Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Have I Been Compromised? iYogi Scam!

Hi

I did a very stupid thing. In multitasking many issues I needed to talk to Belkin support. I googled them and without paying attention I clicked on the topmost (paid ad) link. Not paying attention I got typical bangalore? tech support. All I wanted was the question How do I log into a router password & ip address answered. The tech was their usually over polite self and said he would fix the issue.

He said he would fix it remotely by logging into my system. Normally I would have said no way but I wasn't thinking. He downloaded a little app onto my system and was able to mess with my system. He needed a password for my router so I gave him one of my many lttle used ones. He kept putting me on hold while he "checked something" I was very careful to watch the screen though. He wanted to restart but I was in the middle of a download from adobe so I told him no. At the end of about 5 minutes he started with a sales pitch of $459 and then took a drop to $169 for a service contract. When I refused and asked him who this company was he said iYogi and tried to convince me they were Belkin authorized TSupport. When I refused to buy, he immediately forced my computer to reboot and then hung up. Upon restarting I noticed that Safari was trying to communicate/log in to something so I basically pulled the ethernet plug. I immediately changed all of my passwords regardless but I feel I may have something aboard my Macbook Pro


1 weeek later my Facebook page is acting weird, loading as text only. When I ran disk repair it gave a time of 1 hour 19 minutes but the bar never moved. Kept seeing Java repairs and some other stuff but when I finally checked permissions had been completed. Decided to run again. This time it said 1 hour 12 minutes but again the progress bar did not change. I did copy some of the Disk repair issues. Can anyone tell from this if it looks like I'm infected?

Suggestions/Solutions welcomed.


Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.

Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rw-r--r-- .

Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib".

Thanks

Enio


ps There is a page on the internet about iYogi scam that appears to be made by them singing their praises and blaming in order to reassure people who think they might have been scammed

Mac Pro, Mac OS X (10.7.3), 2.66 dual core

Posted on May 11, 2012 12:15 PM

Reply
16 replies

Jul 1, 2017 8:40 AM in response to Enio Cordoba

The easy answer is, yes. I had the same thing happen when I tried to access Microsoft Support.The problem I needed help with was slowing down my computer, so when Microsoft didn't respond I exited the window and did something else for about an hour. When I got back to the computer I had a blue screen with an ominous warning that unauthorized parties were trying to access my computer. I was directed to call a specific phone number for assistance. I called and was connected to a hyper-polite and heavily-accented man named Brian who said he was with Microsoft Tech Support, and would walk me through the steps I needed to follow to rescue my computer. Thinking I was talking to someone from Microsoft, I agreed and followed his instructions, including allowing him to take control of my computer so he could remove the dangerous malware that had been downloaded on it. Big mistake!
Somewhere along the line he said he was going to call me on the phone so we could go through the next steps etc. I have no idea how he got my phone number.... He called and much of what he was saying was very reassuring, we'd soon have this problem resolved, and he would have the thousands of dangerous programs removed from my computer, then he started telling me what I had to do to protect my computer 24/7/365. But I could NOT exit the page we were on or hang up or turn off my computer. For being such a good Microsoft client he could arrange for me to buy protection for a specially discounted price of $249.00. Huh?
Red flag, Flashing lights. Horns blaring. I walked right into a ransomware scam. Still on the phone I did a bit of amateur acting. Hello? Hello? Are you there Brian? I hung up. He called back within seconds. I turned off the computer, unplugged it, took out the battery, put my shoes on and ran out to the car and got to my computer guru's store in ten mintes flat.
I got a thing from Microsoft...
He turned on the computer.
That's not Microsoft. He waved at a line of about fifteen computers and laptops on the workbench. They came in this morning. They got the same message you did. He'd been getting eight to ten computers a day for the past week.

It cost me $145.00 to get the ransomware removed and the hard drive cleaned. That was over a year ago.
I've been getting calls from "Microsoft Tech Support Center" ever since. Before I stopped answering the phone when 800 numbers show up on the Caller ID, Brian was calling on averge three or four times a week. Now getting calls from the same number, but the name in Caller ID is IYOGI. They've called 32 times since June 26th. I'm calling the police to see if there's anything I can do to get these people to leave me alone.Good luck. I suggest taking your computer to a reputable computer shop and have them go over it.

May 11, 2012 12:34 PM in response to Enio Cordoba

Those messages regarding the ARDAgent are all normal and not an indication that your system has been compromised. The same probably applies to any Java permission messages you may see in Disk Utility. See:


http://support.apple.com/kb/TS1448


If, however, you allowed someone to download anything on your computer that allowed that person any sort of control over your system, you may well still be compromised. Since we have no way of knowing what he might have downloaded - if you didn't give him your administrator ID and password he probably couldn't have installed anything really nefarious, but we can't be absolutely sure - I'd recommend backing up all your important documents and content, erasing the hard drive, and reinstalling Mac OS X and your apps from scratch. That's the only way you can be really certain your system isn't compromised.


I'd also suggest you immediately change passwords to any of your online accounts - bank, iTunes Store, etc. - as a precaution.

Regards.

Jun 17, 2013 9:56 PM in response to Enio Cordoba

Exactly the same thing happened to me. I thought I was ringing the apple help line, as iyogi comes top when I google searched apple, and they use the word apple n their advert. I was on the phone 3/4 hour. They directly accessed my laptop, though it was a problem with the ipad. I thought it was ok, because I thought it was apple. Then they mentioned money in an indirect way at the end and I figured out what was going on. I'm a pensioner and dont have much understanding about all this and am now really worried. I gave them my phone number and email address as well, but no passwords.

Oct 29, 2013 8:25 AM in response to Enio Cordoba

Sounds terrifyingly similar to my morning. i Googled HP support for a phone nuber, called the first one that came up. I allowed them access. Then they wanted to charge me a ridiculous amount to clarify a scanning issue. I hung up and shut down my Mac and when it started up again I had no access to any applications, AT ALL!!!. tried to reboot again and now it wont even turn on. Iyogi IS without a doubt a scam in my opinion. They wanted to know how many other computers were on my network etc. Something needs to be done about these companies. Why is google allowing them to run the ads that they do? There are enough legitimate paying companies that need to advertise they certainly dont need to accept cash from companies that are set up to scam peolpe. Wasted half my day on this. Now i have to go and cgange some passwords. ANd no idea what wrong with my $4000 Imac

Dec 7, 2013 5:56 PM in response to Enio Cordoba

I just encountered iYogi, and while he had access to my screen, he copied my Ethernet ID. As far as I could see he didn't have any other access, other than that I had to enter my password, which showed on the screen as encrypted -- could he have captured my keyboard strokes? I have cleared the caches in both Safari & Chrome; do I need to do anything else (short of the drastic steps outlined above); are they likely to have some sort of access to my computer now?

Mar 6, 2014 4:18 PM in response to Enio Cordoba

Very distressing:


My recent experience involved stumbling across iyogi when i was in a panick after my computer played up. Thought iyogi was with Apple as that's how it presented in their ad. I allowed them into my computer. All seemed fine at first. They downloaded Mackeeper which showed the bad shape my computer was in. Then came the fee options (1, 2 or 3 yr) ranging from $330 up to nearly $600. I agreed to take the one year and when it was time to pay, they provided a screen for putting in your details. I said to the guy I did not feel comfortable about providing my details on that form and asked if they had P-Pal. He questioned why I would want to use P-Pal and I told him it is the safest way to do transactions as that's what the ads say on TV. He argued that P-Pal is not safe. I still would not agree to putting me details on the form so he put me through to someone on the phone instead and I gave them my Amex card details. Then they said it wouldn't process as the lines went down and asked if I had another credit card. I got a really bad feeling and told them I did not feel comfortable about giving any further credit card information. They convinced me it was safe and said it would be totally secure if I entered using the keypad of my phone instead of just giving them the number. They said the payment went through and the guy said he was just going to do some tests on my computer. I noticed that they put my on hold and did not talk to me while testing which I thought was strange as whenever Apple has helped me remotely they are always communicating with you while their doing things, telling you what they are doing step by step. He was in there for a long time. A screen came up that seemed to have historical data on it. He then finally came back to me and said he was just going to put me through to another guy who was going to fix the problem. By this stage I had been on the phone for nearly one hour. He put me through to the other guy and the first thing this guy said to me was "what's your mother's maiden name?" Right then I knew this was definately dodgy. I asked him what he needed the name for and he said it was for security purposes,. I argued how it could be when i've never given them my mother's name for any reason since being on the phone. When he said that, I told him I no longer wished to go ahead with the service and that I wanted my card refunded. He tried placating me, saying it's ok, there's nothing to worry about and telling me to calm down. The more he talked the more panicked I became. I demanded he reverse the transaction on my credit card. I demanded he get out of my computer and I told him I sensed the company is dodgy and that I was concerned that they have stolen my personal information. He kept pressing me to continue, until I screamed at him that I will be calling my bank straight away to cancel all of my credit cards and to change all of my banking details AND that I was going to contact the Australian Federal Police to report their company. He finally put me through to someone he said would reverse the transaction. It was a woman and she too asked me for my mother's maiden name "for security purposes." I just screamed at this woman. Told her my mother's maiden name is not relevant to anything and that I wanted my credit card refunded. Unbelievable she kept going on and on and on trying to press me to continue with the service and transaction. It was not until she heard me talking to someone on my other phone (talking to my bank) and she asked who I was talking to, I told her it is my bank and now the bank person on the phone will be witness to the fact that you are refusing to reverse the transaction on a service I decided I didn't want. With the bank hearing everything I told this woman I would be cancelling all banking details and changing everything and reporting their company to the police....... It was ONLY then that she agreed to reverse the transaction.


My computer is 5.5 years old. I have decided to purchase a new one because I simply could never feel safe using that computer again.


Very distressing.

Mar 7, 2014 1:47 PM in response to Betteb

I can't wade through the whole of that story, but a few points...


1) There's no need to purchase a new computer over this.


2) You got scammed by a fake tech support company. It sounds like they may have refunded you, but I would still report the incident to your credit card company. I would probably ask for a new card to be issued and the old one cancelled.


3) Since you gave these people remote access to your computer, you should erase it and reinstall everything from scratch. There's no telling what they may have done. See:


How to reinstall Mac OS X from scratch

Aug 8, 2014 12:46 AM in response to Betteb

If Apple extended their after care iYogi wouldn't exist. My 2 year extended after care expired and I was told there was no option to take it up further. Recently my iMac crashed...Black Screen ....... went on line to look if Apple after care listed a pay as you go system spotted the Apple/iYogi site called the number, signed up to the 2 years cover, they fixed the problem. Didn't ask for any sensitive info or want to take control of the iMac, just fixed the problem. I now feel like I have cover,something I didn't have through Apple. Granted I would feel better if I could have had Apple but alas that wasn't a choice. By the way they informed me that should the problem be covered by the trades act I could get Apple to fix it free.


Relax take a look

Aug 8, 2014 8:49 AM in response to seventy one

Is there a slight taste of snobbery on this thread> MacKeeper like iYogi is fine by me. I have used MacKeeper for more than three years and find is great to get rid of the rubbish I like everyone collects from time to time. Whats the big problem, does Apple hold an unblemished reputation with every one of their customers, no of course not. I am bitterly disappointed that the extended after care is just for 2 years. It shows a lack of confidence in their product. A company such as iYogi fills this important gap. Get off your high horses.

Aug 8, 2014 9:50 AM in response to Revolting Dan

Revolting Dan wrote:


Is there a slight taste of snobbery on this thread


No. In fact, I cannot identify anything that could have been identified as "snobbery," so I can only guess that you're trying to poke a hornet's nest with a stick.


MacKeeper like iYogi is fine by me.


Then you need to learn more.


MacKeeper is currently the subject of two separate class-action lawsuits alleging fraud. It is junk software that has no place on any Mac. Most of its features are useless, and those that are not are done better by smaller and more reputable free utilities. Regarding the feature that you tout as being so useful, Macs do not need the kind of "cleaning" that MacKeeper and other utilities like it perform. See The myth of the dirty Mac.


As for iYogi, I have no personal experience to offer, nor do I have any empirical evidence for or against it. However, anecdotal evidence, such as that presented above by other posters, provides a significant amount of context. One person being told to download MacKeeper by a iYogi tech makes them extremely suspect in my mind. The fact that they also asked a person for her mother's maiden name is also highly concerning. Since online tech support scam companies are a dime a dozen these days, and I've seen countless people scammed by them, I strongly recommend against the use of any company like iYogi. Some of them may be legit, but how can you tell? If you need tech support and you aren't willing to get it from Apple for whatever reason, it's better to play it safe and stick to local techs with a physical storefront where you can speak to someone face-to-face.


(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

Sep 23, 2014 9:45 PM in response to thomas_r.

After an hour and a half, with no access to any mac technicians during this time ("they are still busy", "I am sorry...for your inconvenience..."), being cut off twice after giving all my details to PC techs, being referred to three different "direct lines to mac technicians" which were 'not in service' when I dialed them from my land line while still on hold, and being transferred to a Customer Service Technician, I finally asked for a full refund to my account. The last 30 minutes was taken up with efforts to extend my service for an additional 6 months...my response being "6 months of nothing still equals nothing". After "understanding" my frustration, informing me the refund would be pro-rata but without telling me any amount, and my requesting full refund for the service I had not been given, I was given a confirmation of the full refund to my account which will occur "within 5 to 7 days". I will "receive an email confirmation" when this transaction occurs.

On the flip side, I was able to uninstall MacKeeper completely, thanks to Google, while spending so much time on hold!

Have I Been Compromised? iYogi Scam!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.