Control turn on!
As long as you don't go to the infected site in the internet you are safe.
If you have Apple boot camp.
Make sure you install malwarebytes on your Windows OS.
Hope you follow all the hints that I given you.
When you redo or re installing your Mac OS X.
Make sure you do it on your own.
You cannot ask someone to do it for you.
Because people can just create a user account and take complete control of your computer.
You must learn how to do things yourself. You cannot rely on others.
Don't click to the link you don't trust.
Or any email attachment.
Always do a scan on email attachments.
Follow this tips from US Homeland Security on computer security issues.
You must learn the hard way and adapt to new technologies.
Do not let others play with your computer. Even friends.
Did you read the links that i've given you. And did you watch the video clips?
You must read and see.
Then you will know what I'm talking about.
Then you know how to prevent this things from happening again.
Like got infected with malware and viruses.
This is a learning curve that you need to know.
If you think you are still under threat.
Then learn art of self defense.
Like learning aikido. Like Steven Seagal??? (You watch Steven Seagal Lawman - http://stevenseagal.com/?page_id=34)
So that you can disarm the bad guys.
If you want a firewall on your Mac.
You can use,
One thing about mac is that you have to buy every piece of software. It did not come with Free.
I just trying to help you out. Hope this will solve all your problems!!!
Summary tips on Macbook Pro security tips.
1. check to see if your root user account is enable.
Change the root user account password and disable it.
2. check to see if Active Directory is enable.
Change and disable Active Directory.
3. Make sure all Sharing are untick and disable under Sharing System Preferences.
Take note of Remote Login, Remote Desktop, VNC enable on Remote Desktop or Screen Sharing, Internet Sharing, File Sharing. Go to the option one by one and disable and untick all the settings.
4. Check your Network settings.
Make sure Internet Sharing is not enable. Your network is not bind. Make sure no Apple Airport is enable and configure in your Mac.
5. Disable your Parental Control.
6. Do not use root and admin account every day. Create a Standard user acccount.
7. Do not install Java.
8. If you need to use Flash. Make sure you check whether you have the latest updates.
Google Adobe Flash about, check to see if you have the latest version of Adobe Flash.
9. Do not use Internet Explorer if you are using Apple Boot Camp.
10. Do not use Apple Safari. Use alternative browser like Firefox or Google Chrome.
Make sure you keep the browser up to date.
11. Go to Apple Apps Store and Update your Mac Operating System.
Go to Apple Security Update web site. http://support.apple.com/kb/HT1222
To check for all apple product security updates.
12. Enable Firewall via Firewall System Preferences and tick or select block all incoming.
13. Buy or use a good Anti Virus program, Like Intego, Avira, Dr Web Light for Mac antivirus. Do a Full Scan.
14. Use a First Aid strips to cover your web cam. Do not use the computer in the toilet or in your room when you are changing clothes. Do not turn on the computer.
15. Be aware of any computer security issues by visiting to CERT.
16. F-Secure blog and Intego web site. And also the SafeMac website.
17. Do not install any third party remote desktop program.
18. Go to terminal command. At the command prompt type w and hit enter.
See if you see any other user logon to your computer.
19. Record a video if you find out that your computer have been compromise.
20. Reformat your hard disk and zero out and reinstall back your Mac OS X.
Do not reuse or copy over your back up files. It might be infected!!!!
21. Go to apple feedback. http;//www.apple.com/feedback
22. If you see any mouse moving around your computer. Your computer is being remote desktop! Some one is controlling your computer remotely!
23. Do not use the same password on your user account.
24. Do not let someone access to your Mac. Be it your boyfriend, friend, siblings etc.
25.Use KeyLemmon Biometricss on your Mac.
26. Be wary of Adware, Spyware, Botnets & Malware on your Mac computer.
Do not click site which you think it's not safe! Do not download anything from CNET Download it contain adwares or spywares!
27. Enable your Gatekeeper setting. Under Security System Preferences.
28. Do not reuse your Time Machine Back Up files to a clean refresh MAC OS X.
It might be infected!!!
29. keep tab on everything you do in the internet.
30. Always remember what you do, DO NOT assume.
If you are using a PC.
Download Malwarebytes and do a FULL SCAN.
Use F-Secure Antivirus. Or alternative antivirus program like Bitdefender, Emsisoft, Hitman Pro, Superantispyware.
Use Comodo or Outpost firewall.
Do a Full scan on all your computers.
Do not install any third party remote desktop program on your PC.
Enable your windows firewall if you do not intend to use other third party firewall. Make sure Block All Incoming rules.
Disable any Internet Sharing, Remote Desktop and Remote Assistant.
Update your Windows OS.
Update all your Programs that you use if the software vendor have release a new updated version of the program that you use.
If you suspect any unwanted link do not click.
Do not Download from CNET Download website because it contains adware, spyware. etc.
Be wary of any up to date malware, spyware, botnet issue by visiting known Antivirus company blog web site.
Do not download anything from email attachment files. It may be infected. Do a full scan on any email attachment files.
Install a antivirus program on Your Android Smart Phones and tablets.
Do not use the app in Google Apps Store if it is infected with Android trojans and malwares!
That goes the same to your iPhone and Windows Phone. Use Antivirus program!
Always check with US-Cert Homeland Security.
I think last month apple have release 10.9.4 mac os x updates.
Read Apple Knowledge base steps that i have given it to you.
Take your time to learn.
It will be rewarding if you know how to do it yourself.
Take your time learning the ropes.
Once you get the hang of it. Things will be alot simpler later on. And you know what to do.
Go to the library and borrow Maverick for Dummies or iLife for Dummies or Maverick the Missing Manuals books.
Read the book and learn at your pace and do hands on!
Do not rely on others to do it for you.
You must be tech savy!
I too learn the hard way. There is no one to spoonfeed me doing everything on a computer. All are self taught at my end.
If you buy and own the computer, you must learn how to use the machine / computer.
Same like buying a sewing machine.
Go to www.macworld.com and www.maclife.com. Good site on your mac.
What is the ip address you been getting???
Can you give IP address???
You can go to this site to confirm the Ip address...
I don't understand why an innocent people like you been victimised wrongly????
I think they must been broking in to your apartment or while you are still working there in the office or maybe you go out for your Lunch, someone must have physically access to your computer and change the password to your root account and turn on the Parental Control and change and implement a ACL command to your computer and mess up with your Macbook Pro laptop and gain access to your root account and turn on the Parental control and remotely
controlling your computer.
They must have gain access to your computer via root user account on your Mac, and turn on remote login, remote desktop, remote service, screen sharing.
When you see someone typing across your terminal screen on your computer. Curse you in your computer. Did you video it???? You must video the incident on your HAND HELD VIDEO CAMERA.
I think they are monitoring you on your Macbook Pro computer.
They must have gain access illegally or HACK into your computer and computer network.
And Peer you thru via the Internet Access in your residential area.
I believe your computer have been Remote Login, Remote Desktop and Screen Sharing or they install a third party Remote Desktop program and gain access to your Root user account and turn on your Parental Control so that you did not get any form of previlege access to your computer.
Did you scan your computer with Intego Antivirus??? Can you install and do a Full Scan???
Okay go to the terminal screen.
Type w and press enter.
see the list of users login to your macbook pro.
or Type last and press enter.
or Type finger and press enter.
What did you see on your terminal screen. Can you cut and paste here???
How many user name did you see in your computer????
It seems to me you've BEEN FRAME WRONGLY for SOMETHING WHICH YOU DID NOT COMMITT.
Take my advice you video tape what happen to your computer. That is the only proof that you got.
By jurisdiction, it is illegal to HACK into someone else computer and take control of his / her computer to do illegal things. This is call A ORGANISE CRIMINAL OFFENCE!!!
The person who did this to you MUST GO TO JAIL.
When I lookup the ip address 184.108.40.206 it is resided at Australia.
click on this link if this is the source of the DAVINCI Virus Certifiate
IP Details for 220.127.116.11This information should not be used for emergency purposes, trying to find someone's exact physical address, or other purposes that would require 100% accuracy. Please read about geolocation accuracy for more information.General IP InformationIP: 18.104.22.168Decimal: 3231080458Hostname: 22.214.171.124ISP: Organization: Services: None detectedType: CorporateAssignment: Static IPBlacklist: Geolocation InformationCountry: Australia au flagState/Region: New South WalesCity: MiltonLatitude: -35.3164 (35° 18′ 59.04″ S)Longitude: 150.4361 (150° 26′ 9.96″ E)Postal Code: 2538
It seems to me, someone must have broke in to the Internet cable box and hard wired to their network so that they can monitor your activities via the internet.
I believe someone have already gain access to your computer and monitoring you.
When the ISP come over to your house did you VIDEO taping the incident????
You should have video tape the incident when the ISP people come to your house.
It's like watching "ENEMY OF THE STATE" movie.... you know Will Smith and Gene Hackman.
Did you watch the movie???
Here is the phone number to US CERT Homeland Security.
or email [email protected]
or go to their web site and you can sent and file the report to them.
At the bottom of the left hand of your computer screen, did you see "I WANT", click one of the option and file the report to the US Homeland Security.
Here to cut story shot let me send you the link.
For FBI report...
Can you please check your network settings on your Mac???
Did you use DHCP??? or Static????
Make sure the ip address that you are using on your network must not resided from your previous Employer.....
Okay you go to this site and check your network settings on your Mac.
What ip address did you see.
Can you do a traceroute on your terminal screen???
Now disconnect to your internet remove the ethernet cable, Can you reset your password....
Go to this link.
It show the steps.
On Recovery When you forgot the password and you can't use OS X, you have to use the new Recovery. To boot in Recovery system, press Command and R keys in boot and hold the keys until you see the Apple icon. If you have a Mac with Internet Recovery, read > http://support.apple.com/kb/HT4718. If your Mac has got a wireless keyboard, hold them when you hear the startup sound When it starts, select Utilities > Terminal, and type: resetpassword Press your user and type your password. Finally, reboot. This doesn't work for FileVault. If you forget your password with FileVault, you lost your info. Also, you can see if you use Recovery HD or Internet Recovery, or enable it -> http://support.apple.com/kb/HT4904 You can do it with an USB drive > http://support.apple.com/kb/HT4848
Change all your password to your root account, administrator account and user account.
Once you change your root account, disable the root account base on the link that I have given you.
Disable you guest account. (see the previous link that I give you)
Login to your administrator account, go to system preference and disable all the sharing options.
Untick all the sharing.
Save and reboot your mac.
Logon your Mac base on your user standard account. Do not login to administator account.
Now your ethernet cable directly to your Cable Modem (not to your router) and do a scan test on your computer see if there is any open ports.
Go to www.grc.com and click on shield up.
click proceed and select all service ports button.
See if there is any open ports on your computer.
Go to terminal again.
Type ps aux command and press enter.
Cut and paste in this forum.
Now disconnect from your computer.
Go to your router and press the reset button at the back of your router.
Change the user admin account and password of your router and make sure it set to DHCP.
Go to one of your router settings and enable the firewall settings.
Disable your wifi settings on your router.
Hook up the ethernet cable to the back of the router and hook up to your computer.
Go to terminal type netstat -antp and netstat -tulpn what did you see.
Cut and paste here.
Go to terminal type sudo ifconfig and cut and paste here in the forum.
Okay the ip address comes from Time Warner.
is this confirmed?
P Details for 126.96.36.199This information should not be used for emergency purposes, trying to find someone's exact physical address, or other purposes that would require 100% accuracy. Please read about geolocation accuracy for more information.General IP InformationIP: 188.8.131.52Decimal: 401854337Hostname: cpe-23-243-207-129.socal.res.rr.comISP: Time Warner CableOrganization: Time Warner CableServices: None detectedType: BroadbandAssignment: Static IPBlacklist: Geolocation InformationCountry: United States us flagState/Region: CaliforniaCity: Los AngelesLatitude: 34.0522 (34° 3′ 7.92″ N)Longitude: -118.2437 (118° 14′ 37.32″ W)Area Code: 323
is this your ISP cable ip address or your the previously the company you work with.
what other ip address you get....????
Did you have a firewall log on your router????
Did you make a Maverick recovery USB thumb drive????
Did you managed to change your root or admin password.
If you have your Maverick Recovery USB thumb drive.
You can format and zero out your hard disk.
It will take more than 1 hour to format your hard disk.
Then hook up your Maverick Recovery USB thumb drive by press shift key and reinstall your OS X Maverick.
And do a software update.
DO NOT COPY BACK ALL YOUR BACK UP FILES IT MIGHT BE INFECTED WITH DAVINCI MALWARE!!!
Did you manage to change your administrator and standard user password on your Mac OS X ???
If you did not change, then they still on your computer accessing and monitoring you.
Mind if I ask you, why did you buy a Mac, when you do not know how to do this things????
*** Make Sure you read the instructions before proceed ***
Do me a favour,
You go to Computer Shop or any shop that sell a 8 or 16 GB Thumbdrive.
Get 2 thumbdrive if you want to. (Just in case)
You know what is USB thumb drive right?
They have USB 2.0 or 3.0.
Does your Mac have USB 3.0 or 2.0.
If your Macbook Pro have USB 2.0 then buy USB 2.0.
If your Macbook Pro have USB 3.0 then buy the USB 3.0.
Firstly I need to know what Macbook pro version are you using?
The 13 inch version or 15 inch version or the Macbook Pro retina version.
Go to this site....
How long ago did you buy this Macbook pro and from where????
Base on the wiki page, which version of Macbook pro are you using....
Because to do the Internet recovery, only certain models of Macbook Pro can do this.
Computers that can be upgraded to use OS X Internet RecoverySome computers that did not come with OS X Lion or later installed can use the OS X Internet Recovery feature after applying a firmware update.Download and install an updated EFI Firmware ROM for these computers to use the OS X Internet Recovery feature: MacBook Pro (13-inch, Early 2011) MacBook Pro (15-inch, Early 2011) MacBook Pro (17-inch, Early 2011) iMac (21.5-inch, Mid 2011) iMac (27-inch, Mid 2011) MacBook (13-inch, Mid 2010) MacBook Pro (13-inch, Mid 2010) Mac mini (Mid 2010) MacBook Pro (15-inch and 17-inch, Mid 2010) iMac (21.5-inch and 27-inch, Mid 2010) MacBook Air (11-inch and 13-inch, Late 2010)Additional InformationLearn more about available EFI firmware updates or about OS X Internet Recovery.Some computers that are upgraded can't use the Internet version of Apple Hardware Test.Last Modified: Jul 30, 2012
If you have the exact model from above, (make sure it is the exact model) then you can do the Apple Internet recovery.
You need to zero out your harddisk.
Reboot your Mac and press Command R keys and go to the Apple Recovery.
You have to wait for about more than 1 hour or so depending your hardware spec to Zero Out your harddisk.
Then proceed to the next step to the Apple Internet Recovery if you happen the have the same exact model of Macbook Pro.
I repeat again, before proceeding make sure you have the same exact year model of your macbook pro.
Then .... click on the link below.
OS X: About OS X RecoveryOS X Lion, Mountain Lion, and Mavericks include OS X Recovery. This feature includes all of the tools you need to reinstall OS X, repair your disk, and even restore from a Time Machine backup without the need for optical discs.About RecoveryRecovery SystemOS X Recovery includes a built in set of utilities as part of the Recovery System. To start your computer from Recovery, restart your Mac and hold down the Command key and the R key (Command-R). Press and hold these keys until the Apple logo appears. This indicates that your Mac is starting up. After the Recovery System finishes starting up, you should see a desktop with an OS X menu bar and a "Mac OS X Utilities" window. Note: If you see a login window or your own desktop and icons, it's possible that you didn't hold Command-R early enough. Restart and try again.In order to reinstall OS X, you need to be connected to the Internet over an Ethernet or Wi-Fi network. The Wi-Fi menu is in the upper-right corner of the screen. Click the icon to select from available Wi-Fi networks. Choose your preferred network name and, if needed, enter a username and/or password.OS X Internet RecoveryMac models introduced after public availability of OS X Lion include the ability to start up directly from an Internet-based version of the OS X Recovery system. OS X automatically uses this feature when the Recovery System on the hard disk isn't available (such as when your hard disk encounters an issue, or when your hard disk has been replaced or erased). OS X Internet Recovery lets you start your Mac directly from Apple's servers. Starting up from this system performs a quick test of your memory and hard drive to check for hardware issues.OS X Internet Recovery presents a limited interface at first, with only the ability to select your preferred Wi-Fi network and, if needed, entering a passphrase. Next, OS X Internet Recovery downloads and starts from a Recovery System image. From there, you are offered the same utilities and options as a local Recovery System.Some computers that did not ship with OS X Lion or later installed may be able to add the ability to use Internet Recovery by applying a software update.Restoring iLife applications after Internet Restore of OS XIf your computer came with OS X Lion or later and you erase your hard disk and install OS X, you can download iPhoto, iMovie, and GarageBand from the Mac App Store. After installation, start (up) from OS X. Choose App Store from the Apple menu. Enter your Apple ID and password when prompted. Click Purchases. If you haven't previously accepted your bundled iLife applications within the Mac App Store, you should see your iLife applications appear in the Accept portion of the screen. Click Accept. You may be asked for your Apple ID and password once again. Your iLife applications now move to the Purchased section. These applications are part of the software that came with your computer. Your account will not be charged for them. Click Install to complete installation of your applications.Requirements for reinstalling OS X using RecoveryReinstalling OS X using OS X Recovery requires broadband access to the Internet via Wi-Fi or an Ethernet connection. OS X is downloaded over the Internet from Apple when OS X Recovery is used for reinstallation.OS X Recovery requires that DHCP is enabled on your chosen Wi-Fi or ethernet network, If you bought OS X from the Mac App Store, you will be prompted to enter the Apple ID and password you used to purchase OS X.The time required to download OS X varies, depending on the speed of your Internet connection and the version of OS X you are installing. If your usual or current Internet connection has requirements or settings not supported by OS X Recovery, either change the settings to a supported configuration for the duration of your OS X reinstall, or seek out acceptable networks from which you are permitted to access the Internet (such as friends, family, Internet "cafe" establishments, or possibly your place of employment with appropriate permission).Supported network configurations and protocols local Recovery System Internet RecoveryWEP Yes NoWPA/WPA2 Yes YesWPA-Enterprise Yes NoPPPoE (where there is no router handling the PPPoE connection) No NoCaptive-Networks (where you click an "Agree" button to access the Internet) Yes NoProxies (where specific proxy servers must be configured in network preferences) No NoCertificate-based authentication / 802.1x No NoWhich version of OS X is installed by OS X Recovery? If you use the Recovery System stored on your startup disk to reinstall OS X, it installs the most recent version of OS X previously installed on this computer. If you use Internet Recovery to reinstall OS X, it installs the version of OS X that originally came with your computer. After installation is finished, use the Mac App Store to install related updates or later versions of OS X that you have previously purchased.What to do if the installer warns that no Recovery System can be createdSome disk partition configurations may result in the OS X installer reporting that it could not create a Recovery System. In these situations, even if you are permitted to continue the install, you may want to quit the installation and create an external, bootable OS X hard drive with a Recovery System, first. You can continue your OS X upgrade on your computer's startup drive after creating an external Recovery System. Your storage device must have at least 13 GB available (after formatting) to install OS X Lion or later and a Recovery partition. These steps erase and reformat the storage device. This article instructs you on setting up a storage device to use the GUID partition scheme and the Mac OS Extended (Journaled) format, which are required to install OS X and a Recovery partition on your external storage device. You should back up any important files that are on the device to a different drive. This procedure installs a version of OS X that is compatible with the Mac it was created with. Using this OS X system with a different Mac model may produce unpredictable results. Your computer's serial number is sent to Apple as part of this process to help authenticate your request to download and install OS X Lion.Additional InformationPlease note that OS X Recovery must be present on the computer's startup volume in order to use FileVault 2. Using RAID partitions or a non-standard Boot Camp partition on the startup disk may prevent OS X from installing a local Recovery system. See "OS X: Some features of Mac OS X are not supported for the disk (volume name)" for more information.OS X Recovery includes a version of Safari with links to resources on www.apple.com. This version of Safari can be used to access help resources at Apple's website and elsewhere on the Internet. The network requirements listed above also apply to the version of Safari included with OS X Recovery. Plugins and Safari Extensions cannot be added to the version of Safari included with OS X Recovery.Last Modified: Mar 18, 2014.
If your harddisk is empty without os.
Command R and Apple Internet Recovery will reload your OS.
** IF YOU DO NOT HAVE THE EXACT MACBOOK PRO MODEL TO DO APPLE INTERNET RECOVERY **
Make sure you have your USB thumb drive.
Reset your Administrator Password.
Reboot your Mac and Press Command R
When booting is complete, you'll see a window of "OS X Utilities." You won't do anything there. Instead, you'll go to the Menu bar at the top and select Utilities > Terminal.
In the terminal window type the following and hit the Return key.
Click on the volume of interest and select the desired user account (your administrator account and User standard account) in the popup. (See the note at the top of this article about the administrator's name). Then enter the new password twice. A password hint is optional. Click "Save."
click on Reset button under Home Folders Permission and ACLs.
Go back to the Apple Menu at the top. Select OS X Utilities > Quit OS X Utilities. That will prompt you to restart the Mac.
Reset your Root account password.
Log in with your administrator account and password.
Go to system preferences, click sharing.
Disable all of the options under Sharing.
OS X Mavericks: Enable and disable the root userThe root user, or superuser, is a special user account in OS X that can modify and delete critical system files. By default, the root user is not enabled.Warning: If you log in as the root user, use extreme caution. You can damage the system by moving or deleting important files. Use this account only for specific administration or monitoring tasks. When you finish the tasks that require logging in as the root user, always log out, log in as an administrator, then disable the root user. Open Users & Groups preferences, click Login Options, then click the lock icon to unlock it. If necessary, type your password, then click Unlock. In the Network Account Server section, click Join or Edit. Click Open Directory Utility. Click the lock icon to unlock it, then enter your administrator name and password. Do one of the following: Choose Edit > Enable Root User, then enter a root user password in the Password and Verify fields. Choose Edit > Disable Root User. Choose Edit > Change Root Password, then enter a new root user password. Tips for creating secure passwordsLast Modified: May 8, 2014
Once you change your root password, make sure you disable the root account.
Then go to the Apple Apps Store and download the new version 10.9.4 of Maverick.
Now download the free copy of maverick 10.9.4.
Make sure your internet connection did not drop.
Otherwise you have to redo again.
It must download exactly about 5GB of Full version of 10.9.4 mavericks.
Next.... once you have complete download of your OS X Maverick 10.9.4.
Go to the next step....
Then go to this step. follow exactly ....
Now plug in your USB thumb drive.
Make Mavericks Install USB with a Simple Terminal CommandWritten by Damien Zander on November 2, 2013In a previous post I went through the lengthy method of creating a bootable USB Flash drive that could be used to install OS X Mavericks as well as a really simple solution that involves using an application called DiskMaker X.This post will go through another method that utilizes a single Terminal Command#1 – Download OS X MavericksFirst things first, you need to download OS X Mavericks. This is a FREE download from Apple. Here’s link to it: OS X Mavericks #2 – Prepare your USB Flash DriveCreating a bootable USB drive for Mavericks requires a USB drive with at least 8GB of available space. If you don’t already have one, they are really cheap. If you need a good Flash drive, here is an affiliate link to a 16 GB flash drive: PNY 16GB Attaché 2 USB 2.0 Flash Drive – Black,Blue (P-FD16GATT2-GE) only $11.99.Before we can restore Mavericks onto the USB Flash drive, the drive has to be properly formatted.install mavericks usb pen driveTo format the USB drive open Disk Utility (located in Applications/Utilities). Plug the drive in into your Mac. Select the USB Flash drive from the sidebar in Disk Utility. Select the “Erase” tab. Make sure the Format is set to Mac OS Extended (Journaled). As for the name, leave it as “Untitled”. Finally click the Erase tab.One important note about Step 5, this will erase everything that is currently on your USB drive. #3 – Terminal CommandNow that the USB drive is properly formatted we can run the Terminal command that will take care of the rest. Terminal can be found in the Applications/Utilities folder.Simply copy and paste this into Terminal and press the Enter key on your keyboard:sudo /Applications/Install\ OS\ X\ Mavericks.app/Contents/Resources/createinstallmedia --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ Mavericks.app --nointeractionSince the above command uses the sudo atritubute you will be required to enter your password to start the process.Once the process starts you will see this in Terminal:Erasing Disk: 0%… 10%… 20%…100%…Copying installer files to disk…Copy complete.Making disk bootable…Copying boot files…Copy complete.Done.This process can take a while since it’s coping gigabytes of data over. Leave it alone and let it do its things.Congratulations you just created a working Mavericks install USB drive!
Now unmount your USB thumb drive. Eject your USB Thumb drive. (Do simple unplug it, you need to properly do the unmount or eject the thumbdrive)
Reboot your mac and press Command R
Then go to Disk Utilities do a zero out format your Hard disk.
Open Disk Utilities
Select the hard drive to erase
Click the Erase tab
Select the volume format from the Volume Format pop-up menu
Select the checkbox for "Zero all data"
It will take about 1 hour or more depending on your Macbook Pro hardware specs.
After you have zero out your harddisk,
plug in the USB Recovery thumb drive.
And reboot your mac and reinstall your Mac OS X.
Now you have a clean system with no viruses,
After you install your OS X, do a software update.
DO NOT COPY BACK YOUR BACK UP FILES to this freshly install OS X.
Install Intego Antivirus or F-Secure antivirus for mac.
There you go.
The next extra steps, go to Sharing System Preferences and untick every thing.
Disable Parental control.
Change your root password base on the previous steps that i told you.
Disable your Guest account.
Do not install Java.
Install Adobe Flash.
And reinstall your iLife apps. (Download your Garage band, iMove, iPhoto from the Apple Apps Store)
Take note you can reset your password account base on Apple User ID.
OS X Mavericks: Reset a login passwordSometimes a user’s login password needs to be reset—for example, when the user has forgotten the login password and can’t use a password hint to remember it.When a user’s login password is reset, a new default keychain is created to store the user’s passwords. For more information about keychain passwords, see:About your keychain passwordReset your login password using your Apple IDYou can use your Apple ID to reset your login password only if “Allow user to reset password using Apple ID” is selected in Users & Groups preferences. If FileVault is turned on, open Security & Privacy preferences and turn it off. FileVault must be off to use your Apple ID to reset your login password. Log in to your account. In the login window, click the question mark in the password field, then click the arrow in the dialog that appears. Enter an Apple ID and password, then click Reset Password.Reset your login password when FileVault is turned onIf FileVault is turned on, use the FileVault recovery key to reset your login password.For more information, see:If you forget your login password and FileVault is onReset the password of specific usersAn administrator can reset the passwords of other users by using one of these techniques. Choose Apple menu > System Preferences, click Users & Groups, click the lock to unlock it, then provide an administrator name and password. Select a user, then click Reset Password. If your Mac is a server, use the Server app to reset server users’ passwords. For instructions, see Server Help.Last Modified: May 8, 2014
Keep your USB Recovery Thumb drive on a safe place. Do not lost it.
Keep the USB Recovery Thumb drive with you at all times.
Do not reuse or copy over your back up files it may be infected with DAVINCI malware!
Then you buy a new hard disk.
Have it replace.
Or go to Apple Service Center, and replace the hard drive.
The infected drive, you send over to F-Secure in Finland for analysis.
If you don't do that, the person who did this to you will still online and keep attacking your computer.
And you've been monitor. What's the point?
Zero out and Normal format is two different thing.
If you do not want to change your hard disk. You put your life at risk.
Can you check in this Apple Forum site.
They have the method to format erase the filevault hard disk.
They teach you how to format the Filevault encrypted hard disk.
Turn off filevault.
If you want to use the Terminal, then reboot with the Command-R keys held to get to the OS X tools window. In here, choose "Terminal" from the Utilities menu, and then run the following command: diskutil cs list With this command entered, you should see a hierarchical tree of the encrypted volume, with the first entry being the core storage volume group. Get the UUID from this group, and use it int he following command: diskutil cs delete UUID See this screenshot for what this should look like (UUID is circled in RED, and typed commands are in BLUE):
see illustration in this link.
You should also be able to remove the encrypted volume using the following command:diskutil corestorage delete /Volumes/insert_disk_nameThat should delete the encrypted volume and contents.
check the encryption keys here in this link.
Here is Apple Filevault training sessions.
Don't tell me you EFI password your macbook Pro.