laurafrommountcarroll

Q: i'm afraid i fell for a scam this morning regarding malware

I think I fell for a scam this morning regarding my computer. Now I'm afraid bad guys have access to it.  What do I do?

MacBook Air (11-inch Mid 2013)

Posted on Nov 22, 2015 2:29 PM

Close

Q: i'm afraid i fell for a scam this morning regarding malware

  • All replies
  • Helpful answers

  • by a brody,

    a brody a brody Nov 23, 2015 8:45 AM in response to laurafrommountcarroll
    Level 9 (66,781 points)
    Classic Mac OS
    Nov 23, 2015 8:45 AM in response to laurafrommountcarroll

    Usually not.   The only way someone can get access to your computer is if you have given your password to something you should not.    The airport menuairport.jpg will let you disconnect from wireless.   Do you have another Mac from which to download software that can check for malware?    Etrecheck is a good all around check that will verify nothing untoward has been installed.  Usually you have to actually install something before it actually is a problem.  Downloads in of themselves are innocuous.


    http://etresoft.com/etrecheck


    Copy/paste the results of that into a post here, and we can tell you if there is anything you should worry about.


  • by Eric Root,

    Eric Root Eric Root Nov 23, 2015 8:58 AM in response to laurafrommountcarroll
    Level 9 (69,813 points)
    iTunes
    Nov 23, 2015 8:58 AM in response to laurafrommountcarroll

    Did you allow them access to your computer? If so, boot into the Recovery Partition (command - R on a restart) and erase the disk and format as Mac OS Extended (Journaled) with option GUID. Then restore from your backup a backup that was made before they had access.

  • by hoopty03,

    hoopty03 hoopty03 Jun 19, 2016 5:27 AM in response to a brody
    Level 1 (8 points)
    Jun 19, 2016 5:27 AM in response to a brody

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-06-19 08:20:22

    Download EtreCheck from https://etrecheck.com

    Runtime 1:36

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Check files] link for help with unknown files.

     

    Problem: No problem - just checking

    Description:

    I was scammed and allowed the scammer to take control of my computer. I want to check to see if they left a backdoor.

     

    Hardware Information:

        MacBook Pro (Retina, Mid 2012)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro10,1

        1 2.3 GHz Intel Core i7 CPU: 4-core

        8 GB RAM Not upgradeable

            BANK 0/DIMM0

                4 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en0: 802.11 a/b/g/n

        Battery: Health = Normal - Cycle count = 119

     

    Video Information:

        Intel HD Graphics 4000

            Color LCD 2880 x 1800

        NVIDIA GeForce GT 650M - VRAM: 1024 MB

     

    System Software:

        OS X El Capitan 10.11.5 (15F34) - Time since boot: about 13 hours

     

    Disk Information:

        APPLE SSD SM256E disk0 : (251 GB) (Solid State - TRIM: Yes)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 249.77 GB (129.63 GB free)

                Core Storage: disk0s2 250.14 GB Online

     

    USB Information:

        Apple Inc. FaceTime HD Camera (Built-in)

        Apple Inc. Apple Internal Keyboard / Trackpad

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Unknown Files:

        /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist

            /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool

        One unknown file found. [Check files]

     

    System Launch Agents:

        [not loaded]    7 Apple tasks

        [loaded]    153 Apple tasks

        [running]    78 Apple tasks

     

    System Launch Daemons:

        [not loaded]    43 Apple tasks

        [loaded]    149 Apple tasks

        [running]    98 Apple tasks

     

    Launch Agents:

        [running]    com.mcafee.menulet.plist (2015-10-02) [Support]

        [running]    com.mcafee.reporter.plist (2015-10-02) [Support]

     

    Launch Daemons:

        [failed]    com.adobe.fpsaud.plist (2016-04-05) [Support]

        [loaded]    com.malwarebytes.HelperTool.plist (2016-06-16) [Support]

        [not loaded]    com.mcafee.ssm.ScanFactory.plist (2015-09-21) [Support]

        [not loaded]    com.mcafee.ssm.ScanManager.plist (2015-09-21) [Support]

        [running]    com.mcafee.virusscan.fmpd.plist (2015-10-01) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2014-02-26) [Support]

     

    User Launch Agents:

        [loaded]    com.adobe.ARM.[...].plist (2013-08-27) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-03-03) [Support]

        [running]    com.spotify.webhelper.plist (2016-06-18) [Support]

     

    User Login Items:

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        AdobeResourceSynchronizer    Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)

        Google Chrome    Application  (/Applications/Google Chrome.app)

        Spotify    Application Hidden (/Applications/Spotify.app)

        VerizonUpdateCenter    Application  (/Applications/VerizonUpdateCenter.app)

     

    Other Apps:

        [running]    VDSI.VerizonUpdateCenter.7712

        [running]    com.hp.devicemonitor

        [running]    com.mcafee.ssm.ScanManager

        [running]    com.mcafee.virusscan.ssm.ScanFactory

        [loaded]    383 Apple tasks

        [running]    210 Apple tasks

     

    Internet Plug-ins:

        Flip4Mac WMV Plugin: 3.2.0.16   - SDK 10.8 (2013-06-23) [Support]

        FlashPlayer-10.6: 21.0.0.213 - SDK 10.6 (2016-04-09) [Support]

        QuickTime Plugin: 7.7.3 (2016-05-05)

        AdobePDFViewerNPAPI: 11.0.12 - SDK 10.6 (2015-08-10) [Support]

        AdobePDFViewer: 11.0.12 - SDK 10.6 (2015-08-10) [Support]

        Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-09) Outdated! Update

        Default Browser: 601 - SDK 10.11 (2016-05-05)

        SharePointBrowserPlugin: 14.6.4 - SDK 10.6 (2016-06-04) [Support]

        Silverlight: 5.1.20513.0 - SDK 10.6 (2013-10-07) [Support]

        MeetingJoinPlugin: Unknown - SDK 10.6 (2014-11-18) [Support]

        SiteAdvisor: 2.0 - SDK 10.1 (2013-10-19) [Support]

     

    Safari Extensions:

        SiteAdvisor - McAfee - http://www.siteadvisor.com (2016-04-05)

     

    3rd Party Preference Panes:

        Flash Player (2016-04-05) [Support]

        Flip4Mac WMV (2013-03-29) [Support]

     

    Time Machine:

        Skip System Files: NO

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 249.77 GB Disk used: 120.14 GB

        Destinations:

            My Passport [Local]

            Total size: 319.73 GB

            Total number of backups: 2

            Oldest backup: 4/3/16, 17:16

            Last backup: 5/28/16, 15:02

            Size of backup disk: Too small

                Backup size 319.73 GB < (Disk used 120.14 GB X 3)

     

    Top Processes by CPU:

             5%    WindowServer

             2%    kernel_task

             2%    fontd

             1%    cfprefsd(3)

             1%    blued

     

    Top Processes by Memory:

        840 MB    kernel_task

        377 MB    com.apple.WebKit.WebContent

        238 MB    mdworker(14)

        172 MB    Safari

        156 MB    WindowServer

     

    Virtual Memory Information:

        3.00 GB    Free RAM

        5.00 GB    Used RAM (1.24 GB Cached)

        19 MB    Swap Used

     

    Diagnostics Information:

        Jun 18, 2016, 07:00:52 PM    Self test - passed

        Jun 18, 2016, 06:55:08 PM    /Library/Logs/DiagnosticReports/Google Chrome_2016-06-18-185508_[redacted].cpu_resource.diag [Details]

            /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

        Jun 18, 2016, 06:07:28 PM    /Library/Logs/DiagnosticReports/???_2016-06-18-180728_[redacted].cpu_resource.d iag [Details]

            ???

        Jun 18, 2016, 09:37:02 AM    /Library/Logs/DiagnosticReports/VShieldService_2016-06-18-093702_[redacted].cra sh

            /usr/local/McAfee/AntiMalware/VShieldService

  • by BobHarris,

    BobHarris BobHarris Jun 19, 2016 6:12 AM in response to hoopty03
    Level 6 (19,272 points)
    Mac OS X
    Jun 19, 2016 6:12 AM in response to hoopty03

    If you allowed them access, then your best hope is to backup your system (twice with different backup utilities would be best and safest;  TimeMachine is good, so are SuperDuper (free from full clone) and Carbon Copy Cloner (1 month fully enabled demo)).  If you do not have external disks for backups, you should invest in some now.

     

    Re-download El Capitan, and create a bootable installer on an external USB device (it can be a USB disk or it can be a simple as an 8GB (or larger) USB thumbdrive.  You are gong to be doing a clean install of OS X and then copying back your personal data, but none of the other stuff from the backup(s).

    <Create a bootable installer for OS X - Apple Support>

    <http://www.macworld.com/article/2981585/operating-systems/how-to-make-a-bootable -os-x-10-11-el-capitan-installer-drive.html>

     

    Erase using the bootable El Capitan installer, erase your boot disk to make sure any and all possible scam changes are gone.  You should be able to do this from the installer Utilities menu item and run Disk Utility.

     

    Install a Clean El Capitan.

     

    Use your backup(s) to restore just your home directory.

     

    Install any applications you had previously from original sources.

     

    Setup any system preferences from scratch.  Do not get .plists from the backups, as they may be compromised.

     

    And this time around, do not install any anti-virus, no Mac cleaners, and no memory cleaners.  They is just a waste of your resources.  Please read the following:

    How does Mac OS X protect me?

    <http://www.thesafemac.com/mmg-builtin/>

  • by suddenly.pineapples,

    suddenly.pineapples suddenly.pineapples Jun 21, 2016 11:23 AM in response to hoopty03
    Level 1 (31 points)
    Mac OS X
    Jun 21, 2016 11:23 AM in response to hoopty03

    Looking at your Etercheck report, you seem fine. You should uninstall all of that antivirus crapware, as you really don't need it. It will only slow down your system and make it worse. The best way to protect yourself from malware is to be careful on the internet and don't download anything unless you're sure what it is. Stay away from .pkg installers unless you really trust them, as this method for installing apps can make deep system changes.

  • by hoopty03,

    hoopty03 hoopty03 Jun 21, 2016 6:16 PM in response to suddenly.pineapples
    Level 1 (8 points)
    Jun 21, 2016 6:16 PM in response to suddenly.pineapples

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-06-19 08:20:22

    Download EtreCheck from https://etrecheck.com

    Runtime 1:36

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Check files] link for help with unknown files.

     

    Problem: No problem - just checking

    Description:

    I was scammed and allowed the scammer to take control of my computer. I want to check to see if they left a backdoor.

     

    Hardware Information:

        MacBook Pro (Retina, Mid 2012)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro10,1

        1 2.3 GHz Intel Core i7 CPU: 4-core

        8 GB RAM Not upgradeable

            BANK 0/DIMM0

                4 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en0: 802.11 a/b/g/n

        Battery: Health = Normal - Cycle count = 119

     

    Video Information:

        Intel HD Graphics 4000

            Color LCD 2880 x 1800

        NVIDIA GeForce GT 650M - VRAM: 1024 MB

     

    System Software:

        OS X El Capitan 10.11.5 (15F34) - Time since boot: about 13 hours

     

    Disk Information:

        APPLE SSD SM256E disk0 : (251 GB) (Solid State - TRIM: Yes)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 249.77 GB (129.63 GB free)

                Core Storage: disk0s2 250.14 GB Online

     

    USB Information:

        Apple Inc. FaceTime HD Camera (Built-in)

        Apple Inc. Apple Internal Keyboard / Trackpad

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Unknown Files:

        /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist

            /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool

        One unknown file found. [Check files]

     

    System Launch Agents:

        [not loaded]    7 Apple tasks

        [loaded]    153 Apple tasks

        [running]    78 Apple tasks

     

    System Launch Daemons:

        [not loaded]    43 Apple tasks

        [loaded]    149 Apple tasks

        [running]    98 Apple tasks

     

    Launch Agents:

        [running]    com.mcafee.menulet.plist (2015-10-02) [Support]

        [running]    com.mcafee.reporter.plist (2015-10-02) [Support]

     

    Launch Daemons:

        [failed]    com.adobe.fpsaud.plist (2016-04-05) [Support]

        [loaded]    com.malwarebytes.HelperTool.plist (2016-06-16) [Support]

        [not loaded]    com.mcafee.ssm.ScanFactory.plist (2015-09-21) [Support]

        [not loaded]    com.mcafee.ssm.ScanManager.plist (2015-09-21) [Support]

        [running]    com.mcafee.virusscan.fmpd.plist (2015-10-01) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2014-02-26) [Support]

     

    User Launch Agents:

        [loaded]    com.adobe.ARM.[...].plist (2013-08-27) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-03-03) [Support]

        [running]    com.spotify.webhelper.plist (2016-06-18) [Support]

     

    User Login Items:

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        AdobeResourceSynchronizer    Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)

        Google Chrome    Application  (/Applications/Google Chrome.app)

        Spotify    Application Hidden (/Applications/Spotify.app)

        VerizonUpdateCenter    Application  (/Applications/VerizonUpdateCenter.app)

     

    Other Apps:

        [running]    VDSI.VerizonUpdateCenter.7712

        [running]    com.hp.devicemonitor

        [running]    com.mcafee.ssm.ScanManager

        [running]    com.mcafee.virusscan.ssm.ScanFactory

        [loaded]    383 Apple tasks

        [running]    210 Apple tasks

     

    Internet Plug-ins:

        Flip4Mac WMV Plugin: 3.2.0.16   - SDK 10.8 (2013-06-23) [Support]

        FlashPlayer-10.6: 21.0.0.213 - SDK 10.6 (2016-04-09) [Support]

        QuickTime Plugin: 7.7.3 (2016-05-05)

        AdobePDFViewerNPAPI: 11.0.12 - SDK 10.6 (2015-08-10) [Support]

        AdobePDFViewer: 11.0.12 - SDK 10.6 (2015-08-10) [Support]

        Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-09) Outdated! Update

        Default Browser: 601 - SDK 10.11 (2016-05-05)

        SharePointBrowserPlugin: 14.6.4 - SDK 10.6 (2016-06-04) [Support]

        Silverlight: 5.1.20513.0 - SDK 10.6 (2013-10-07) [Support]

        MeetingJoinPlugin: Unknown - SDK 10.6 (2014-11-18) [Support]

        SiteAdvisor: 2.0 - SDK 10.1 (2013-10-19) [Support]

     

    Safari Extensions:

        SiteAdvisor - McAfee - http://www.siteadvisor.com (2016-04-05)

     

    3rd Party Preference Panes:

        Flash Player (2016-04-05) [Support]

        Flip4Mac WMV (2013-03-29) [Support]

     

    Time Machine:

        Skip System Files: NO

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 249.77 GB Disk used: 120.14 GB

        Destinations:

            My Passport [Local]

            Total size: 319.73 GB

            Total number of backups: 2

            Oldest backup: 4/3/16, 17:16

            Last backup: 5/28/16, 15:02

            Size of backup disk: Too small

                Backup size 319.73 GB < (Disk used 120.14 GB X 3)

     

    Top Processes by CPU:

             5%    WindowServer

             2%    kernel_task

             2%    fontd

             1%    cfprefsd(3)

             1%    blued

     

    Top Processes by Memory:

        840 MB    kernel_task

        377 MB    com.apple.WebKit.WebContent

        238 MB    mdworker(14)

        172 MB    Safari

        156 MB    WindowServer

     

    Virtual Memory Information:

        3.00 GB    Free RAM

        5.00 GB    Used RAM (1.24 GB Cached)

        19 MB    Swap Used

     

    Diagnostics Information:

        Jun 18, 2016, 07:00:52 PM    Self test - passed

        Jun 18, 2016, 06:55:08 PM    /Library/Logs/DiagnosticReports/Google Chrome_2016-06-18-185508_[redacted].cpu_resource.diag [Details]

            /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

        Jun 18, 2016, 06:07:28 PM    /Library/Logs/DiagnosticReports/???_2016-06-18-180728_[redacted].cpu_resource.d iag [Details]

            ???

        Jun 18, 2016, 09:37:02 AM    /Library/Logs/DiagnosticReports/VShieldService_2016-06-18-093702_[redacted].cra sh

            /usr/local/McAfee/AntiMalware/VShieldService

  • by Eric Root,

    Eric Root Eric Root Jun 22, 2016 8:35 AM in response to hoopty03
    Level 9 (69,813 points)
    iTunes
    Jun 22, 2016 8:35 AM in response to hoopty03

    The only safe thing to do is boot into the Recovery Partition (command - R on a restart) and erase the disk and format as Mac OS Extended (Journaled) with option GUID. Then restore from your backup a backup that was made before they had access. Also see Bob Harris' post above. Also uninstall McAfee.

     

    McAfee Uninstall               Resources is near bottom of the page