Hey Guys,
I am new in this forum but a long time mac user. I got a question and I am hoping you might be able to help me.
My general question is: Is it possible for malware etc. to be present on the EFI partition and thus survive a format of the regular partition?
If not: Is information about previously connected bluetooth devices saved on the bluetooth module and not the harddrive?
Let me briefly explain the circumstances.
I bought a new Macbook Pro 2015 13". I was looking for a used 2,9 GHz model with 16 Gb of RAM and 512 GB SSD. Since those are really hard to find (ebay, refurbished stores etc), I also looked on Ebay in other countries of the EU. In the end I got one for a decent price on Ebay UK. The vendor looked a bit sketchy but good a long history of good reviews. What made me mistrustful was a bunch of things: general appearance, no box included, new charging cable, he didnt answer for my question of the serial number to check somehow whether it might be stolen, full version of Office and Carbon Copy Cloner installed). On the other hand was the laptop also nearly new (only 22 battery cycles). I was sceptical but decided to purchase it anyways. I am are careful person and aware that professionals might be able to use this scenario to extract data when a preinstalled OS is used.
I checked for signs of use etc. I just saw a long list of known Bluetooth devices, some were named.
I wanted to completely wipe the harddrive but could not get DBAN or Partition Magic running due to UEFI. So I just booted into recovery (from the internet) and format the partition (a recovery partition was not present). I used a clean installation file I put on a USB stick using my old macbook. Everything looked fine so I continued setting up the system. I also installed Bootcamp and windows 10. When I was running windows 10 through VMWare Fusion. When I entered the bluetooth tab it showed a connected Bluetooth device. What shocked me was that the device had the same name as before the disk format and fresh install. How is that possible?
And I am very sure that the BT device in not located at my home. It does not show on my other devices. And the name was xy's mouse. "XY" is was a Asian name and there are no Asian people living nearby.
How could data remain (in the best case just data in the worst case spyware or similar)? Considering that the following was given:
- formatted the partition
- no recovery partition present
- used a new install file on a formated USB stick.
- Installation of High Sierra changed the partition from HFS+ to APFS
- have Avast Antivirus running
I hope you guys can help me since I am getting a bit paranoid here
I am new in this forum but a long time mac user. I got a question and I am hoping you might be able to help me.
My general question is: Is it possible for malware etc. to be present on the EFI partition and thus survive a format of the regular partition?
If not: Is information about previously connected bluetooth devices saved on the bluetooth module and not the harddrive?
Let me briefly explain the circumstances.
I bought a new Macbook Pro 2015 13". I was looking for a used 2,9 GHz model with 16 Gb of RAM and 512 GB SSD. Since those are really hard to find (ebay, refurbished stores etc), I also looked on Ebay in other countries of the EU. In the end I got one for a decent price on Ebay UK. The vendor looked a bit sketchy but good a long history of good reviews. What made me mistrustful was a bunch of things: general appearance, no box included, new charging cable, he didnt answer for my question of the serial number to check somehow whether it might be stolen, full version of Office and Carbon Copy Cloner installed). On the other hand was the laptop also nearly new (only 22 battery cycles). I was sceptical but decided to purchase it anyways. I am are careful person and aware that professionals might be able to use this scenario to extract data when a preinstalled OS is used.
I checked for signs of use etc. I just saw a long list of known Bluetooth devices, some were named.
I wanted to completely wipe the harddrive but could not get DBAN or Partition Magic running due to UEFI. So I just booted into recovery (from the internet) and format the partition (a recovery partition was not present). I used a clean installation file I put on a USB stick using my old macbook. Everything looked fine so I continued setting up the system. I also installed Bootcamp and windows 10. When I was running windows 10 through VMWare Fusion. When I entered the bluetooth tab it showed a connected Bluetooth device. What shocked me was that the device had the same name as before the disk format and fresh install. How is that possible?
And I am very sure that the BT device in not located at my home. It does not show on my other devices. And the name was xy's mouse. "XY" is was a Asian name and there are no Asian people living nearby.
How could data remain (in the best case just data in the worst case spyware or similar)? Considering that the following was given:
- formatted the partition
- no recovery partition present
- used a new install file on a formated USB stick.
- Installation of High Sierra changed the partition from HFS+ to APFS
- have Avast Antivirus running
I hope you guys can help me since I am getting a bit paranoid here
Last edited: