-
All replies
-
Helpful answers
-
by a brody,Nov 23, 2015 8:45 AM in response to laurafrommountcarroll
a brody
Nov 23, 2015 8:45 AM
in response to laurafrommountcarroll
Level 9 (66,781 points)
Classic Mac OSUsually not. The only way someone can get access to your computer is if you have given your password to something you should not. The airport menu
will let you disconnect from wireless. Do you have another Mac from which to download software that can check for malware? Etrecheck is a good all around check that will verify nothing untoward has been installed. Usually you have to actually install something before it actually is a problem. Downloads in of themselves are innocuous.Copy/paste the results of that into a post here, and we can tell you if there is anything you should worry about.
-
Nov 23, 2015 8:58 AM in response to laurafrommountcarrollby Eric Root,Did you allow them access to your computer? If so, boot into the Recovery Partition (command - R on a restart) and erase the disk and format as Mac OS Extended (Journaled) with option GUID. Then restore from your backup a backup that was made before they had access.
-
Jun 19, 2016 5:27 AM in response to a brodyby hoopty03,EtreCheck version: 2.9.12 (265)
Report generated 2016-06-19 08:20:22
Download EtreCheck from https://etrecheck.com
Runtime 1:36
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Check files] link for help with unknown files.
Problem: No problem - just checking
Description:
I was scammed and allowed the scammer to take control of my computer. I want to check to see if they left a backdoor.
MacBook Pro (Retina, Mid 2012)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro10,1
1 2.3 GHz Intel Core i7 CPU: 4-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 119
Intel HD Graphics 4000
Color LCD 2880 x 1800
NVIDIA GeForce GT 650M - VRAM: 1024 MB
OS X El Capitan 10.11.5 (15F34) - Time since boot: about 13 hours
APPLE SSD SM256E disk0 : (251 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 249.77 GB (129.63 GB free)
Core Storage: disk0s2 250.14 GB Online
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. thunderbolt_bus
Mac App Store and identified developers
/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist
/Library/PrivilegedHelperTools/com.malwarebytes.HelperTool /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool
One unknown file found. [Check files]
[not loaded] 7 Apple tasks
[loaded] 153 Apple tasks
[running] 78 Apple tasks
[not loaded] 43 Apple tasks
[loaded] 149 Apple tasks
[running] 98 Apple tasks
[running] com.mcafee.menulet.plist (2015-10-02) [Support]
[running] com.mcafee.reporter.plist (2015-10-02) [Support]
[failed] com.adobe.fpsaud.plist (2016-04-05) [Support]
[loaded] com.malwarebytes.HelperTool.plist (2016-06-16) [Support]
[not loaded] com.mcafee.ssm.ScanFactory.plist (2015-09-21) [Support]
[not loaded] com.mcafee.ssm.ScanManager.plist (2015-09-21) [Support]
[running] com.mcafee.virusscan.fmpd.plist (2015-10-01) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2014-02-26) [Support]
[loaded] com.adobe.ARM.[...].plist (2013-08-27) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-03) [Support]
[running] com.spotify.webhelper.plist (2016-06-18) [Support]
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
AdobeResourceSynchronizer Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)
Google Chrome Application (/Applications/Google Chrome.app)
Spotify Application Hidden (/Applications/Spotify.app)
VerizonUpdateCenter Application (/Applications/VerizonUpdateCenter.app)
[running] VDSI.VerizonUpdateCenter.7712
[running] com.hp.devicemonitor
[running] com.mcafee.ssm.ScanManager
[running] com.mcafee.virusscan.ssm.ScanFactory
[loaded] 383 Apple tasks
[running] 210 Apple tasks
Flip4Mac WMV Plugin: 3.2.0.16 - SDK 10.8 (2013-06-23) [Support]
FlashPlayer-10.6: 21.0.0.213 - SDK 10.6 (2016-04-09) [Support]
QuickTime Plugin: 7.7.3 (2016-05-05)
AdobePDFViewerNPAPI: 11.0.12 - SDK 10.6 (2015-08-10) [Support]
AdobePDFViewer: 11.0.12 - SDK 10.6 (2015-08-10) [Support]
Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-09) Outdated! Update
Default Browser: 601 - SDK 10.11 (2016-05-05)
SharePointBrowserPlugin: 14.6.4 - SDK 10.6 (2016-06-04) [Support]
Silverlight: 5.1.20513.0 - SDK 10.6 (2013-10-07) [Support]
MeetingJoinPlugin: Unknown - SDK 10.6 (2014-11-18) [Support]
SiteAdvisor: 2.0 - SDK 10.1 (2013-10-19) [Support]
SiteAdvisor - McAfee - http://www.siteadvisor.com (2016-04-05)
Flash Player (2016-04-05) [Support]
Flip4Mac WMV (2013-03-29) [Support]
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 249.77 GB Disk used: 120.14 GB
Destinations:
My Passport [Local]
Total size: 319.73 GB
Total number of backups: 2
Oldest backup: 4/3/16, 17:16
Last backup: 5/28/16, 15:02
Size of backup disk: Too small
Backup size 319.73 GB < (Disk used 120.14 GB X 3)
5% WindowServer
2% kernel_task
2% fontd
1% cfprefsd(3)
1% blued
840 MB kernel_task
377 MB com.apple.WebKit.WebContent
238 MB mdworker(14)
172 MB Safari
156 MB WindowServer
3.00 GB Free RAM
5.00 GB Used RAM (1.24 GB Cached)
19 MB Swap Used
Jun 18, 2016, 07:00:52 PM Self test - passed
Jun 18, 2016, 06:55:08 PM /Library/Logs/DiagnosticReports/Google Chrome_2016-06-18-185508_[redacted].cpu_resource.diag [Details]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
Jun 18, 2016, 06:07:28 PM /Library/Logs/DiagnosticReports/???_2016-06-18-180728_[redacted].cpu_resource.d iag [Details]
???
Jun 18, 2016, 09:37:02 AM /Library/Logs/DiagnosticReports/VShieldService_2016-06-18-093702_[redacted].cra sh
/usr/local/McAfee/AntiMalware/VShieldService
-
Jun 19, 2016 6:12 AM in response to hoopty03by BobHarris,If you allowed them access, then your best hope is to backup your system (twice with different backup utilities would be best and safest; TimeMachine is good, so are SuperDuper (free from full clone) and Carbon Copy Cloner (1 month fully enabled demo)). If you do not have external disks for backups, you should invest in some now.
Re-download El Capitan, and create a bootable installer on an external USB device (it can be a USB disk or it can be a simple as an 8GB (or larger) USB thumbdrive. You are gong to be doing a clean install of OS X and then copying back your personal data, but none of the other stuff from the backup(s).
<Create a bootable installer for OS X - Apple Support>
Erase using the bootable El Capitan installer, erase your boot disk to make sure any and all possible scam changes are gone. You should be able to do this from the installer Utilities menu item and run Disk Utility.
Install a Clean El Capitan.
Use your backup(s) to restore just your home directory.
Install any applications you had previously from original sources.
Setup any system preferences from scratch. Do not get .plists from the backups, as they may be compromised.
And this time around, do not install any anti-virus, no Mac cleaners, and no memory cleaners. They is just a waste of your resources. Please read the following:
How does Mac OS X protect me?
-
Jun 21, 2016 11:23 AM in response to hoopty03by suddenly.pineapples,Looking at your Etercheck report, you seem fine. You should uninstall all of that antivirus crapware, as you really don't need it. It will only slow down your system and make it worse. The best way to protect yourself from malware is to be careful on the internet and don't download anything unless you're sure what it is. Stay away from .pkg installers unless you really trust them, as this method for installing apps can make deep system changes.
-
Jun 21, 2016 6:16 PM in response to suddenly.pineapplesby hoopty03,EtreCheck version: 2.9.12 (265)
Report generated 2016-06-19 08:20:22
Download EtreCheck from https://etrecheck.com
Runtime 1:36
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Check files] link for help with unknown files.
Problem: No problem - just checking
Description:
I was scammed and allowed the scammer to take control of my computer. I want to check to see if they left a backdoor.
MacBook Pro (Retina, Mid 2012)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro10,1
1 2.3 GHz Intel Core i7 CPU: 4-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 119
Intel HD Graphics 4000
Color LCD 2880 x 1800
NVIDIA GeForce GT 650M - VRAM: 1024 MB
OS X El Capitan 10.11.5 (15F34) - Time since boot: about 13 hours
APPLE SSD SM256E disk0 : (251 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 249.77 GB (129.63 GB free)
Core Storage: disk0s2 250.14 GB Online
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. thunderbolt_bus
Mac App Store and identified developers
/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist
/Library/PrivilegedHelperTools/com.malwarebytes.HelperTool /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool
One unknown file found. [Check files]
[not loaded] 7 Apple tasks
[loaded] 153 Apple tasks
[running] 78 Apple tasks
[not loaded] 43 Apple tasks
[loaded] 149 Apple tasks
[running] 98 Apple tasks
[running] com.mcafee.menulet.plist (2015-10-02) [Support]
[running] com.mcafee.reporter.plist (2015-10-02) [Support]
[failed] com.adobe.fpsaud.plist (2016-04-05) [Support]
[loaded] com.malwarebytes.HelperTool.plist (2016-06-16) [Support]
[not loaded] com.mcafee.ssm.ScanFactory.plist (2015-09-21) [Support]
[not loaded] com.mcafee.ssm.ScanManager.plist (2015-09-21) [Support]
[running] com.mcafee.virusscan.fmpd.plist (2015-10-01) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2014-02-26) [Support]
[loaded] com.adobe.ARM.[...].plist (2013-08-27) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-03) [Support]
[running] com.spotify.webhelper.plist (2016-06-18) [Support]
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
AdobeResourceSynchronizer Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)
Google Chrome Application (/Applications/Google Chrome.app)
Spotify Application Hidden (/Applications/Spotify.app)
VerizonUpdateCenter Application (/Applications/VerizonUpdateCenter.app)
[running] VDSI.VerizonUpdateCenter.7712
[running] com.hp.devicemonitor
[running] com.mcafee.ssm.ScanManager
[running] com.mcafee.virusscan.ssm.ScanFactory
[loaded] 383 Apple tasks
[running] 210 Apple tasks
Flip4Mac WMV Plugin: 3.2.0.16 - SDK 10.8 (2013-06-23) [Support]
FlashPlayer-10.6: 21.0.0.213 - SDK 10.6 (2016-04-09) [Support]
QuickTime Plugin: 7.7.3 (2016-05-05)
AdobePDFViewerNPAPI: 11.0.12 - SDK 10.6 (2015-08-10) [Support]
AdobePDFViewer: 11.0.12 - SDK 10.6 (2015-08-10) [Support]
Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-09) Outdated! Update
Default Browser: 601 - SDK 10.11 (2016-05-05)
SharePointBrowserPlugin: 14.6.4 - SDK 10.6 (2016-06-04) [Support]
Silverlight: 5.1.20513.0 - SDK 10.6 (2013-10-07) [Support]
MeetingJoinPlugin: Unknown - SDK 10.6 (2014-11-18) [Support]
SiteAdvisor: 2.0 - SDK 10.1 (2013-10-19) [Support]
SiteAdvisor - McAfee - http://www.siteadvisor.com (2016-04-05)
Flash Player (2016-04-05) [Support]
Flip4Mac WMV (2013-03-29) [Support]
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 249.77 GB Disk used: 120.14 GB
Destinations:
My Passport [Local]
Total size: 319.73 GB
Total number of backups: 2
Oldest backup: 4/3/16, 17:16
Last backup: 5/28/16, 15:02
Size of backup disk: Too small
Backup size 319.73 GB < (Disk used 120.14 GB X 3)
5% WindowServer
2% kernel_task
2% fontd
1% cfprefsd(3)
1% blued
840 MB kernel_task
377 MB com.apple.WebKit.WebContent
238 MB mdworker(14)
172 MB Safari
156 MB WindowServer
3.00 GB Free RAM
5.00 GB Used RAM (1.24 GB Cached)
19 MB Swap Used
Jun 18, 2016, 07:00:52 PM Self test - passed
Jun 18, 2016, 06:55:08 PM /Library/Logs/DiagnosticReports/Google Chrome_2016-06-18-185508_[redacted].cpu_resource.diag [Details]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
Jun 18, 2016, 06:07:28 PM /Library/Logs/DiagnosticReports/???_2016-06-18-180728_[redacted].cpu_resource.d iag [Details]
???
Jun 18, 2016, 09:37:02 AM /Library/Logs/DiagnosticReports/VShieldService_2016-06-18-093702_[redacted].cra sh
/usr/local/McAfee/AntiMalware/VShieldService
-
Jun 22, 2016 8:35 AM in response to hoopty03by Eric Root,The only safe thing to do is boot into the Recovery Partition (command - R on a restart) and erase the disk and format as Mac OS Extended (Journaled) with option GUID. Then restore from your backup a backup that was made before they had access. Also see Bob Harris' post above. Also uninstall McAfee.
McAfee Uninstall Resources is near bottom of the page