How to recover files from the home directory that malware removed on OS X 10.10.5 Yosemite?

macos data-recovery malware

Solution 1:

After some deep investigations we come to the preliminary conclusion that the culprit wasn't any malware but an unhappy coincidence involving org.macosforge.xquartz.startx.plist, .bashrc and an xrd --merge ~/.Xdefaults command. Since all those files were deleted, we don't have hard evidence though.

Said .bashrc is derived from a (Linux-)precursor. It was heavily adapted to work with OS X.

The XQuartz service started to delete files with rm in the root folder after reading in the ~/.bashrc triggered by the xrd command. Most rms weren't successful because of missing user permissions. Most of the user data was deleted though.

After creating a recovery thumb drive with Data Rescue 4 (the Bootwell feature) a deep scan found a lot of deleted files. The most important files couldn't be recovered.

Related

On my iPad, how can I tell if a website is secure on Safari?
Why do I have IPv6 listeners when IPv6 is disabled?
How to backup photos app on Mac?
How do I view 2 apps as a multitasking Split View on an iPad Air 2 running iOS 9?
How to reset the Master Password without current password on OS X?
How to downgrade iPhone 4S from iOS 9.0.1 to iOS 7.1.2? [duplicate]
Microsoft Outlook for Mac 2011 "Not Responding" after upgrade to Mac OS X 10.11 El Capitan
blank green screen in Preview
Cannot install Xcode 7
A Cisco AnyConnect VPN alternative for Mac?
If I turn off Photo stream will I lose photos?
Photo Metadata Editing / Editor