How can I find all the modifications and installations done by a spam dmg?
Solution 1:
In general it is not possible to figure out after the fact what was done - unless you have backups.
If you have a recent backup from just before the installation, you can do a comparison with your current system to locate the differences. This is the “safest” method (I.e. least likely to miss something).
It is also possible to analyze the installer file itself - but modern malware tend to receive instructions from a server on what to do on the target system. Such instructions might have changed since you installed.
Solution 2:
I recommend Pacifist from Charlessoft. This will open any .pkg file and show you the files, and where they will be installed to. You can also inspect pre- and post- install shell scripts, if present, and see what they do.