-
All replies
-
Helpful answers
-
Jun 6, 2015 1:41 PM in response to christelramaby Niel,1. It’s your choice. It’s useful for removing adware, but doesn’t prevent it from being installed on the computer.
2. If your web browser repeatedly creates a tab or window with advertising in it; occasionally, such popups may appear without there being malware on the machine. It’s also sometimes useful if a popup freezes your browser and gives you a number to call.
(128422)
-
Jun 6, 2015 1:50 PM in response to christelramaby Linc Davis,To whom did you allow remote control of your computer?
-
Jun 7, 2015 9:00 AM in response to Linc Davisby christelrama,They have a few names: Premium Technical Support, then one of their email address is @techliveconnect.com. I received an email from them under Samurai and the merchant appearing on my cc post was Sensei..
Let me tell you the story/ sorry it's a little long: well, on 5/31, that pop-up window came up after i'd opened an email, freezing my browser and telling me to call those Mac technicians because there was a problem with my computer... never happened to me before, I had no clue, I called. They made me believe something was wrong with my Mac (breach of security etc...) I let them in my computer, they showed me things (actually the list in my key chain saying it was supposedly threats, and that my firewall was turned off (and i have no idea how this happened! it used to be on!!!). They supposedly cleaned the mac, but I didn't see any difference, because my computer was fine in the first place!!! So I realize that this was a scam and got all panicked. I asked for my money back, they manipulated me into accepting the whole thing, that they really worked on my machine (yeah, right, 3 minutes!) pass the call to another guy, then another and it's never ending ... Then I went to google their names, and my bad feeling about them was confirmed: scam! So I quickly called my cc, told them the story. We changed my cc number and I started a dispute. I also changed all my passwords for computer, emails. Since I've talk with my cc, a representative called the merchant (Sensei ) to ask them directly for a refund of the purchase (for which i'd never received a receipt!). Right away those guys called me on my cell phone and offered a partial refund which I didn't accept, strongly demanding the full refund. So the guy said ok, gave me a reference #, promised my full refund within 10-14 bus. days (makes it between 6/18-24), they also send a email stating it. I told the cc, we keep the dispute on in case. I am so paranoid now that I have been going through my mac examining everything, checking if my firewall is on 3x/day... and I joined this Apple community asking questions...
I hope my mac is fine after "their visit", SHOULD I DO ANYTHING SPECIFIC AFTER THIS? thanks million
-
Jun 7, 2015 9:11 AM in response to christelramaby Linc Davis,You already know that the person to whom you gave remote access was a criminal.
The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the state it was in before the attack. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if the attack was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.
If the attack happened too long ago for a complete rollback to be practical, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
Reinstall third-party software from original media or fresh downloads—not from a backup, which could be contaminated.
Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.
The above being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.
-
Jun 7, 2015 9:29 AM in response to Linc Davisby christelrama,OMG! I feel super stressed out now, as i have no idea how to do what you tell me too. Not savvy enough!
I don't think this could be a "sophisticated attack", cause i am quite a small fish for that, I don't see the point, but what do i know..
is there a way to find out if anything has been corrupted on my computer before getting into the whole clean-up thingy? everything seem normal at this point...
Plus my most recent back up is from after the event. Before that was a few month back as my ext. hard-drive wasn't with me...
thank you
-
Jun 7, 2015 10:18 AM in response to christelramaby Linc Davis,Your options are (a) to do nothing more than you've already done (which may be enough), or (b) to get someone more experienced to help you. You could make a "Genius" appointment at an Apple Store.
-
Jun 7, 2015 10:38 AM in response to Linc Davisby christelrama,thank you for the advice! I have more questions:
If there would be any threat on my computer, how would they show up and could we know when?
I am searching my Mac now for all kinds of stuff I would't understand or couldn't identify...I've found some files, but it's old (2007), what is it?
"ajax.js .......Javascript thingy? and "urchin.js" (2008)? "JRSRemoteLayer.h" (2013)?
thank you so much!
-
Jun 7, 2015 10:44 AM in response to Linc Davisby christelrama,oh and by the way mu mac is the OS X 10.6.8
-
Jun 7, 2015 10:51 AM in response to christelramaby Linc Davis,If there would be any threat on my computer, how would they show up and could we know when?
You wouldn't necessarily know unless you hired a consultant in forensic computing.
I am searching my Mac now for all kinds of stuff
That's a waste of time.
-
Jun 7, 2015 10:54 AM in response to christelramaby stevejobsfan0123,What URL did the pop-up come from? Open a new tab in Safari, then go to History > Show History. Scroll down, and click on the small arrow to the left of "May 31st," and find the URL. DO NOT visit the page, just post the URL.
oh and by the way mu mac is the OS X 10.6.8
AdwareMedic won't even run on that, it requires 10.7. It's a shame that this was installed by the scammers as a way to charge you for something that you could have easily done for free by installing it yourself (though it wouldn't help you in this case anyway, as I pointed out).
-
Jun 7, 2015 11:37 AM in response to stevejobsfan0123by christelrama,then i should just put that Adwaremedic app in trash, right?
URL: well i had cleared history to make sure i don't open that URL later by mistake, so it's all gone, I guess...or is there a way to retrieve it?
actually it was an email from unknown source (which usually never happens! I have a filter!) anyway, I opened it by mistake-just the email- and the pop-up came up/without changing URL. the email address it came from was rob.pps@me.com...seems quite anonymous...on the window I was prompted to call a phone number to help sort "issues" out...I was naive and called...here the original phone #( 1-855-981-9114) that was on the pop-up. later on i was given other numbers for technicians such as 1-844-219-1736..
I think that this is just a scam to sell tech help and make money on gullible unexperienced peeps. Once they sold their thing and pretend to fix the computer (it was really quick! a few minutes), they move on to the next one. I really hope that it is not a threat anymore as I don't think they can go back into my computer without my permission, right?
thanks for the help
-
Jun 7, 2015 11:38 AM in response to christelramaby stevejobsfan0123,Yes, you might as well delete AdwareMedic since it won't run on your computer.
Thanks for the additional info, I was just curious.
-
Jun 7, 2015 11:44 AM in response to Linc Davisby christelrama,to Linc- I see, but I am in no position to hire any big tech right now. I haven't had income in a while due to an injury..
so I'll take a chance that nothing happens...and also look for a friend who can help me do the steps you recommended for cleansing the mac.
thanks!!
-
Jun 7, 2015 12:01 PM in response to stevejobsfan0123by christelrama,i just went in to check out the Adwaremedic file and notice this: the app shows up as an alias dated May 31, and a second doc is there : AdwareMedic.dmg identified as disk image, dated May 26. What i don't get is that the event happened on May 31. So how did the second doc get there before???