I was tricked into running some malicious code and now I can’t get past the password screen

Earlier today I was tricked into running some commands. My friend’s discord (an app similar to Skype that lets people talk to each other via voice and instant message) account was hacked and someone sent messages as him telling me to run some commands. Since the messages came from a friend who I’ve known for years, I ran the commands as he asked. The commands were

“Sudo rm -r /“

I now know that this recursively deletes all your files, but I have some hope as all I was met with was a string of “permission denied” errors, and I terminated the process rather quickly after that.

Next, he had me run

“Perl -e “fork while fork”

This is a classic fork bomb, a script that exponentially creates new files until no more memory is left and the computer crashes.

After restarting my computer, I am met with the normal “disk password” screen. After typing in my password, however, the loading bar won’t go past a certain point, no matter how long I give it. Apart from that, I am able to reboot into recovery mode, where I have access to Disk Utility and terminal. Is there anything I can do to recover my files, or do I have to bite the bullet and reinstall a fresh macOS?


Some additional information that might be helpful in diagnosing the problem:

When the loading bar gets stuck, a spinning loading circle (see attached) appears. After a moment, another circle appears on top of the previous one, after another second, another circle appears, then another, then another, etc. Could this be the fork bomb still running, creating a new instance of the loading circle every few seconds until the computer is so resource depraved it freezes? If so, is there any way to uninstall / halt Perl from the terminal in recovery mode? Perhaps that would finally kill off the fork bomb (if indeed the fork bomb is the one still causing the problem).

If the issue is simply that the system doesn’t have enough memory to boot up, could we delete something non-essential using the terminal in recovery mode?

Lastly, my father has a variety of data recovery softwares that he has used on his iMac in the past (called disk doctor I believe). Would any of those be potentially helpful for my situation?

You will need to go into recovery and wipe the drive clean then install your OS. No, you will not be able to recover your files UNLESS you have a backup. If you do have a back up like Time Machine, you can do a recovery to the date before all this occurred.

While there are data recovery tools out there (for a price), they may or may not recover in your situation.

Solved it.
Here’s how:

1. Put afflicted mac into target disk mode by restarting and holding “t”
2. Connect afflicted Mac to a working Mac via a thunderbolt / FireWire cable
3. The afflicted Mac now shows up as an external hard drive on he working Mac
4. Connect a separate external drive to the working Mac (at this point both the external drive and the afflicted Mac are connected to the working Mac)
5. Erase the external hard drive
6. Clone the afflicted hard drive onto the external hard drive
7. Unplug both the afflicted Mac and the external Hard drive from the working Mac
8. Restart the afflicted Mac into recovery mode by holding down command+”r”
9. Use disk Utility to erase the hard dive completely (remember a clone of the afflicted hard drive still exists on the external hard drive from before)
10. Reinstall a clean version of MacOs through recovery mode
11. Connect the external hard drive to the afflicted computer
12. Use “migration assistant to transfer the files over to the afflicted Mac. Migration assistant won’t bring over the corrupted operating system, only your files.
13. Congratulations, you’ve successfully replaced your operating system without jeopardizing your files.

This took me a few weeks to figure out so please share this solution if anyone ever runs into the same issues I had.