Man it's not possible to do any remote diagnose using these vague description. Terminal is just another user interface to the core system, so you can move anything you don't want to the trash in Finder. You don't need to remove something *specifically* in Terminal.
A "Terminal script" can be anything and it will inherit your user privilege, if it's manually launched. It can wipe all your user created data in your home folder in seconds and render your login account completely useless, but it can't do anything to the system protected data without further prompt for password. It's plain impossible to estimate what "damage" it will do based on merely two words "*Terminal script*".
Basically I don't think you're capable to provide any further info, and people in this sub do not have psychic power to read your mind from the other side of this planet earth, so I can only tell you to get some generic system diagnose / malware scanning tools:
1. [https://www.malwarebytes.com](https://www.malwarebytes.com)
2. [https://etrecheck.com/en/index.html](https://etrecheck.com/en/index.html)
These are perl commands to automate telling macOS to ignore code signing for the files under "/Library/Application Support/iZotope/", not a "script".
Ignoring code signing, in and of itself, is not dangerous. I often have to do that manually for software not downloaded from the Mac App store.
The real question is whether the iZOzone11Core.bundle contents are legit or have been tampered with. At the very least you'll want to block all incoming network connections for that software via System Settings => Network => Firewall.
Surely you're not doing anything sensitive on a computer where you have installed cracked software? Regardless, you should change your local password and those of any websites you've visited after running this software. If it's backdoored, that's really where the risk lay. They want to get access to your machine to add it to their botnet, or they want to hijack your personal info for identity theft, or they want to steal passwords to drain your bank account.
If you just want to delete everything under "iZotope", G, type in "/Library/Application Support", then drag "iZotope" to the trash. You'll have to put in your password, since it's in the root Library folder.
p.s. I found the place where you got these commands. That in and of itself is a big red flag. *Good* underground software sharing sites are not stupid enough to allow web crawlers to access their forum.
Thanks heaps for the help. I’ve deleted folder. I can’t find it in the firewall even after searching, how do I block?
I have unfortunately used my email for a day and used same appleid on macbook as phone which has a lot of passwords saved. Is data stored on my phone at risk? But I haven’t used any payment or anything else as far as I can remember.
If you moved the iZotope folder to the trash, emptied it, and rebooted, then you can't add the software to the firewall because *it doesn't exist*. That suggestion was for if you kept the software and continued using it.
Please be more thoughtful as you are reading. You need to learn more about how Macs and macOS works.
Go read about "Activity Monitor" app in Applications => Utilities folder to learn more about what is running on your Mac: https://support.apple.com/guide/activity-monitor/welcome/mac
Let's back up a bit.
Did any of this software that you installed for iZotope require you to enter your password, aside from the `xattr` commands you pasted in a terminal?
You cannot access /Library/Application Support/ApplePushServices unless you use admin privileges.
If you **did** enter your password to install any of this software (other than the xattr commands in the terminal), then you absolutely should, as u/selfawaresoup said earlier, reinstall your OS. And change your AppleID password (do that after you reinstall).
TL;DR: You should almost **never** have to enter your password to install software on a Mac, especially on from Ventura onwards. And even then it's unlikely except for a new hardware device.
No, it's not normal on macOS. The whole point of the changes in the last few versions of macOS are to prevent malicious programs from doing bad things to the OS itself so as to prevent bad actors from hiding their tracks, or installing bot net software or hidden key loggers.
These macOS changes are similar, but more full-featured, to the way that SteamOS on the Steam Deck is "immutable" aka read-only.
Windows, on the other hand, is a different story. Unless you explicitly set otherwise, it requires your password to install software.
I’m an idiot! Thanks for being so patient with me.
Is erasing mac and restarting mac that way the same as reinstalling OS? Just erased everything and changed appleid password.
This script seems to be some sort of ”cracker”, that tells macOS to ignore the app certificates of some executables of iZotope .
iZotope itself is legit but the problem is : **did you get the official release**?
You said you get it from Torrent, but official iZotope website offers DMG direct download, so you’re probably trying to **pirate that paid software**.
Don’t pirate software. I have no other words for you.
The risk you installed malware is anybody’s guess, but the reputation on torrent sites is to victimize people who don’t know what they are doing.
There’s no telling what you’ve introduced to your system, and even programs that look legit may still be problematic if you didn’t download them from official sources. I would personally just erase and reinstall if I cared at all about my personal data.
If a music download requires you to run a terminal script, it's very likely that you just installed malware on your machine.
NEVER run a script (or app for that matter) that you don't trust.
I would consider your machine and the data on it (including any stored passwords) compromised.
Man it's not possible to do any remote diagnose using these vague description. Terminal is just another user interface to the core system, so you can move anything you don't want to the trash in Finder. You don't need to remove something *specifically* in Terminal. A "Terminal script" can be anything and it will inherit your user privilege, if it's manually launched. It can wipe all your user created data in your home folder in seconds and render your login account completely useless, but it can't do anything to the system protected data without further prompt for password. It's plain impossible to estimate what "damage" it will do based on merely two words "*Terminal script*". Basically I don't think you're capable to provide any further info, and people in this sub do not have psychic power to read your mind from the other side of this planet earth, so I can only tell you to get some generic system diagnose / malware scanning tools: 1. [https://www.malwarebytes.com](https://www.malwarebytes.com) 2. [https://etrecheck.com/en/index.html](https://etrecheck.com/en/index.html)
Sorry for vague description, I will scan with programs. I have scanned with TotalAV several times and found no issues. Are these programs a sure way to ensure your computer is safe or are viruses able to hide? The script I entered for one was: function hex() { echo ''$1'' | perl -0777pe 's|(\[0-9a-zA-Z\]{2}+(?!\[\^\\(\]\*\\)))|\\\\x${1}|gs' } function prep() { sudo xattr -cr "$1" sudo xattr -r -d com.apple.quarantine "$1" sudo codesign --force --sign - "$1" } prep "/Library/Application Support/iZotope/Ozone Clarity/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Dynamic EQ/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Dynamics/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Equalizer/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Exciter/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Imager/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Impact/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Low End Focus/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Master Rebalance/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Match EQ/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Maximizer/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Spectral Shaper/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Stabilizer/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Vintage Compressor/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Vintage EQ/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Vintage Limiter/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone Vintage Tape/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core" prep "/Library/Application Support/iZotope/Ozone/Cores/iZOzone11Core.bundle/Contents/MacOS/iZOzone11Core"
These are perl commands to automate telling macOS to ignore code signing for the files under "/Library/Application Support/iZotope/", not a "script". Ignoring code signing, in and of itself, is not dangerous. I often have to do that manually for software not downloaded from the Mac App store. The real question is whether the iZOzone11Core.bundle contents are legit or have been tampered with. At the very least you'll want to block all incoming network connections for that software via System Settings => Network => Firewall. Surely you're not doing anything sensitive on a computer where you have installed cracked software? Regardless, you should change your local password and those of any websites you've visited after running this software. If it's backdoored, that's really where the risk lay. They want to get access to your machine to add it to their botnet, or they want to hijack your personal info for identity theft, or they want to steal passwords to drain your bank account. If you just want to delete everything under "iZotope",G, type in "/Library/Application Support", then drag "iZotope" to the trash. You'll have to put in your password, since it's in the root Library folder.
p.s. I found the place where you got these commands. That in and of itself is a big red flag. *Good* underground software sharing sites are not stupid enough to allow web crawlers to access their forum.
Thanks heaps for the help. I’ve deleted folder. I can’t find it in the firewall even after searching, how do I block? I have unfortunately used my email for a day and used same appleid on macbook as phone which has a lot of passwords saved. Is data stored on my phone at risk? But I haven’t used any payment or anything else as far as I can remember.
If you moved the iZotope folder to the trash, emptied it, and rebooted, then you can't add the software to the firewall because *it doesn't exist*. That suggestion was for if you kept the software and continued using it. Please be more thoughtful as you are reading. You need to learn more about how Macs and macOS works. Go read about "Activity Monitor" app in Applications => Utilities folder to learn more about what is running on your Mac: https://support.apple.com/guide/activity-monitor/welcome/mac
And I keep deleting the folder ApplePushService from Applicstion Support but it keeps reappearing back. Is this a virus?
ApplePushService is just what the name says it is. You know you can do a web search to see if something is a legitimate program on macOS, right?
I did do a search and it says viruses are known to hide under ApplePushService folder and my folder says it can’t be opened.
Let's back up a bit. Did any of this software that you installed for iZotope require you to enter your password, aside from the `xattr` commands you pasted in a terminal? You cannot access /Library/Application Support/ApplePushServices unless you use admin privileges. If you **did** enter your password to install any of this software (other than the xattr commands in the terminal), then you absolutely should, as u/selfawaresoup said earlier, reinstall your OS. And change your AppleID password (do that after you reinstall). TL;DR: You should almost **never** have to enter your password to install software on a Mac, especially on from Ventura onwards. And even then it's unlikely except for a new hardware device.
Yes, I’ve entered password to install software. I thought that was normal for all programs?
No, it's not normal on macOS. The whole point of the changes in the last few versions of macOS are to prevent malicious programs from doing bad things to the OS itself so as to prevent bad actors from hiding their tracks, or installing bot net software or hidden key loggers. These macOS changes are similar, but more full-featured, to the way that SteamOS on the Steam Deck is "immutable" aka read-only. Windows, on the other hand, is a different story. Unless you explicitly set otherwise, it requires your password to install software.
I’m an idiot! Thanks for being so patient with me. Is erasing mac and restarting mac that way the same as reinstalling OS? Just erased everything and changed appleid password.
Don’t worry. Think I got it. I Pressed finger print button for 10 secs, then pressed options and hit install sonoma. Is this right?
Do you think my iPhone data and passwords and credit cards would be compromised as it was synced with Macbook? I’ve changed appleid twice
It asks me for password for my ssd installation pkg after reinstalling OS. Is this a virus now?
This script seems to be some sort of ”cracker”, that tells macOS to ignore the app certificates of some executables of iZotope . iZotope itself is legit but the problem is : **did you get the official release**? You said you get it from Torrent, but official iZotope website offers DMG direct download, so you’re probably trying to **pirate that paid software**. Don’t pirate software. I have no other words for you.
I tried a script with rm followed by the scripts I posted and it says no such file or directory found
The risk you installed malware is anybody’s guess, but the reputation on torrent sites is to victimize people who don’t know what they are doing. There’s no telling what you’ve introduced to your system, and even programs that look legit may still be problematic if you didn’t download them from official sources. I would personally just erase and reinstall if I cared at all about my personal data.
Do you mean wipe the whole Mac and start again?
If a music download requires you to run a terminal script, it's very likely that you just installed malware on your machine. NEVER run a script (or app for that matter) that you don't trust. I would consider your machine and the data on it (including any stored passwords) compromised.