Birck Cox

Q: Meatpackers.jpg?

Is this a virus? At the root level of my HD (Macintosh HD/Applications-Meatpackers.jpg-Library-System-Users) there appears a series of 8 photos taken, apparently, in a meatlocker. No blood, no carcases, no bodies hanging from hooks, just gloomy photos of  hooks in a foggy room. I trash the photos and they come back the next day. Anybody else got this problem? As far as I can tell, they don't screw things up, but what are they doing there?

Posted on Aug 11, 2014 5:23 AM

Close

Q: Meatpackers.jpg?

  • All replies
  • Helpful answers

Page 1 Next
  • by Linc Davis,

    Linc Davis Linc Davis Aug 11, 2014 5:52 AM in response to Birck Cox
    Level 10 (208,000 points)
    Applications
    Aug 11, 2014 5:52 AM in response to Birck Cox

    Does anyone else have access to the computer? Do you use a VPN client such as "LogMeIn?"

  • by Birck Cox,

    Birck Cox Birck Cox Aug 11, 2014 6:06 AM in response to Linc Davis
    Level 1 (147 points)
    Desktops
    Aug 11, 2014 6:06 AM in response to Linc Davis

    I'm the only user. I didn't recognize VPN or LogMeIn, but I looked them up, and LogMeIn may be the problem. I've had Apple and Adobe tech support sessions lately that-I think-used LogMeIn to remotely control the desktop. Odd that they would leave behind photos of a meatlocker. What do you think?

  • by Linc Davis,

    Linc Davis Linc Davis Aug 11, 2014 6:41 AM in response to Birck Cox
    Level 10 (208,000 points)
    Applications
    Aug 11, 2014 6:41 AM in response to Birck Cox

    LogMeIn is a possible means of network intrusion. Whether it's behind your problem, I can't say for sure, but if you're not using it you should remove it according to the developer's instructions.

  • by Birck Cox,

    Birck Cox Birck Cox Aug 11, 2014 6:53 AM in response to Linc Davis
    Level 1 (147 points)
    Desktops
    Aug 11, 2014 6:53 AM in response to Linc Davis

    I have a good anti-virus package (as far as I know), so your suggestion is likely to be correct. I still have Applecare, fortunately, so I'll give them a call later today with this information. Thank you for the help. If it works, I'll be back to check the green arrow.

  • by Linc Davis,

    Linc Davis Linc Davis Aug 11, 2014 7:04 AM in response to Birck Cox
    Level 10 (208,000 points)
    Applications
    Aug 11, 2014 7:04 AM in response to Birck Cox

    There are no good anti-virus packages. They're all worse than useless. AppleCare will not help you at all. They'll tell you to erase your startup volume and reinstall OS X.

  • by thomas_r.,

    thomas_r. thomas_r. Aug 11, 2014 7:53 AM in response to Birck Cox
    Level 7 (30,924 points)
    Mac OS X
    Aug 11, 2014 7:53 AM in response to Birck Cox

    Birck Cox wrote:

     

    I've had Apple and Adobe tech support sessions lately that-I think-used LogMeIn to remotely control the desktop.

     

    As far as I am aware, Apple tech support representatives will not use LogMeIn to remotely control your computer. I'm unfamiliar with Adobe's support policies, but this also seems unlikely for them to do. I can't entirely rule it out for either company, of course, but it seems far more likely that you have fallen victim to a fake tech support scam. There are numerous companies out there that use advertising tricks to position links to their sites at the top of your search results if you do a web search for something like "Apple support." They will also allow you to believe that they are Apple unless you ask directly. Worse, there are folks who will cold-call you, telling you they have detected problems with your computer in an effort to scam you.

     

    Do you recall where you found the numbers that you called or even what those numbers were? If you have actually given control of your computer to one of these scam companies, you should immediately erase your hard drive and reinstall everything from scratch, or restore to a full-system backup made prior to those tech support calls. There is no anti-virus software in the world that will detect all the possible malicious things they could have done to your system.

  • by Birck Cox,

    Birck Cox Birck Cox Aug 11, 2014 7:57 AM in response to Linc Davis
    Level 1 (147 points)
    Desktops
    Aug 11, 2014 7:57 AM in response to Linc Davis

    If it is a virus, then, obviously, you are right-my anti-virus package didn't work. If it's a leftover from LogMeIn or whatever app the techies at Apple or Adobe used to diagnose whatever they diagnosed on my computer, somebody at Apple may have in idea how to deep-six it. If I have to reformat the drive to get rid of it, it may or may not be worth it. I have TimeMachine and I know how to use it, so it boils down to whether or not I want to lose the use of the computer for  half a day. Thanks for the input.

  • by Birck Cox,

    Birck Cox Birck Cox Aug 11, 2014 8:12 AM in response to thomas_r.
    Level 1 (147 points)
    Desktops
    Aug 11, 2014 8:12 AM in response to thomas_r.

    Thomas R.: The consensus seems to be that I need to reformat the drive. My sources for support and phone numbers are always the software websites. It may have been another supplier. I can't recall when this started or when the last time was that I ceded control to LogMeIn or some other similar operation. Not all that long ago, like  weeks or a month. My aim in calling Applecare is to try to find someone who recognizes the "Meatpackers" M.O. On the other hand, if this is a malware attack, why would the attackers leave this bizarre calling card? If the point is to become a parasite on the computer, why alert the owner? None of this makes sense, but if I need to reformat the drive, I can do it.

  • by thomas_r.,

    thomas_r. thomas_r. Aug 11, 2014 8:34 AM in response to Birck Cox
    Level 7 (30,924 points)
    Mac OS X
    Aug 11, 2014 8:34 AM in response to Birck Cox

    Calling AppleCare is not going to get you anywhere. You'll just be talking to entry-level techs who don't know much more than what their book says. Even if you manage to escalate to a higher-tier support person, it's unlikely they'll have heard of anything relating to "meatpackers." I've been tracking and cataloging Mac malware for years, and I've never heard of anything like this. It's not being caused by any malware that I've ever heard of.

     

    It may be caused by someone with malicious access to your Mac who is trying to play head games with you, but whatever it is is purely incidental to the fact that it sounds like you might have allowed someone untrustworthy to have access to your Mac. If this is actually what happened, that is the larger issue that needs to be addressed.

  • by Birck Cox,

    Birck Cox Birck Cox Aug 11, 2014 8:50 AM in response to thomas_r.
    Level 1 (147 points)
    Desktops
    Aug 11, 2014 8:50 AM in response to thomas_r.

    Okay, I accept the need to reformat the drive. Can you point me to a KB doc that tells me how to go about it so that I don't just re-establish the same malware on the fresh drive?

  • by thomas_r.,

    thomas_r. thomas_r. Aug 11, 2014 9:40 AM in response to Birck Cox
    Level 7 (30,924 points)
    Mac OS X
    Aug 11, 2014 9:40 AM in response to Birck Cox

    Here's some info on my own site about how to do that:

     

    How to reinstall Mac OS X from scratch

     

    I'm not aware of an Apple KB document that tells you how to do it with a mindset of cleaning off anything malicious that might be on the old system.

     

    (Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

  • by Linc Davis,

    Linc Davis Linc Davis Aug 11, 2014 10:15 AM in response to Birck Cox
    Level 10 (208,000 points)
    Applications
    Aug 11, 2014 10:15 AM in response to Birck Cox

    If you know or suspect that a hostile intruder has either had physical access to it, or has been able to log in remotely, then there are some steps you should take to make sure that the computer is safe to use.

    First, depending on the circumstances, computer tampering may be a crime, a civil wrong, or both. If there's any chance that the matter will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. The computer would be the principal evidence in such a case, and you don't want to contaminate that evidence.

    Running any kind of "anti-virus" software is pointless. If I broke into a system and wanted to leave a back door, I could do it in a way that would be undetectable by those means—and I don't pretend to any special skill as a hacker. You have to assume that any intruder can do the same. Commercial keylogging software—which has legitimate as well as illegitimate uses—won't be recognized as malware, because it's not malware.

    The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.

    If you don't know when the attack happened, or if it was too long ago for a complete rollback to be feasible, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.

    When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the datafrom a backup in Setup Assistant.

    Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.

    Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated.

    Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.

    That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this  after the system has been secured, not before.

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 Aug 11, 2014 10:19 AM in response to Birck Cox
    Level 8 (43,827 points)
    iPhone
    Aug 11, 2014 10:19 AM in response to Birck Cox

    Which anti-virus did you install?

  • by Birck Cox,

    Birck Cox Birck Cox Aug 11, 2014 11:27 AM in response to stevejobsfan0123
    Level 1 (147 points)
    Desktops
    Aug 11, 2014 11:27 AM in response to stevejobsfan0123

    Intego Virus barrier. According to the local experts, a laughable waste of time and money, but what the heck else am I supposed to do?

Page 1 Next