Malware on a Macbook Pro

Question

Level 1

10 points

Malware on a Macbook Pro

I have receive emails from my own account threatening me and threatening to send emails to my contact list using my name and address. The sender says they have full access to my account and contacts. The malware "was downloaded from a site you visited" He explains: "Trojan virus gives me full access and control over a computer or other dive. This means I can see everything on your screen, turn on the comer and microphone, but you do not know it." He explains: "My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent." He wanted money in bitcoins or he would email all of my contacts with negative information about me. I have subsequently ignored his threats (3 malicious emails) and have reviewed my configuration with Apple Support. However, my wife has received phishing files with attachments purportedly from me. We deleted this files.

My question is, how do I ensure that he cannot control my computer. I run Malwarebytes and have downloaded Etrecheck. Malwarebytes reports no malware but EtreCheck found several unsigned files related to Javascript downloaded about the same time that the visit to the questionable site occurred and referenced in the original email. Should I be concerned about these unsigned files?

I have screen shots from the EtreCheck report if I can figure out how to upload them. Any help would be appreciated to put my mind further at ease.

MacBook

Posted on Dec 28, 2018 1:40 PM

Reply

Answer 1

Dec 28, 2018 4:38 PM in response to DRJGH

What happens if one of my friends opens an email and thinking it is from me and clicks on the attached link thereby inadvertently download a virus onto their computers?

This happens to me, friends and colleagues every week, if you want to be proactive, contact them and explain very briefly what happened and what they should do.

This is Apple's own excellent advice:

"If you receive a phishing email or text message:

Scammers try to copy email and text messages from legitimate companies to trick you into entering personal information and passwords. Never follow links or open attachments in suspicious or unsolicited messages. If you need to change or update personal information, contact the company directly.

These signs can help you identify phishing scams:

The sender’s email address or phone number doesn’t match the name of the company that it claims to be from.
Your email address or phone number is different from the one that you gave that company.
The message starts with a generic greeting, like “Dear customer.” Most legitimate companies will include your name in their messages to you.
A link appears to be legitimate but takes you to a website whose URL doesn’t match the address of the company’s website. To confirm the destination of a link on your Mac, hover your pointer over the link to see the URL in the status bar.
The message looks significantly different from other messages that you’ve received from the company.
The message requests personal information, like a credit card number or account password.
The message is unsolicited and contains an attachment."

Reply

Answer 2

Dec 28, 2018 2:12 PM in response to DRJGH

If you have an issue and want us to review your etrecheck report, post the whole report. Use the extra text icon in the edit window to post the report.

Reply

Answer 3

etresoft

Level 9

56,662 points

Dec 28, 2018 2:45 PM in response to DRJGH

Just ignore it. It’s all fake. Almost everyone in the world has received e-mails like this.

Reply

Answer 4

DRJGH Author

Level 1

10 points

Dec 28, 2018 2:15 PM in response to Gary Scotland

WE have not opened them or replied to them. I am concerned because they are using my email address and posing as me when contacting others - and my wife has received an email posing as me using my email address. What happens if one of my friends opens an email and thinking it is from me and clicks on the attached link thereby inadvertently download a virus onto their computers? Of course, I realize that if they can use someones phone number to call others without them knowing it, they can probably do the same with my email address. See the EtreCheck report below on suspicious unsigned files on my computer.

Reply

Answer 5

DRJGH Author

Level 1

10 points

Dec 28, 2018 2:22 PM in response to DRJGH

Attached is the EtreCheck Report

Etre

Reply

Answer 6

Dec 28, 2018 2:03 PM in response to DRJGH

This is a phishing scam, ignore it.

It is similar to unsolicited scam phone calls, the caller may know your name and phone number, but cant know what computer or software you have, its a scam. You cant stop the phone calls or emails from reaching you, but you can ignore them and never replying to emails or phoning back, this just confirms there is a valid contact.

Reply

Answer 7

DRJGH Author

Level 1

10 points

Dec 28, 2018 2:06 PM in response to DRJGH

Attached is the "Minor Problems" part of the EtreCheck Report. I am concerned about these files because they were installed about the time I visited the questionable site. I am particularly concerned about the SafariBookmarks entry because I would think that Apple would sign their software.

EtreCheck Report on Unsigned Files

Launchd Files

Launchd script:/Library/LaunchAgents/com.oracle.java.Java-Updater.plist

Executable:/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck

Status:Not Loaded

Install date:2018-03-28 16:09:49