HELP! I was scammed and convinced to run script on Terminal to delete "hackers" - that I now know are normal user accounts - and now I don't know what to do to!
Hi everyone,
Apparently I fell into a scam that started with my credit card being charged by some weird entity that leaded me to a scam website where someone made me a fake account with an email I never saw... long story short, I was panicking and that made me take advice from a random stranger on internet.
I was asked to run a code he gave me on terminal and a list of "things" appeared.
Then he told me I was hacked and those were other users inside my drive, gave me another command to run in order to delete them and so I did. Told me to delete the following ones:
_accessoryupdater
_amavisd
_analyticsd
_appinstalld
_appowner
_avphidbridge
_backgroundassets
_biome
_cyrus
_darwindaemon
_datadetectors
_demod
_diskimagesiod
_ftp
_iconservices
_installer
_jabber
_svn
Quoting:
To delete multiple user accounts on a macOS system, you can use a loop in a shell script to simplify the process. Here's an example of a script that deletes the user accounts mentioned:
```bash
#!/bin/bash
users=(
"_accessoryupdater"
"_amavisd"
"_analyticsd"
"_appinstalld"
"_appowner"
"_avphidbridge"
"_backgroundassets"
"_biome"
"_cyrus"
"_darwindaemon"
"_datadetectors"
"_demod"
"_diskimagesiod"
"_ftp"
"_iconservices"
"_installer"
"_jabber"
"_svn"
)
for user in "${users[@]}"; do
sudo dscl . delete /Users/"$user"
done
```
Save the script in a file, for example, `delete_users.sh`, and make it executable using the command `chmod +x delete_users.sh`. Then, run the script with administrative privileges using `sudo ./delete_users.sh`.
Please exercise caution when running scripts that delete user accounts, as it can result in data loss or other unintended consequences. Double-check the list of users to ensure that you want to delete them before executing the script.
__________________________________________________________________________________________
What happened was that, since that, I'm unable to connect to internet, some apps simply do not work and others I can't close.
A friend helped me - and he is quite sure I was scammed because I shouldn't have deleted those "things" .
My friend tells me that the problems I'm facing are a consequence of having deleted those:
_accessoryupdater
_amavisd
_analyticsd
_appinstalld
_appowner
_avphidbridge
_backgroundassets
_biome
_cyrus
_darwindaemon
_datadetectors
_demod
_diskimagesiod
_ftp
_iconservices
_installer
_jabber
_svn
And he also has the impression there is nothing I can do to recover them, and if I shut down the computer, there is a possibility that it won't turn on again.
And I just realised that the messages that that person sent me were produced by ChatCPT - something that is quite self evident to me now, but not a few hours back with all the stress from the situation.
I'm desperate because there are files on it I simply cannot lose.
Does anyone have any idea about this, that might help me? Is there anything you would advise me to do?
Thanks in advance,
M.
MacBook Pro 13″, macOS 10.15
