1

I have done a foolish thing. I deleted private/var folder due to malware I was after. I immediately felt that strange things are beginning to happen so I pressed cmd+Z to reverse action. The computer frezzed so I shut it and rerun it. Now I cant relaunch it, because it shuts down while it is loading into my user account.

So I went to single user mode and and tried to copy the var folder from .Trashes to private folder. The problem is that .Trashes seem to be empty. Meaning that cmd-Z worked, which would mean that var folder is back in place. But the computer doesnt start. Does ls command dosnt show files in trash? What seems to be the problem?

Also, if this doesnt work, I am gonna have to copy important files to external disc from Single user mode. What is the path to external harddrive?

EDIT > private/var does indeed have content. I am now getting confused. Did the system put some content in there for me?

sanjihan
  • 2,705
  • How did you delete it. Note that delete does not put things in Trash - in Finder Move to Trash does. – mmmmmm Apr 25 '16 at 10:40
  • with cmd-backspace – sanjihan Apr 25 '16 at 10:42
  • That would have required you to enter an admin password as well – mmmmmm Apr 25 '16 at 10:43
  • It did. An antivirus program pointed out a file in this folder. I inspected the folder and there were a lot of files that I knew were malware. Deleted the entire folder. I am amazed by my stupidity :D – sanjihan Apr 25 '16 at 10:47
  • In tat case restore from an old backup - before the malware was installed - I'll delete m=y answer as that changes everything - please put the reason in your question – mmmmmm Apr 25 '16 at 10:49
  • Your answer was good and no reason to delete it. I am wondering, if someone else gave me the private/var folder, and I paste the contents into my private/var..would that work? – sanjihan Apr 25 '16 at 11:02
  • No. The best way would be recover from your own backup. Parts of private/var will regenerate, but not all & not to the state they were in previously. – Tetsujin Apr 25 '16 at 11:09
  • My answer is wrong - if affected by malware you must assume all executable files are corrupted and start from scratch or from a known good state – mmmmmm Apr 25 '16 at 11:17

1 Answers1

3

If you assume a malware infection, by all means reinstall the OS by rebooting into the Recovery Partition with Cmd-R and reinstall from there. This should not affect your existing users (or their files).

See OS X: About OS X Recovery for details about the procedure.

nohillside
  • 100,768