-
All replies
-
Helpful answers
-
Jun 7, 2015 12:02 PM in response to Linc Davisby christelrama,i just went in to check out the Adwaremedic file and notice this: the app shows up as an alias dated May 31, and a second doc is there : AdwareMedic.dmg identified as disk image, dated May 26. What i don't get is that the event happened on May 31. So how did the second doc get there before???
-
Jun 7, 2015 12:09 PM in response to christelramaby etresoft,Hello christelrama,
AdwareMedic is a legitimate and useful program. However, there is no guarantee that that they actually installed a genuine copy of AdwareMedic. I strongly suggest you delete anything they installed. If you want the real AdwareMedic, you can download it from here: http://www.adwaremedic.com/index.php
Unfortunately, everything Linc Davis told you is absolutely correct. Erasing your hard drive and restoring from a point before you contacted the scammers is the only guaranteed way to ensure you aren't running any key loggers, backdoors, remote access, etc. Also, a firewall is not what you think it is. The scammers you that took control of your computer were the over-the-top criminal variety. There is also a more mundane variety of scam that just tries to make people feed good about computer security without actually doing anything. Antivirus software and firewalls fall into this category. A firewall is designed to help provide remote access, not deny it. It is useful for a network administrator, but not an end-user's machine. You want to make sure that you are never providing any remote access at all. In that case, there is no need for a firewall.
There is another option. I wrote a little diagnostic program to help show what software is running in the background on your Mac. Download EtreCheck from http://www.etrecheck.com, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.
We can look at the output of your EtreCheck report and tell you if there are any obvious remote access tools running. EtreCheck was not designed for this kind of analysis, but it would be better than nothing. It only looks for 3rd party software so you would have to manually make sure that everything in System Preferences > Sharing is turned off. EtreCheck is never going to be as good as a live expert looking at your computer - like you would find at an Apple genius bar.
Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.
-
Jun 7, 2015 2:25 PM in response to christelramaby babowa,If you are still worried after uninstalling Adware Medic, the one way to make sure there is nothing on your computer that should not be there is to use your install disks, use them to boot the computer, erase your hard drive and install from scratch. Obviously, back up your important files first so you can copy them back. It's a bit of a pain, but easy enough to do and would mean that you start out with a freshly installed system.
Oh, and make sure you've changed all your passwords online as well.
-
Jun 8, 2015 10:22 AM in response to christelramaby thomas_r.,Most likely, that copy of AdwareMedic is legit. Unfortunately, scammers like these will often install things that are legit to make it seem like they're doing something useful. (In your case, they installed something that couldn't even run on your system.)
There is a way you could verify AdwareMedic, but it would be a waste of time. As has already been pointed out, your system should be considered compromised, and there's no software that can adequately clean it for you, nor any tech (other than a Mac security expert, who wouldn't be working in an entry-level tech position) who could certify it to be clean. The only way to guarantee that they didn't install something nasty to spy on you is to erase the hard drive.
Linc has said that one option is to do nothing, but that's a quite poor option. You may not have anything to fear, but there's a very real, though admittedly not large, possibility that these scammers could be monitoring your keystrokes, harvesting all your data and even looking at you through your webcam. The information they could gather this way ranges from embarrassing to financially devastating. Thus, I strongly recommend that you erase the hard drive
If Linc's explanation of how to fix the problem was too daunting, try my instructions here:
How to reinstall Mac OS X from scratch
Hopefully, those will be more clear to you.
Also, note that this process would be much easier if you were using Time Machine backups. You could just erase the hard drive and restore to a point in time prior to the hack. If you aren't using Time Machine backups, this is one reason among many why you should start ASAP!
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)