Previous 1 2 Next 15 Replies Latest reply: Jan 22, 2008 5:29 PM by mroam
Aldwin Arcega Level 1 Level 1 (0 points)
My Macbook Pro is acting weird recently. After sleeping my computer for some time, it just start to shutdown on its own even it is not my settings for power options.

I suspect that it was hacked because i have clicked a web page, and after displaying the page it said I was hacked.

How will I know if I really hacked?

Is the OS X that vulnerable?

MBP 2.33Ghz, Mac OS X (10.5.1), 15" 256 ATI 2G memory
  • William Lloyd Level 7 Level 7 (20,980 points)
    No, OS X is not that vulnerable. The "You've been hacked" warning I'm sure was a web site trying to sell you protection software (software that won't even run on the Mac."

    I doubt you've been hacked.

    You need to read here on some suggestions for basic troubleshooting. Is there anything in the console log which might lend information? Also, try disconnecting all USB devices that aren't your keyboard and mouse and seeing if this wonky behavior goes away -- wireless mice, printers, etc., can all cause sleep/wake issues.
  • Barney-15E Level 8 Level 8 (42,625 points)
    If the battery drains, it will go into hibernation (i think) until no power is left. If it does it again, check the battery level by pushing the button on the battery.
  • Aldwin Arcega Level 1 Level 1 (0 points)
    There is nothing in the console log to get some info.
    The site is not trying to sell me something, in fact the page just got blank after I read the "you've got hacked message.
    I have no usb attached except the mighty mouse I've got.
    I forgot the webpage site though, i cant remember it now. something like outside US I think...

    Its my third time doing the shutting down thing... at first i ignore it, but now its the third, I cant just ignore it.. something is really wrong i guess but I am new in mac systems..
    I have just switched from windows not more than 8 months...and I never experienced that on my windows system (that shuttingdown thing without my knowledge)
  • Aldwin Arcega Level 1 Level 1 (0 points)
    The notebook of mine is plugged and not running on battery.
  • Barney-15E Level 8 Level 8 (42,625 points)
    The earlier MBPs had a problem like this, but I don't think yours falls into that category. As mentioned, check the console logs and see if there is anything odd listed near the time of the shutdown.
  • Aldwin Arcega Level 1 Level 1 (0 points)
    I checked the log and there is no log or what ever that occurs around the time my computer shuts down without my knowing.

    If a crash happens, when i turn on my computer, it will prompts me if i am going to report it to apple or not...but it does not happen...

    I am puzzled what was wrong with it, I can't bring it to service center because they will not accept it that it was hacked or something or anything..
  • BobP1776 Level 3 Level 3 (695 points)
    I agree it is highly unlikely your Mac has actually been hacked.

    The first thing to do is to reset the SMC. This is the low level controller in your intel-based Mac that handles power management and sleep/wake stuff including scheduled transitions. If the SMC gets out of whack all sorts of odd stuff can happen with regards to power management and the like.

    Go to the main Support page here. In the search field at the top LEFT of that page, do a search on the string "reset SMC". Look at the list of Knowledge Base articles returned and find the instructions that are specific to your model of Mac. The process is not hard in any case, but you do need to find the right instructions.

    Next, reset Parameter memory (PRAM). PRAM holds copies of certain system settings for rapid access. If it gets out of whack all sorts of other odd stuff can happen which often have the appearance of hardware problems. The instructions for resetting PRAM are the same for all Macs. To reset PRAM, Shut Down the computer. Then press and hold down all 4 keys Apple-Option-P-R, and, while doing so, press and release the power button. Keep those 4 keys held down until you hear the SECOND startup chime, then release them. Your computer will continue to boot up normally.

    Those two steps alone may fix your problem. But as long as you are doing basic maintenance, the next step is to make sure you don't have file system errors or file/folder permissions errors. Run Applications / Utilities / Disk Utility. In the column on the left select the line that has the name of your main hard drive. Then click on Verify Disk in the panel on the right. You will need to enter your Administrator password. Be patient, this will take a while and the progress bar may not advance until the very end.

    NOTE: If Verify Disk reports a problem, then you need to fix that before doing anything else. You can't repair your main hard drive while booted from it, so instead boot from the Leopard install DVD (hold down the "c" key while booting). After you select your language and get to the screen where you would normally start an install, INSTEAD run Disk Utility from the menu bar, select your main hard drive again, and this time do a Repair Disk.

    Presuming Verify Disk found no problems, now you should repair file/folder ownership and permissions for the system files (the stuff Apple installs). Again, you do this in Disk Utility. Select your main hard drive from the column on the left and then click on Repair Permissions in the panel on the right. Again, be patient. This will take a while and the progress bar may not advance until the very end. Don't worry if Disk Utility issues messages as it goes (even "warnings"). It is just doing its job. If it finishes and says "Permissions Repair Complete" then you are good to go.

    I suggest you Restart after this to get things in a fresh state.

    With any luck, your problems will be gone by now, but there are things you can check while waiting to see if the bogus shut down still happens.

    First, go to System Preferences / Energy Saver. Click on Schedule and make sure you don't have a scheduled shut down in there.

    Go to System Preferences / Sharing and make sure that Screen Sharing, Remote Management, Remote Login, and Remote Apple Events services are all turned off to avoid any chance that some other computer is doing something that is affecting your computer.

    If anyone shares your .MAC account you may also want to turn off Back To My Mac in System Preferences / .Mac until you are sure there is no issue there.

    It doesn't hurt to scan through the rest of your System Preferences looking for unexpected settings while you are at it.

    Now go to the System Profiler (Apple Menu / About This Mac, then click on More Info) and scan through the various reports it gives you on your hardware configuration, etc., looking for issues. For example, is the system recognizing all the memory you know is installed?

    If the computer is commanded to Shut Down in some fashion, there should be traces in the Console log (Applications / Utilities / Console). Select "All Messages" in the column on the left to be sure you aren't missing anything important. The fact that you are not seeing any error messages in the Console, or indications of a Kernel Panic, is what leads me to believe you are having a sudden loss of power -- which, presuming your battery is good, points the finger at the SMC. That's why I started all this with telling you to reset your SMC.

    Hope this helps!
    --Bob
  • Aldwin Arcega Level 1 Level 1 (0 points)
    I've done a reset to SMC.
    I've done a PRAM reset.

    Hope this will work. I'll be back within a week and let you know if this works or not.
  • Aldwin Arcega Level 1 Level 1 (0 points)
    I've done what you've said and its been a week now since i've done it but the problem still continues...
    there is no schedule shutdown in energy saver in pref..turned off my .Mac done the verify disk...

    here's some logs from the console..I appreciate if someone can interpret this message to me.
    Thanks.

    12/31/07 12:02:31 AM /System/Library/CoreServices/coreservicesd[45] SFLSharePointsEntry::CreateDSRecord: dsCreateRecordAndOpen(Guest's Public Folder) returned -14135

    12/31/07 12:03:05 AM [0x0-0x11011].com.stuffit.MagicMenu[137] 2007-12-31 00:03:04.930 MagicMenuHotKeyDaemon[165:70b] Terminated
    12/31/07 12:03:09 AM loginwindow[26] DEAD_PROCESS: 0 console
    12/31/07 12:03:13 AM loginwindow[26] CGSShutdownServerConnections: Detaching application from window server
    12/31/07 12:03:13 AM com.apple.loginwindow[26] Mon Dec 31 00:03:13 Macintosh loginwindow[26] <Warning>: CGSShutdownServerConnections: Detaching application from window server
    12/31/07 12:03:13 AM loginwindow[26] CGSShutdownServerConnections: Detaching application from window server
    12/31/07 12:03:13 AM com.apple.WindowServer[60] mach_msg (CGXKickEventHandler) failed (ipc/send) timed out
    12/31/07 12:03:13 AM loginwindow[26] CGSDisplayServerShutdown: Detaching display subsystem from window server
    12/31/07 12:03:13 AM com.apple.loginwindow[26] Mon Dec 31 00:03:13 Macintosh loginwindow[26] <Warning>: CGSDisplayServerShutdown: Detaching display subsystem from window server
    12/31/07 12:03:14 AM com.apple.launchd[66] ([0x0-0x21021].com.apple.AppleSpell[202]) Exited: Terminated
    12/31/07 12:03:13 AM SecurityAgent[2123] MIG: server died : CGSReleaseShmem : Cannot release shared memory
    12/31/07 12:03:14 AM /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[2138] Login Window Application Started

    then some recovery of some files message from my directories like spotlight.. etc...
    12/31/07 12:03:24 AM SecurityAgent[2151] Showing Login Window
    12/31/07 12:03:24 AM SecurityAgent[2123] ATSClient: can't re-connect with ATSServer status = -3182

    Thats the last time my computer is running before it shutdowns by itself when I left it running last night....
  • Aldwin Arcega Level 1 Level 1 (0 points)
    I heard hackers are targeting the macs now. Have anyone heard of a hacked mac now?
  • Barry Hemphill Level 8 Level 8 (36,895 points)
    Answer, no. I seriously doubt that your shut downs are a result of any hacking.

    If you have not done so, activate the firewall that is built into OS X. Go to System preferences>security>firewall. The default is to allow all connections. Set it to one of the other two options, depending on what you wish.

    Barry
  • Tom Gewecke Level 9 Level 9 (75,475 points)
    Go to system prefs/sharing/services. Do you have anything turned on?
  • Aldwin Arcega Level 1 Level 1 (0 points)
    Thanks for the replies... I checked it and nothing is turned on in sharing/services except my bluetooth mouse.

    Just wondering "can can we even tell that we are hacked? (hackers are definitely very very good and will not leave traces behind for you to determine that you are hacked. right?)

    Any way thanks to all that posted the solutions...
  • Mr.Lobotomy Level 4 Level 4 (1,295 points)
    (hackers are definitely very very good and will not leave traces behind for you to determine that you are hacked. right?)


    Depends on the hacker. What's certain, though, is that a hacker wants your computer so (s)he can use it, not to crash it. So your shutdowns are unlikely to be a hacker. FWIW, the "you've been hacked" websites that aren't trying to sell you their dubious Windows-only security software are actually hackers using the site to entice you to visit and be hacked! So the fact that you saw nothing on the page might just mean that because you have a Mac, they failed to hack you.

    My guess (just a guess, though) is that your random and frequent shutdowns are due to bad 3rd party software. Do you have anything in any or both of
    /Library/StartupItems/
    /Library/LaunchDaemons/
Previous 1 2 Next