fake AVG malware infection on Mac

downloaded a fake version of AVG on my macBook pro and the pc version for my laptop. and the virus has unmounted my disk that has all of my files on it. the sub disk below the main mac drive, mine's the 750 toshiba, bought my macbook May 2011 so 3year apple care is over and paid them $19.95 just to tell me that they didn't know **** and to bring it in so that they could charge me hundreds of $s just to reformat my drive and NOT be able to touch my files to save them because of their policies on personal data. so does anyone have any ideas how to save and copy my files to a flash drive. the sub disk with my files on it shows in gray and it says that the disk needs to be repaired but it can't. I just want a way to get to the files and then REMOVE the fake AVG file someway and keep my files. because then I'm just going to reformat the main drive. HELP PLEASE!!! and I've searched all over and no mac users have reported this issue, hopes this posting and hopefully it's solution will help others.

First of all, you do not have a virus nor is AVG a virus. There are no viruses in the wild that can infect your Mac. There is malware but none that can unmount your hard drive.

What do you mean "sub disk"? Are you referring to an external hard drive or are you talking about your main hard drive? Also, without further information it's difficult to try to offer help.

We need the model # of your 2011 MacBook Pro and which version of OS X you're running on it. And please do not place your email address in a public forum post. Spam bots will gather it in and you'll start receiving all sorts of junk spam. We removed the email address.

hi chscag, thanx for the fast reply. my model # is A1278 but I bought the higest configuration so that changed some things. here's a link to my model's configuration: MacBook Pro (13-inch, Early 2011) - Technical Specifications.

and I IM so much on so many private and public sites that I should know better than to list my email on a public form page. thanx for removing it for me.

and what I meant was that it wasn't the real AVG app, it was a fake and they tried to get my credit card info when I called their service #. I hung up. and both my computers that I put that malware on went out at the same time. my pc laptop won't even reboot from the windows 7 32 bit system recorvery disc that I ordered from ACATS off of amazon. so that means I have to order a windows 7 disc to boot it up.

and yes, I meant my main hard drive. apple agents refer to it as the sub disk that "contains" the files. and it displays below the main hard drive image in the display tree.

well the specifics of what happened is, for my macbook pro, I downloaded the imposter AVG and never opened it from the download. my macbook started slowing down while I was downloading it to my pc laptop. then the macbook became slower and slower so I shut it down. when I tried to reboot it it went into a long paused gray/blue screen. so I shut it down again and went into utility mode and discoverd that my main hard drive was showing fine but the memory part the "sub disk" which I hadn't named so it's still Disk0s2, is in grey. so when I clicked on it to verify and repair it said that it wasn't mounted. and the repair could work because of some errors. I didn't have a back up for the files that I recently created over the past 2 weeks and I NEED those. the others are saved to cloud services. I haven't backed up to the Time Machine yet. so that's not an option for me. I'll post the errors to the main hard drive here in a few minutes.

Are you able to boot your MacBook Pro to Recovery? Restart and hold down the command and r keys at the same time. Once in recovery, enter utilities, select Disk Utility and verify your main hard drive (Macintosh HD). You can't unmount the recovery partition nor the EFI partition because your MacBook Pro will be booted from them.

Let us know the results of verify procedure or if any repairs to the drive were made at the same time.

no, I tried that a few days ago. and it still won't boot into recovery. I tried the Unix "dd" program to save the disk files to my flash drive. no luck. I'm using the disk utility's internet, so it's very limited as u know and can't download. so I'm also using my phone's web. I'm sure there's nothing else to be done but just take the loss of a few years worth of graphics I created. won't be able to recreate all those files and my university studies and notes LOL. should've known this would happen. but thank you SOOO MUCH for your help. I can't find anything else on the subject myself with this particular fake AVG malware

when I tried a restore on the main hard drive, the 1st 2 times it showed a partition error. then it showed no errors on the third pass. but again the disk0s2 upon running the repair, results showed 'invalid record count' twice, 'catalog file entry not found for extent', 'the volume could not be verified completely.' and 'error: disk utility can't repair this disk....disk and restore'

oh and I just read that the sub disk is actually the partition that holds the files that I created. so there is a way to salvage them. but I'm still not sure how to do that with this particular malware. so I've decided not to give up just yet on saving my hard drive and it's memory. any suggestions in the light of these developements PLEASE let me know chscag. THANX!

areddesign said:

oh and I just read that the sub disk is actually the partition that holds the files that I created. so there is a way to salvage them. but I'm still not sure how to do that with this particular malware. so I've decided not to give up just yet on saving my hard drive and it's memory. any suggestions in the light of these developements PLEASE let me know chscag. THANX!

Click to expand...

What files you created? What malware? What hard drive and its memory?
I'm sorry to be the one to say this - we don't have a clue what you're talking about. Please tell us more about what you see and less about jargon you've read on the internet.

Please slow down - don't panic, and don't get ahead of the simple facts you see. Answer chscag's suggestions/questions. Going to Recovery mode isn't something you can just ignore if it didn't work the first time.
http://support.apple.com/kb/ht4718

Old Yesterday, 05:51 PM
downloaded a fake version of AVG on my macBook pro and the pc version for my laptop. and the virus has unmounted my disk that has all of my files on it. the sub disk below the main mac drive, mine's the 750 toshiba, bought my macbook May 2011 so 3year apple care is over and paid them $19.95 just to tell me that they didn't know **** and to bring it in so that they could charge me hundreds of $s just to reformat my drive and NOT be able to touch my files to save them because of their policies on personal data. so does anyone have any ideas how to save and copy my files to a flash drive. the sub disk with my files on it shows in gray and it says that the disk needs to be repaired but it can't. I just want a way to get to the files and then REMOVE the fake AVG file someway and keep my files. because then I'm just going to reformat the main drive. HELP PLEASE!!! and I've searched all over and no mac users have reported this issue, hopes this posting and hopefully it's solution will help others.
Last edited by chscag; Yesterday at 06:24 PM. Reason: Removed email address.
QUOTE MULTIQUOTE OFF Quick reply to this message
chscag
#2 (PERMALINK) Add to chscag's Reputation Report Post


chscag's Avatar

Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 38,695
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, 3 iPods, OS X Mavericks

chscag is offline
Old Yesterday, 06:30 PM
First of all, you do not have a virus nor is AVG a virus. There are no viruses in the wild that can infect your Mac. There is malware but none that can unmount your hard drive.

What do you mean "sub disk"? Are you referring to an external hard drive or are you talking about your main hard drive? Also, without further information it's difficult to try to offer help.

We need the model # of your 2011 MacBook Pro and which version of OS X you're running on it. And please do not place your email address in a public forum post. Spam bots will gather it in and you'll start receiving all sorts of junk spam. We removed the email address.
COMMUNITY RULES
QUOTE MULTIQUOTE OFF Quick reply to this message
areddesign
#3 (PERMALINK) Add to areddesign's Reputation Report Post


Member Since: Mar 13, 2012
Location: chicago, IL
Posts: 5
areddesign is on a distinguished road
Mac Specs: macBook Pro A1278 MC724 XX4/A

areddesign is online now
Old Today, 10:38 AM
hi chscag, thanx for the fast reply. my model # is A1278 but I bought the higest configuration so that changed some things. here's a link to my model's configuration: MacBook Pro (13-inch, Early 2011) - Technical Specifications.

and I IM so much on so many private and public sites that I should know better than to list my email on a public form page. thanx for removing it for me.

and what I meant was that it wasn't the real AVG app, it was a fake and they tried to get my credit card info when I called their service #. I hung up. and both my computers that I put that malware on went out at the same time. my pc laptop won't even reboot from the windows 7 32 bit system recorvery disc that I ordered from ACATS off of amazon. so that means I have to order a windows 7 disc to boot it up.

and yes, I meant my main hard drive. apple agents refer to it as the sub disk that "contains" the files. and it displays below the main hard drive image in the display tree.

well the specifics of what happened is, for my macbook pro, I downloaded the imposter AVG and never opened it from the download. my macbook started slowing down while I was downloading it to my pc laptop. then the macbook became slower and slower so I shut it down. when I tried to reboot it it went into a long paused gray/blue screen. so I shut it down again and went into utility mode and discoverd that my main hard drive was showing fine but the memory part the "sub disk" which I hadn't named so it's still Disk0s2, is in grey. so when I clicked on it to verify and repair it said that it wasn't mounted. and the repair could work because of some errors. I didn't have a back up for the files that I recently created over the past 2 weeks and I NEED those. the others are saved to cloud services. I haven't backed up to the Time Machine yet. so that's not an option for me. I'll post the errors to the main hard drive here in a few minutes.
EDIT QUOTE MULTIQUOTE OFF Quick reply to this message
chscag
#4 (PERMALINK) Add to chscag's Reputation Report Post


chscag's Avatar

Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 38,695
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, 3 iPods, OS X Mavericks

chscag is offline
Old Today, 12:52 PM
Are you able to boot your MacBook Pro to Recovery? Restart and hold down the command and r keys at the same time. Once in recovery, enter utilities, select Disk Utility and verify your main hard drive (Macintosh HD). You can't unmount the recovery partition nor the EFI partition because your MacBook Pro will be booted from them.

Let us know the results of verify procedure or if any repairs to the drive were made at the same time.
COMMUNITY RULES
QUOTE MULTIQUOTE OFF Quick reply to this message
areddesign
#5 (PERMALINK) Add to areddesign's Reputation Report Post


Member Since: Mar 13, 2012
Location: chicago, IL
Posts: 5
areddesign is on a distinguished road
Mac Specs: macBook Pro A1278 MC724 XX4/A

areddesign is online now
Old Today, 04:29 PM
no, I tried that a few days ago. and it still won't boot into recovery. I tried the Unix "dd" program to save the disk files to my flash drive. no luck. I'm using the disk utility's internet, so it's very limited as u know and can't download. so I'm also using my phone's web. I'm sure there's nothing else to be done but just take the loss of a few years worth of graphics I created. won't be able to recreate all those files and my university studies and notes LOL. should've known this would happen. but thank you SOOO MUCH for your help. I can't find anything else on the subject myself with this particular fake AVG malware
EDIT QUOTE MULTIQUOTE OFF Quick reply to this message
areddesign
#6 (PERMALINK) Add to areddesign's Reputation Report Post


Member Since: Mar 13, 2012
Location: chicago, IL
Posts: 5
areddesign is on a distinguished road
Mac Specs: macBook Pro A1278 MC724 XX4/A

areddesign is online now
Old Today, 04:55 PM
when I tried a restore on the main hard drive, the 1st 2 times it showed a partition error. then it showed no errors on the third pass. but again the disk0s2 upon running the repair, results showed 'invalid record count' twice, 'catalog file entry not found for extent', 'the volume could not be verified completely.' and 'error: disk utility can't repair this disk....disk and restore'
EDIT QUOTE MULTIQUOTE OFF Quick reply to this message
areddesign
#7 (PERMALINK) Add to areddesign's Reputation Report Post


Member Since: Mar 13, 2012
Location: chicago, IL
Posts: 5
areddesign is on a distinguished road
Mac Specs: macBook Pro A1278 MC724 XX4/A

areddesign is online now
Old Today, 06:30 PM
oh and I just read that the sub disk is actually the partition that holds the files that I created. so there is a way to salvage them. but I'm still not sure how to do that with this particular malware. so I've decided not to give up just yet on saving my hard drive and it's memory. any suggestions in the light of these developements PLEASE let me know chscag. THANX!
EDIT QUOTE MULTIQUOTE OFF Quick reply to this message
gsahli
#8 (PERMALINK) Add to gsahli's Reputation Report Post


Member Since: Dec 11, 2010
Posts: 1,020
gsahli is a jewel in the roughgsahli is a jewel in the roughgsahli is a jewel in the rough

gsahli is offline
Old Today, 07:53 PM
Quote:
Originally Posted by areddesign View Post
oh and I just read that the sub disk is actually the partition that holds the files that I created. so there is a way to salvage them. but I'm still not sure how to do that with this particular malware. so I've decided not to give up just yet on saving my hard drive and it's memory. any suggestions in the light of these developements PLEASE let me know chscag. THANX!
What files you created? What malware? What hard drive and its memory?
I'm sorry to be the one to say this - we don't have a clue what you're talking about. Please tell us more about what you see and less about jargon you've read on the internet.

Please slow down - don't panic, and don't get ahead of the simple facts you see. Answer chscag's suggestions/questions. Going to Recovery mode isn't something you can just ignore if it didn't work the first time.
OS X: About OS X Recovery

and yes I did try the restore several times since the posting before that and have tried it still till this posting. I posted all of the above conversations I had with chscag just in case u missed what I actually divulged about my situation. and I thank you deeply for your encouragment to continue to fight for the answers. and when u read our chat history maybe you'll understand why I posted my so called "jargon". thanx and hope to hear from u soon

Simply repeating the jargon over and over doesn't help. Copying what was already visible to everybody in this thread wasted time and space.

Let's go back to basics. How many disks are in the machine? How are/were they partitioned? How much space do you think each one had free before this all started? Had you gotten any error messages prior to the problem? It cannot be AVG that caused the problem because you never ran it and under OSX, applications cannot install anything without your permission. So the failure of the drive is highly unlikely to be directly associated with the AVG download.

From what I can see, the HD failed. It lost partitioning information in that failure. You may be able to rescue the files on the drive, but it will be painful and expensive to do so. Products like Data Rescue 3 can search the drive for files it may be able to recover, but it won't know the filenames or directory structure as that data is probably gone in the drive failure. But it will make a good attempt to recover what it can and then you'll have to go through all of what it finds to trash the useless stuff, rename to good stuff and put it where you want it. DR3 is pretty expensive, but it does work as advertised.

ok, I only reposted because I don't want to repeat over and over again the same things u just asked me. I'm not sure if you're actually reading what I said happened or skimming thru. I really do appreciate your help but I actually pasted a link to the specs of my macbook pro and that does list how many disks I have. and at the time I had 4GB of space free on the main drive I was using. AND, AND AND LET ME MAKE THIS CLEAR ONCE AND FOR ALL. MY PC DELL LAPTOP FAILED AT THE SAME TIME AFTER I PUT THE SAME, now please please please pay CLOSE ATTENTION TO THIS PART:
THE SAME f a k e, not the real AVG Anti-Virus software. it looked just like the interface that was shown on my local cable news station on channel 9 called WGN Morning News they have a segment called the at&t tech report here's a link to part of the report I saw: Best, Free Antivirus Programs | AT&T Tech ReportAT&T Tech Report
onto my Dell PC that I use for non image files like MS office files and some web things from time to time. my macBook and dell laptop are NOT networked, they share NO FILES I don't even wifi files between them. my macbook pro was slowing down so I turned to my dell to look on the web to see if there were instructions that might help with this when the f a k e AVG file after I had allowed it to open started doing pop ups with warnings of viruses that should be deleted by it's software. I allowed it to so, but it kept doing more pop ups. so I went in it's settings to see if it had a disable for the pop ups and found that it didn't have a way to do so or QUIT the program. I deleted the program and a minute latter my dell shut down on it's own saying the system is shutting down. I tried to restart it but it wouldn't not, not even in safe mode.

WHEN I CALLED THE NUMBER LISTED ON THE SITE FOR TECH SUPPORT THEY HAD ME GO THRU THE USUAL DIAGNOSTICS WITH COMMAND R AND START AND ALL THE OTHERS. all that didn't work THEY TRIED TO GET MY CREDIT CARD INFO TO CHARGE ME $99.95 TO FIX THIS ISSUE. THE GUY DIDN'T EVEN PAUSE AFTER THE FINAL DIAGNOSTIC TO ASK FOR MY CREDIT CARD INFO, I hung up. they called me back immediately from 3 different states, so that means they were using a net caller. so when I reported the # the web site dissapeared AND the number disconnected. so I'm leaning toward this being malware. and it probably won't show up in my files with that actuall name but I can track it by date as it was the last thing I downloaded.

my main hard drive's memory partition was damaged by the malware highjacking. my dell memory is completely wiped out and it wouldn't go back to the restore points. windows 7 was wiped out completely and the windows 7 recovery disc didn't work, LOL. so I had to reinstall windows. but the files are small MS office files that are save in my email.

u mentioned DR3, and that's the best way that I'm going to restore most of my files because the Catalog file entry couldn't be found. so that means the best recovery will be as deleted files. but hopefully it's just that the partition has been moved or something but it sounds like it's been overwritten or damaged.