There are excellent posts on security at various sites and I'm bad at setting up hyperlinks, but *until you can get a new install disk*:
1) Disconnect from the internet; it's time to change your login password(s). If you are using an administrative account, think about setting up a user account without administrative privileges. Here are a few recommendations:
2) When you start up your computer hold down the shift key until you see the login window. You are now in "safe mode". Check and then secure empty the trash. If the spyware uses a preference file it might temporarily be disabled.
3) What I am writing now may not necessarily rid you of spyware, but it will give you some options until you get a system disk. Go to System Preferences (SP) (the apple icon in the upper left hand side of the computer). Open SP and then go to Accounts and open that. Try to open the lock or if it is unlocked you are in luck. If you can't open it, then you're password may have been changed and the following suggestions can't help much. If you can unlock the lock icon continue.
4) Click the password tab and change your password(s) if you have more than one account). This will require you to enter your old (and hopefully still working login password). In terms of new passwords, DON"T have any part of it be a word in the dictionary. These are subject to easy "brute-force" programs that can grab your password easily.
Use combinations of numbers, letters, and symbols. You can misspell a word or two. Make up sentences that remind you of your password. "Let he who is without sin cast the first stone"= LhwiWSctFS. Add numbers and characters, upper and lower case like $ % () 64@?/ etc interspersed. Use at least 9 characters. Look for any unusual item in"login items" and delete if it looks suspicious, using the minus sign. If you have no luck trying to change passwords, then go to the section which assumes you have a new OS X install disk. Your system login/administrative password has been changed.
If you have a friend with mac OS X you could reset your password by hooking up the two computers through the firewire ports and start up in Firewire target mode. (Another Google moment...maybe your new friend has a start up disk?)
5) Now close the lock and restart your computer. Login with your new password and then do a spotlight check for macscan and delete all macscan files (especially anything that has plist at the end (these are preference files).. Trash and delete what you find. You can also reinstall the software without deleting prior files, but "uninstalling" is the safer way. You could also just try the new password with MacScan to authenticate, but deleting and reinstalling MacScan is a safer bet.
6) Download/Install MacScan and enter your new administrative password which should enable you to run an authenticated full scan. Click on MacScan Preferences and check both tabs.If you don't have your purchase code, run in demo mode. Run a full scan. If you're lucky and MacScan finds something you know what to do. Be aware, however, that MacScan does not detect many commercial applications that might be considered spyware or malware.
7) If MacScan doesn't pick up a thing, try downloading, installing and running ClamXAV, as advised. You might also want to consider a program called Little Snitch which monitors outbound connections. You can Google this stuff and read up on it. Little Snitch won't eradicate; it just limits the outbound connections your computer can make.
8) The prior advice is right on point. Change ALL your passwords on all your accounts, hopefully in secure mode (https). This is only a temporary fix because some spyware may be capable of grabbing all your passwords until it is eradicated (for example, a keystroke logger literally grabs everything you type and can "phone home" that info)
9) Regardless of whether the above items work, your best bet is to look for an apple store where you are or go online and purchase an OS X TIGER Install DVD or whatever OS system you have been using. Maybe Leopard in the future?
10) Once you have the new OS DVD (im assuming your drive can at least read a dvd), you have a few choices here:
Insert the new dvd, restart your computer and hold the C key down until you see the logo and the "spinner". You are booting up from the system CD and not your hard drive. Personally, I would trash everything without saving anything from the hard drive. If there are things you really really want to save, photos, data etc, you should first save and burn them to DVD or an external hard drive before booting up with the system disk. Should you reinstall this later on your new system, you run the risk of reinfecting your new system all over again, unless you feel secure that a 3rd party app can scan the disks/drives with success. The risk of a mac virus is almost non existant at this time...the same holds true for trojan horses and most spyware. Phishing is another story.
You could retain the files and data you have by doing an archive and install which creates a NEW System Folder and renames your old system "Old System" but this is not recommended for obvious reasons.
So you have booted up with the system disk. Don't simply install. Just select English as your language and then go to the tab which enables you to open Disk Utility (i think it's called options...it's late, i'm tired and having a senior moment). Its there with other options such as reset password, etc.
While now in booted disk utility, highlight the whole disk (not just your hard drive), go to the erase tab, rename your hard drive if you like and open security options. For your purposes an erase would probably be ok, but the best thing to do is a secure erase. Check the button that says it will do "one pass"and install zeros on the entire drive, not just your hard drive volume. Then click erase. It will ask you to confirm.
Do so, but remember that ALL prior date will be lost for most purposes. It is feasible that Big Brother or others might be able to recover some data, but if you're not doing some identity theft scam, running with Al Qaeda, a big corporation looking to hold onto trade secrets, a bit paranoid or overly security conscious one pass should do. If you're up for it do 7 passes. Hey 35 sounds like even more fun! Think of all those extra zeros. ;>) One pass will take 30 to 60 minutes depending on the size of your hard drive. 35 passes could mean 7 to 24 hours.
Once the security wipe is done, your disk will probably have 3 partitions and a hard drive volume. Close Disk installer and Reinstall your system software. Check out security recommendations at Apple and other sites. For a minimum of time, you can get alot more protection. Consider using Filevault if you aren't already doing so. You are now doing a "clean reinstall".
You can Google login options mac to get a sense of what you feel most comfortable doing in terms of security and how you log in in the future. Don't enable automatic login. This = trouble if someone walks by your mac. They can start it up without knowing your password. Firmware protection is another option.
Now your computer has a better than 99.99999999% chance of being totally clean.
Deal with the harm that may have been done by changing every password on every account AGAIN. NOW. With your new clean computer.(except your new mac passwords). Consider changing your keychain password if you use keychain or boot up again and change your login password so that your NEW login password and keychain password are not the same.
If you have done online banking since the scam, and while at risk, beyond changing the passwords, you may want to contact your bank and change your accounts. All automatic charges/payments can be rolled over for 90 days. After that you need to give notice to payors/payees.
Finally, to limit the possibilty of identity theft, log onto www.annualcreditreport.com. There are 3 major credit bureaus. You have the right to a free check from each of them every year. This means you can stagger your requests to monitor credit activity every 4 months.
This is alot to digest, but I hope it helps. I'm sure you know the obvious = never ever click on a hyperlink from Paypal or anyone you don't know. The same holds true for downloads unless it's a reputable sight. Become aware of the small things you can do with your mac to make it even more secure than it already is.
However, when "I" do send you that email asking you to help, because my spouse/client/brother/father/sister/mother/adopted son/small goat/pig/chicken Nikomi Zimbabwe died with no heirs and I'm in charge of the account in Nigeria or maybe even Swizerland, it's real. It's me, remember?....and I just can't wait to share the millions with you because I read your email address and can tell from that alone that you're a kind compassionate trustworthy Christian/Bhuddist/Muslim/Agnostic/Atheist woman.
I also know because someone you don't know told me about you, or maybe I'm psychic or psychotic; I confuse the two. Just send me a little money to help bribe the court/process the application. Whats a few thousand when millions await you? God will bless you... and your little computer too ~!
So will I when I get your cashier's check ;>).
********************************************
An unjust law is NO law at all - St. Augustine
