Previous 1 2 Next 15 Replies Latest reply: May 27, 2015 7:52 AM by njcomputermedic Branched to a new discussion.
Enio Cordoba Level 2 Level 2 (390 points)

Hi

I did a very stupid thing. In multitasking many issues I needed to talk to Belkin support. I googled them and without paying attention I clicked on the topmost (paid ad) link. Not paying attention I got typical bangalore? tech support. All I wanted was the question How do I log into a router password & ip address answered. The tech was their usually over polite self and said he would fix the issue.

He said he would fix it remotely by logging into my system. Normally I would have said no way but I wasn't thinking. He downloaded a little app onto my system and was able to mess with my system. He needed a password for my router so I gave him one of my many lttle used ones. He kept putting me on hold while he "checked something" I was very careful to watch the screen though. He wanted to restart but I was in the middle of a download from adobe so I told him no. At the end  of about 5 minutes he started with a sales pitch of $459 and then took a drop to $169 for a service contract. When I refused and asked him who this company was he said iYogi and tried to convince me they were Belkin authorized TSupport.  When I refused to buy, he immediately forced my computer to reboot and then hung up. Upon restarting I noticed that Safari was trying to communicate/log in to something so I basically pulled the ethernet plug. I immediately changed all of my passwords regardless but I feel I may have something aboard my Macbook Pro

 

1 weeek later my Facebook page is acting weird, loading as text only. When I ran disk repair it gave a time of 1 hour 19 minutes but the bar never moved. Kept seeing Java repairs and some other stuff but when I finally checked permissions had been completed. Decided to run again. This time it said 1 hour 12 minutes but again the progress bar did not change. I did copy some of the Disk repair issues. Can anyone tell from this if it looks like I'm infected?

Suggestions/Solutions welcomed.

 

Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.

Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rw-r--r-- .

Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib".

Thanks

Enio

 

ps There is a page on the internet about iYogi scam that appears to be made by them singing their praises and blaming  in order to reassure people who think they might have been scammed


Mac Pro, Mac OS X (10.7.3), 2.66 dual core
  • varjak paw Level 10 Level 10 (169,830 points)

    Those messages regarding the ARDAgent are all normal and not an indication that your system has been compromised. The same probably applies to any Java permission messages you may see in Disk Utility. See:

     

    http://support.apple.com/kb/TS1448

     

    If, however, you allowed someone to download anything on your computer that allowed that person any sort of control over your system, you may well still be compromised. Since we have no way of knowing what he might have downloaded - if you didn't give him your administrator ID and password he probably couldn't have installed anything really nefarious, but we can't be absolutely sure - I'd recommend backing up all your important documents and content, erasing the hard drive, and reinstalling Mac OS X and your apps from scratch. That's the only way you can be really certain your system isn't compromised.

     

    I'd also suggest you immediately change passwords to any of your online accounts - bank, iTunes Store, etc. - as a precaution.


    Regards.

  • R C-R Level 6 Level 6 (15,935 points)

    FWIW, iYogi seems to be a legitimate remote tech support company, but with a recent history of high pressure sales tactics, according to this Wikipedia entry.

  • Enio Cordoba Level 2 Level 2 (390 points)

    According to Leo LaPorte it's an ongoing problem in India but their actions in this case, rebooting my system against my specified wishes, asking for passwords, and the system trying to contact them upon reboot is evidence of malicious intent.

  • Tanit53 Level 1 Level 1 (0 points)

    Exactly the same thing happened to me. I thought I was ringing the apple help line, as iyogi comes top when I google searched apple, and they use the word apple n their advert. I was on the phone 3/4 hour. They directly accessed my laptop, though it was a problem with the ipad. I thought it was ok, because I thought it was apple.  Then they mentioned money in an indirect way at the end and I figured out what was going on. I'm a pensioner and dont have much understanding about all this and am now really worried. I gave them my phone number and email address as well, but no passwords.

  • DDCon Level 1 Level 1 (0 points)

    Sounds terrifyingly similar to my morning. i  Googled HP support for a phone nuber, called the first one that came up. I allowed them access. Then they wanted to charge me a ridiculous amount to clarify a scanning issue.  I hung up and shut down my Mac and when it started up again I had no access to any applications, AT ALL!!!. tried to reboot again and now it wont even turn on.  Iyogi IS without a doubt a scam in my opinion.  They wanted to know how many other computers were on my network etc.  Something needs to be done about these companies. Why is google allowing them to run the ads that they do?  There are enough legitimate paying companies that need to advertise they certainly dont need to accept cash from companies that are set up to scam peolpe.  Wasted half my day on this.  Now i have to go and cgange some passwords.    ANd no idea what wrong with my $4000 Imac

  • 13Deborah Level 1 Level 1 (0 points)

    I just encountered iYogi, and while he had access to my screen, he copied my Ethernet ID.  As far as I could see he didn't have any other access, other than that I had to enter my password, which showed on the screen as encrypted -- could he have captured my keyboard strokes?  I have cleared the caches in both Safari & Chrome; do I need to do anything else (short of the drastic steps outlined above); are they likely to have some sort of access to my computer now?

  • Betteb Level 1 Level 1 (0 points)

    Very distressing:

     

    My recent experience involved stumbling across iyogi when i was in a panick after my computer played up.  Thought iyogi was with Apple as that's how it presented in their ad.  I allowed them into my computer.  All seemed fine at first.  They downloaded Mackeeper which showed the bad shape my computer was in.  Then came the fee options (1, 2 or 3 yr) ranging from $330 up to nearly $600.  I agreed to take the one year and when it was time to pay, they provided a screen for putting in your details.  I said to the guy I did not feel comfortable about providing my details on that form and asked if they had P-Pal.  He questioned why I would want to use P-Pal and I told him it is the safest way to do transactions as that's what the ads say on TV.  He argued that P-Pal is not safe.  I still would not agree to putting me details on the form so he put me through to someone on the phone instead and I gave them my Amex card details.  Then they said it wouldn't process as the lines went down and asked if I had another credit card.  I got a really bad feeling and told them I did not feel comfortable about giving any further credit card information.  They convinced me it was safe and said it would be totally secure if I entered using the keypad of my phone instead of just giving them the number.  They said the payment went through and the guy said he was just going to do some tests on my computer.  I noticed that they put my on hold and did not talk to me while testing which I thought was strange as whenever Apple has helped me remotely they are always communicating with you while their doing things, telling you what they are doing step by step.  He was in there for a long time.  A screen came up that seemed to have historical data on it.  He then finally came back to me and said he was just going to put me through to another guy who was going to fix the problem.  By this stage I had been on the phone for nearly one hour.  He put me through to the other guy and the first thing this guy said to me was "what's your mother's maiden name?"  Right then I knew this was definately dodgy.  I asked him what he needed the name for and he said it was for security purposes,.  I argued how it could be when i've never given them my mother's name for any reason since being on the phone.  When he said that, I told him I no longer wished to go ahead with the service and that I wanted my card refunded.  He tried placating me, saying it's ok, there's nothing to worry about and telling me to calm down.  The more he talked the more panicked I became.  I demanded he reverse the transaction on my credit card. I demanded he get out of my computer and I told him I sensed the company is dodgy and that I was concerned that they have stolen my personal information.  He kept pressing me to continue, until I screamed at him that I will be calling my bank straight away to cancel all of my credit cards and to change all of my banking details AND that I was going to contact the Australian Federal Police to report their company.  He finally put me through to someone he said would reverse the transaction.  It was a woman and she too asked me for my mother's maiden name "for security purposes."  I just screamed at this woman.  Told her my mother's maiden name is not relevant to anything and that I wanted my credit card refunded.  Unbelievable she kept going on and on and on trying to press me to continue with the service and transaction.  It was not until she heard me talking to someone on my other phone (talking to my bank) and she asked who I was talking to, I told her it is my bank and now the bank person on the phone will be witness to the fact that you are refusing to reverse the transaction on a service I decided I didn't want.  With the bank hearing everything I told this woman I would be cancelling all banking details and changing everything and reporting their company to the police....... It was ONLY then that she agreed to reverse the transaction. 

     

    My computer is 5.5 years old.  I have decided to purchase a new one because I simply could never feel safe using that computer again.

     

    Very distressing.

  • thomas_r. Level 7 Level 7 (30,185 points)

    I can't wade through the whole of that story, but a few points...

     

    1) There's no need to purchase a new computer over this.

     

    2) You got scammed by a fake tech support company. It sounds like they may have refunded you, but I would still report the incident to your credit card company. I would probably ask for a new card to be issued and the old one cancelled.

     

    3) Since you gave these people remote access to your computer, you should erase it and reinstall everything from scratch. There's no telling what they may have done. See:

     

    How to reinstall Mac OS X from scratch

  • Revolting Dan Level 1 Level 1 (0 points)

    If Apple extended their after care iYogi wouldn't exist. My 2 year extended after care expired and I was told there was no option to take it up further.  Recently my iMac crashed...Black Screen ....... went on line to look if Apple after care listed a pay as you go system spotted the Apple/iYogi site called the number, signed up to the 2 years cover, they fixed the problem. Didn't ask for any sensitive info or want to take control of the iMac, just fixed the problem. I now feel like I have cover,something I didn't have through Apple. Granted I would feel better if I could have had Apple but alas that wasn't a choice. By the way they informed me that should the problem be covered by the trades act I could get Apple to fix it free.

     

    Relax take a look

  • seventy one Level 6 Level 6 (10,965 points)

    "They downloaded MacKeeper"   

     

    Oh dear, Betteb, I'm afraid that says it all.   Just enter Mackeeper into the Apple search box for more details.

  • Revolting Dan Level 1 Level 1 (0 points)

    Is there a slight taste of snobbery on this thread> MacKeeper like iYogi is fine by me. I have used MacKeeper for more than three years and find is great to get rid of the rubbish I like everyone collects from time to time. Whats the big problem, does Apple hold an unblemished reputation with every one of their customers, no of course not. I am bitterly disappointed that the extended after care is just for 2 years. It shows a lack of confidence in their product. A company such as iYogi fills this important gap. Get off your high horses.

  • thomas_r. Level 7 Level 7 (30,185 points)

    Revolting Dan wrote:

     

    Is there a slight taste of snobbery on this thread

     

    No. In fact, I cannot identify anything that could have been identified as "snobbery," so I can only guess that you're trying to poke a hornet's nest with a stick.

     

    MacKeeper like iYogi is fine by me.

     

    Then you need to learn more.

     

    MacKeeper is currently the subject of two separate class-action lawsuits alleging fraud. It is junk software that has no place on any Mac. Most of its features are useless, and those that are not are done better by smaller and more reputable free utilities. Regarding the feature that you tout as being so useful, Macs do not need the kind of "cleaning" that MacKeeper and other utilities like it perform. See The myth of the dirty Mac.

     

    As for iYogi, I have no personal experience to offer, nor do I have any empirical evidence for or against it. However, anecdotal evidence, such as that presented above by other posters, provides a significant amount of context. One person being told to download MacKeeper by a iYogi tech makes them extremely suspect in my mind. The fact that they also asked a person for her mother's maiden name is also highly concerning. Since online tech support scam companies are a dime a dozen these days, and I've seen countless people scammed by them, I strongly recommend against the use of any company like iYogi. Some of them may be legit, but how can you tell? If you need tech support and you aren't willing to get it from Apple for whatever reason, it's better to play it safe and stick to local techs with a physical storefront where you can speak to someone face-to-face.

     

    (Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

  • lissainoz Level 1 Level 1 (0 points)

    After an hour and a half, with no access to any mac technicians during this time ("they are still busy", "I am sorry...for your inconvenience..."), being cut off twice after giving all my details to PC techs, being referred to three different "direct lines to mac technicians" which were 'not in service' when I dialed them from my land line while still on hold, and being transferred to a Customer Service Technician, I finally asked for a full refund to my account. The last 30 minutes was taken up with efforts to extend my service for an additional 6 months...my response being "6 months of nothing still equals nothing". After "understanding" my frustration, informing me the refund would be pro-rata but without telling me any amount, and my requesting full refund for the service I had not been given, I was given a confirmation of the full refund to my account which will occur "within 5 to 7 days". I will "receive an email confirmation" when this transaction occurs.

    On the flip side, I was able to uninstall MacKeeper completely, thanks to Google, while spending so much time on hold!

  • lissainoz Level 1 Level 1 (0 points)

    Interesting, I used The Safe Mac website to uninstall MacKeeper!

Previous 1 2 Next