Have I Been Compromised? iYogi Scam!
Hi
I did a very stupid thing. In multitasking many issues I needed to talk to Belkin support. I googled them and without paying attention I clicked on the topmost (paid ad) link. Not paying attention I got typical bangalore? tech support. All I wanted was the question How do I log into a router password & ip address answered. The tech was their usually over polite self and said he would fix the issue.
He said he would fix it remotely by logging into my system. Normally I would have said no way but I wasn't thinking. He downloaded a little app onto my system and was able to mess with my system. He needed a password for my router so I gave him one of my many lttle used ones. He kept putting me on hold while he "checked something" I was very careful to watch the screen though. He wanted to restart but I was in the middle of a download from adobe so I told him no. At the end of about 5 minutes he started with a sales pitch of $459 and then took a drop to $169 for a service contract. When I refused and asked him who this company was he said iYogi and tried to convince me they were Belkin authorized TSupport. When I refused to buy, he immediately forced my computer to reboot and then hung up. Upon restarting I noticed that Safari was trying to communicate/log in to something so I basically pulled the ethernet plug. I immediately changed all of my passwords regardless but I feel I may have something aboard my Macbook Pro
1 weeek later my Facebook page is acting weird, loading as text only. When I ran disk repair it gave a time of 1 hour 19 minutes but the bar never moved. Kept seeing Java repairs and some other stuff but when I finally checked permissions had been completed. Decided to run again. This time it said 1 hour 12 minutes but again the progress bar did not change. I did copy some of the Disk repair issues. Can anyone tell from this if it looks like I'm infected?
Suggestions/Solutions welcomed.
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rw-r--r-- .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib".
Thanks
Enio
ps There is a page on the internet about iYogi scam that appears to be made by them singing their praises and blaming in order to reassure people who think they might have been scammed
Mac Pro, Mac OS X (10.7.3), 2.66 dual core