User profile for user: mowgli.mowgli
mowgli.mowgli Author
User level: Level 1
0 points

My MAC pro has been hacked, How do I recover my MAC?

Hi Folks,

My MAC Pro has been hacked and my master password for the file-vault has been reset.

I can change my admin user login password but cannot change my master password for the

file-vault which is also the security-net password.


Reasons for my suspicion of being hacked are the following.


My firewall had been turned off when I checked last.

I never did turn it off and was always on. I have turned it back on.

Also X11 was running along with text edit even though I did not run it.


I have reset my admin login password

but cannot change my master password as the current master passowrd has been changed

and this will not allow me to change it to the new one.


How can I change my master password?

Is there a sure fire way of finding out if my MAC has been hacked into?

How do I recover control of my MAC?



Please help,


Thanks,

Mowgli

MacBook Pro, Mac OS X (10.6.8)

Posted on Feb 4, 2013 2:47 AM

Reply
5 replies
User profile for user: mowgli.mowgli
mowgli.mowgli Author
User level: Level 1
0 points

Feb 4, 2013 8:28 AM in response to ds store

Ds,


When I back up my files off the machine and if there is some malware hidden

on the machine which the hacker could have installed wouldnt it jump on to the external drive too?


Is there a way to prevent/filter the malware from getting on to the external drive other than to loose

all my data?


Is there a way to also track the hackers activities so far on my machine so I could figure out what he was upto or what malware was installed by the hacker?


Could I use the 'sudo passwd root' to change my root or master password?


Thanks,

M

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,739 points

Feb 5, 2013 7:53 AM in response to mowgli.mowgli

First, make at least two current backups of all the files you want to keep in your home folder. One backup is not enough to be safe. Warning: Time Machine does not back up a legacy FileVault while you're logged in.

Then delete most of the data in your home folder. No less than about two-thirds. Deleting means moving to the Trash and emptying the Trash. Log out and log back in. You should then be able to deactivate legacy FileVault in the Security & Privacy preference pane.

Finally, restore the files you deleted. That will be easier if you don't use Time Machine to back up. If you do use it, you'll have to dig down into the backups folder to find the most recent snapshot of your home disk image file, then mount it and copy the files back to their original location. You can't use the time-travel interface for this purpose. The disk image file, named "you.sparsebundle" (substitute your short user name for "you"), will be in the snapshots of your home folder.

If you restore everything, you'll probably fill up your boot volume again. Some of the files may have to be restored to a secondary storage device, and it will then have to be backed up along with your primary device.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

My MAC pro has been hacked, How do I recover my MAC?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up