Wana1

Q: detect recent installed unauthorized remote control applications

One day ago I allowed remote access control to my Mac Book Pro OS10.9.4 to a company pretending to be Apple Authorized Online Services. After discovering this was a scam I need to be sure that they didn't leave or installed any app (hidden or not) and if so, how to delete it to prevent them to access my Mac again.

 

It would also be helpful if there is a way to find out which information they may have accessed during the mentioned "session".

Thanks in advance for your help

MacBook Pro, OS X Mavericks (10.9.4)

Posted on Sep 5, 2014 2:03 PM

Close

Q: detect recent installed unauthorized remote control applications

  • All replies
  • Helpful answers

Previous Page 2
  • by Eric Root,

    Eric Root Eric Root May 31, 2015 9:46 AM in response to TiffanyKRK
    Level 9 (72,040 points)
    iTunes
    May 31, 2015 9:46 AM in response to TiffanyKRK

    Restore the computer from a backup that pre-dates when you allowed access to your computer. Change your ID password immediately.

  • by vibration888,

    vibration888 vibration888 Jun 29, 2015 9:13 PM in response to Jasmine Green
    Level 1 (0 points)
    Jun 29, 2015 9:13 PM in response to Jasmine Green

    DId you install that Prey.app? See the com.prey.agent.plist? It's a legit app but it is a tracking app. If you installed it then everything looks ok.

  • by vibration888,

    vibration888 vibration888 Jun 29, 2015 9:17 PM in response to TiffanyKRK
    Level 1 (0 points)
    Jun 29, 2015 9:17 PM in response to TiffanyKRK

    DId you restore from backup and change you password?

  • by Jetgiles,

    Jetgiles Jetgiles Jul 27, 2015 1:33 AM in response to Linc Davis
    Level 1 (0 points)
    Jul 27, 2015 1:33 AM in response to Linc Davis

    Hello Linc,

     

    I have faced the same situation that was described in the message that  you responded above about a Safari alert and calling an 800 number and giving someone remote access to my computer.  Is it possible that whike they were supposedly running a report that they instead copied all of my files?  Including all of my contacts etc.

     

    I have since then contacted Macafee and have had their tech sweep my computer and feel somewhat sure that it is safe now.  But if I had sensitive information stored on the computer in any files do they possibly have copies of those files.  While they were supposedly running that report I  saw what looked like my files speeding by on my computer screen just like when I watch shows on television that show someone using a stick drive to download files off someone else's computer.

     

    I feel very nervous now. 

  • by nancygal,

    nancygal nancygal Sep 12, 2015 1:24 AM in response to Old Toad
    Level 1 (0 points)
    Sep 12, 2015 1:24 AM in response to Old Toad

    Screen Shot 2015-09-11 at 8.51.51 PM.png

    I did the same silly thing. I called the toll-free number, let the tech take control for a minute or two, then I got suspicious and decided to exit his remote control program. Next I copied and saved some stuff he had typed on the screen (see it below the EtreCheck report), then I re-booted and started looking for information on what to do to clean my computer. That's when I found this thread and ran EtreCheck. Here's my result, if you would be so kind as to look at it and let me know what else to do. My computer is a month old and I have very little on it. I wouldn't mind wiping it and reinstalling and just start over from scratch if I knew how to do it. Should I change my Apple ID password now? OR wait until after I have re-installed? Thank you very much for any guidance.


    EtreCheck version: 2.4.2 (142)

    Report generated 9/12/15, 2:04 AM

    Download EtreCheck from http://etresoft.com/etrecheck

     

    Click the [Click for support] links for help with non-Apple products.

    Click the [Click for details] links for more information about that line.

     

    Hardware Information: (What does this mean?)

        MacBook Pro (Retina, 13-inch, Early 2015) (Technical Specifications)

        MacBook Pro - model: MacBookPro12,1

        1 2.9 GHz Intel Core i5 CPU: 2-core

        8 GB RAM Not upgradeable

            BANK 0/DIMM0

                4 GB DDR3 1867 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1867 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en0: 802.11 a/b/g/n/ac

        Battery: Health = Normal - Cycle count = 19 - SN = C01520200W6FY5JA4

     

    Video Information: (What does this mean?)

        Intel Iris Graphics 6100

            Color LCD 2560 x 1600

     

    System Software: (What does this mean?)

        OS X 10.10.5 (14F27) - Time since boot: about 4 hours

     

    Disk Information: (What does this mean?)

        APPLE SSD SM0512G disk0 : (500.28 GB) (Solid State - TRIM: Yes)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 499.06 GB (471.34 GB free)

                Core Storage: disk0s2 499.42 GB Online

     

    USB Information: (What does this mean?)

        Apple Internal Memory Card Reader

        Broadcom Corp. Bluetooth USB Host Controller

     

    Thunderbolt Information: (What does this mean?)

        Apple Inc. thunderbolt_bus

     

    Gatekeeper: (What does this mean?)

        Mac App Store and identified developers

     

    Launch Daemons: (What does this mean?)

        [loaded]    com.adobe.fpsaud.plist [Click for support]

     

    User Launch Agents: (What does this mean?)

        [loaded]    com.google.keystone.agent.plist [Click for support]

     

    User Login Items: (What does this mean?)

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        Google Chrome    Application Hidden (/Applications/Google Chrome.app)

     

    Internet Plug-ins: (What does this mean?)

        FlashPlayer-10.6: Version: 18.0.0.232 - SDK 10.6 [Click for support]

        Flash Player: Version: 18.0.0.232 - SDK 10.6 [Click for support]

        QuickTime Plugin: Version: 7.7.3

        Default Browser: Version: 600 - SDK 10.10

     

    Safari Extensions: (What does this mean?)

        Adblock Plus

     

    3rd Party Preference Panes: (What does this mean?)

        Flash Player  [Click for support]

     

    Time Machine: (What does this mean?)

        Time Machine not configured!

     

    Top Processes by CPU: (What does this mean?)

             6%    WindowServer

             3%    fontd

             0%    hidd

             0%    taskgated

             0%    Google Chrome Helper(9)

     

    Top Processes by Memory: (What does this mean?)

        909 MB    Google Chrome Helper(9)

        703 MB    kernel_task

        205 MB    Google Chrome

        164 MB    Finder

        123 MB    WindowServer

     

    Virtual Memory Information: (What does this mean?)

        1.17 GB    Free RAM

        6.83 GB    Used RAM (2.14 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information: (What does this mean?)

        Sep 11, 2015, 09:26:03 PM    Self test - passed

    =================

    P.S. Here's what he had typed on my screen at the time when I decided to exit the remote program he had been using to access my computer:

     

    solution:

    1.remove the zeus malware

    2.remove the unauthorized connections

    3.activate the firewall(network security)

    4.activate the file vault(data security)

    ==================================

    tech name-mike miller

    employee id-20140328

    systeye support(MAC Support)

    info@systeyesupport.com

    ===================================

    activate the firewall

    activate the file vault

  • by Old Toad,

    Old Toad Old Toad Sep 12, 2015 8:55 AM in response to nancygal
    Level 10 (141,242 points)
    Mac OS X
    Sep 12, 2015 8:55 AM in response to nancygal

    Follow Eric Root's recommendation at the top of this page.  Not only change you Apple ID password but all your banking and other website passwords also - ASAP.

Previous Page 2