11 Replies Latest reply: Feb 20, 2012 3:35 PM by WZZZ
carenalicia4930 Level 1 (0 points)

Someone hacked my computer and set up a new administrative account by re-registering my computer. I can not access this account nor delete it. How can I fix this and get my computer back to the way it was? And also prevent this from being able to happen again. I have the link the kid used (http://www.ihackintosh.com/2009/05/how-to-hack-the-user-password-in-mac-os-x-wit hout-an-os-x-cd/) Apparently he used hack 2. HELP PLEASE!


iMac
  • Topher Kessler Level 6 (9,865 points)

    You can use the OS X installation DVD to run the password reset utility and change the password for the new Admin account that was created. This in essence pulls the same "hack" that was used to change the account in the first place (see here for ways of doing this: http://reviews.cnet.com/8301-13727_7-20044353-263.html).

     

    When done, you can prevent booting to Single User mode or to another boot volume by enabling a firmware password on the system (see the "how to enable a firmware password" section in this article: http://support.apple.com/kb/HT1352).

  • WZZZ Level 6 (12,835 points)

    Which "kid" had physical access to your computer, which this requires? You should be able to go back in just the way he did, but using step one, since you should know the name of your user. If that won't work, then step 2. It's not really a "hack;" It's more a well known vulnerability, if you allow physical access to the computer.

     

    The computer wasn't "reregistered."

     

    This is obviously someone you know, so I would confront him or her with it.

     

    EDIT: Yes, of course, use Topher's method with the install DVD.

     

    Don't let the Firmware Password give you a false sense of security. Again, with physical access to the computer, the Firmware Pasword can easily be defeated. It sounds like you really need to take control of the situation, more than anything else. You also need to find out what else might have been changed during the time you lost control.

     

    Message was edited by: WZZZ

  • carenalicia4930 Level 1 (0 points)

    Okay thank you! I would like to try to reset the password without the installation dvd but I do not know the username he used. I apologize, I am not very knowledgeable about this sort of stuff so please bear with me. When we first realized what was done, I tried to just delete the account folder in my hardrive. Would it be the name that was on that? It does not have a name shown for the username of the account that I can see..

  • carenalicia4930 Level 1 (0 points)

    It was someone my sister had over, so yes he had physical access to the computer. He hasnt been much help in trying to fix the problem. So you are saying I should repeat the same thing he did? Do you know how I could figure out the username?

  • WZZZ Level 6 (12,835 points)

    We'd better find out which OS (Tiger, Leopard, Snow Leopard, Lion) you are using before proceeding.

  • carenalicia4930 Level 1 (0 points)

    10.5.8 so I think that is Leopard? Ugh once again I apologize for my lack of knowledge..

  • WZZZ Level 6 (12,835 points)

    Follow the directions for Leopard. Print them out first, or copy them by hand if printing is not available. They must be copied and typed in exactly, observing case and any spaces, or the the lack thereof.

     

    http://www.macyourself.com/2009/08/03/how-to-reset-your-mac-os-x-password-withou t-an-installer-disc/

     

    What happened to your install DVD? You should have it. It's an essential.

  • carenalicia4930 Level 1 (0 points)

    I followed the steps that the link gave me. Once I got to the list of usernames, the account I am trying to get rid of was not on there, so I exited.

     

    I have no idea what happened the the installation dvd. I will try my best to find it.

  • WZZZ Level 6 (12,835 points)

    What accounts were listed? Try the last method on that page. Scroll right down to the bottom. Make note of the item about Keychain.

  • carenalicia4930 Level 1 (0 points)

    All my regular accounts on the computer were listed just not the one that the kid put on that is labeled 'Other'. I followed the last methods on the link you sent me, was able to restart the computer and set up a new administrative account. Even using this new account I was not able to change the password or delete the other account.

    In the beginning, before I posted on this. After not being able to delete the account from my preferences I tried to delete the account by trashing the account folder. It has been deleted, but is not showing up in the deleted accounts folder. But the it still shows up on my login and under my account users in my preferences.

  • WZZZ Level 6 (12,835 points)

    Not sure why you can't delete that account. If you have admin privileges, you should be able to. Sounds like you only removed the Home Folder for that account.

     

    You should highlight/select the account you want to remove and then click the minus button. Might need to unlock the padlock with your admin password.

     

    Screen shot 2012-02-20 at 6.31.05 PM.png

     

    Have a look at these articles from Apple, if necessary.

     

    http://docs.info.apple.com/article.html?path=Mac/10.5/en/8235.html

     

    http://docs.info.apple.com/article.html?path=Mac/10.5/en/8162.html

     

    http://support.apple.com/kb/DL1399