How can I find all the modifications and installations done by a spam dmg?

macos install dmg system-information

Solution 1:

In general it is not possible to figure out after the fact what was done - unless you have backups.

If you have a recent backup from just before the installation, you can do a comparison with your current system to locate the differences. This is the “safest” method (I.e. least likely to miss something).

It is also possible to analyze the installer file itself - but modern malware tend to receive instructions from a server on what to do on the target system. Such instructions might have changed since you installed.

Solution 2:

I recommend Pacifist from Charlessoft. This will open any .pkg file and show you the files, and where they will be installed to. You can also inspect pre- and post- install shell scripts, if present, and see what they do.

Related

Does "Reset Network Settings" affect all devices?
Tried to use bash arrays but for some reason this fails?
Prevent files in a folder from being moved?
Disable Waiting for Activation Popup
MacBook Pro Function key + Command/Option hotkeys problem [duplicate]
Mac OS (High Sierra 10.13.6) volume control spontaneously runs; can I disable it?
Pointless USB on my Apple Monitor?
Selling water damaged MacBook Air 2017: Is it safe to simply remove the SSD?
Outlook for Mac 2011 - how to delete buggy email in outbox that crashes Outlook
How to create HFS partition on Windows 7 machine
How can I generate iOS screenshots without using a simulator?
Removing User from Single User Mode Fails - MacOS 10.14