HACKED! Someone just took control of my cursor while I was on the Internet! They started to open files and search through stuff but I immediately shut down my computer! I have been hacked and I need to know how to fix my problem???

Yea, that's how the Blackhole Exploit Kit works, it draws users to illegal TV/content sites and once Javascript is running it sniffs the History, browser, plugins etc and tailors a payload to compromise the machine.

Doesn't need root if it's just after a users files.

https://en.wikipedia.org/wiki/Blackhole_exploit_kit

Amarae24 wrote:

I had screen sharing on and remote login etc.

I do stream illegal Tv-Shows online and download music torrents

Could be anything, I suggest you backup only user files you know, can verify and manually drag to a external drive. (no TimeMachine, backup software or bootable clones) then erase and install the operating system.

Run a ClamXav scan on the user files before returning to the machine. Erase all other drives, clones, TimeMachines etc.

Erase, formatting, OS X installs on Mac's

I had screen sharing on and remote login etc. but I have disabled all of them!

Did the cursor movement stop when you did that?

Amarae24 wrote:

I was watching a YouTube video when my cursor suddenly started to control itself. I had screen sharing on and remote login etc. but I have disabled all of them!

Screen Sharing would be my top pick as it could immediately cause the the behaviour observed. What restrictions did you have configured? Remote login would take more work.

If you had your OS X Firewall turned on, then there could be entries in the /var/log/appfirewall.log about it. Another would be /var/log/secure.log.

Disinfecting may not be necessary if they just came through the open door, but too soon to say until you've done a scan or two.

Amarae

If it helps I will inform you that I do stream illegal Tv-Shows online and download music torrents,

Good luck with that. You've opened up your Mac to a myriad of catastrophes. I'm honestly not trying to be critical, but what you've done with Torrents, is just like lying down on railroad tracks, and then being confused and upset about being hit by a train. All the best.

There are several possible causes for this issue. Take each of the following steps until it's resolved.

1. Follow the instructions in this support article.

2. Reset the System Management Controller.

3. If you're using a Bluetooth trackpad, investigate potential sources of interference, including USB 3 devices.

4. A swollen battery in a MacBook Pro or Air can impinge on the trackpad from below and cause erratic behavior. If you have trouble clicking the trackpad, this is likely the reason. The battery must be replaced.

5. There's a report that a (possibly defective) Thunderbolt Ethernet adapter can cause the built in trackpad of a MacBook to behave erratically. If you're using such an adapter, disconnect it and test.

6. There's also a report of erratic cursor movements caused by an external display that was connected but not turned on.

7. If none of the above applies, or if you have good reason to think your computer is being controlled remotely, remove it from the network by turning off Wi-Fi, disconnecting from a Bluetooth network link, and unplugging the Ethernet cable or USB modem, whichever is applicable. If the cursor movements stop immediately, you should suspect an intrusion.

Do you really think all this: ”Someone just took control of my cursor while I was on the Internet! They started to open files and search through stuff but I immediately shut down my computer!” would have happened if it was just some erratic cursor behaviour?

I'm still baffeled, but it seems someone just remote controleld my computer too… I realise now I should't have interupted so soon (and instead wait and see what would have happen), but I did and now I guess well never know if it actually was a human behind it (unless someone can find something in the logs – i did run a ”sysdiagnose” about 10 minutes after the occurance).

Martin --

Look at the dates these were posted. You did not interrupt the thread, as it's been dormant for 7 months.

If you're having problems, please start your own new topic. Include the year of your MBP, and which OS are you using.

Also, have you tried any of the solutions offered above? Please do, and report results.

Yes, I see the dates. Didn't think it was that long ago. And thought why not just continue here since my issue was somewhat similar. But sure I can start a new topic...

The thing is, I know you high level guys probably think most people posting here are computer illiterate n00bs, but I'm not one of them. 😉 While I'm far from any sort of OS X master (I have a lot to learn still) I've been using Macs on a regular basis since my mother got her first Mac in 1989 and I have been an OS X user supporter and system administrator and consultant for soon over a decade. Also worked at the Apple call center on Ireland for a year (not that it necessarily means much when it comes to knowledge, but anyway…) With that said I don't feel the need to do some of the troubleshooting the general might get suggested to try. Of course I co

Anyway, I was really surprised to see the app switcher get activated and the mouse cursor moving when it happened and though I might had put something on the keyboard. But no, and then it happened again.

MacBook Pro 2010 running OS X 10.9.1 in ”clamshell mode” (display closed) connected to Apple Cinema 23" display.

What I can say too is that I have been running this computer since August last year and the system on it was not installed by me, but my colleague at work (IT department). I was just supposed to have it temporarily at first, therefore I decided not to do a fresh install. But the only admin account on it is mine and I've changed it to something only I know.

Maybe there is some malware or ”hole” in the system but this is the first time I noticed something like this on it. It could absolutely be a coincidence, but the last software I used on it was this (just for fun): https://www.macupdate.com/app/mac/50261/asppppp

But, it wasn't running when ”ghost control” happened. But maybe it started a background process or something…? Too early to say. We'll see if I can figure something out tomorrow at work.

Martin Bergstrom wrote:

thought why not just continue here since my issue was somewhat simmilar. But sure I can start a new topic...

There are several advantages in starting a new topic.

We can see right away what your setup is if your profile is up-to-date without having to go to a new screen and see if we can figure out what you have going for you.

There are many instances of individuals believing that the OP's situation is identical to there's but we learn later after having to ask a lot of questions about the new user's issue is that it isn't the same at all due to some small differences that were not initially apparent.

Most important is that you will attract the immediate attention of folks who are actively watching the forum at the time who may have more up-to-date information on your problem instead of relying on only the small group who participated back in March.

MacBook Pro 2010 running OS X 10.9.1 in ”clamshell mode” (display closed) connected to Apple Cinema 23" display.

Then I'll just make a quick comment here that fully 90% of the times we run across erratic behavior of the cursor with a laptop, it ends up being pressure from under the trackpad caused by a swollen battery. I can guess that would be even higher for one in "clamshell mode". See My mouse keeps moving around on its own, as if someone is remotely controlling my Mac!.

Sure thing. I see your point. The thing is I just wanted to wait until I investigated my issue more. And just now a few minutes ago I came to think there might have been a natural explanation for my "ghost". I think I have (without thinking about it) connected a USB hub when I came back from a meeting today, and that probably have a mouse connected! But it was hidden under a bunch of cables and other stuff on my desk, so it moved when I temporarily put a big CD sleeve on top of it (hiding the mouse and cables even more).

So, seems it was my bad this time! Need to clean my desk... 🙂

Anyone knows how the thread starter's story ended?

Did you get water on the track pad? The tiniest bit of water can make your cursor go wild.

Good news, Martin.

I love it when things get fixed that easily, LOL.

peter, Amarae has not been back since June.

Agreed it's great. 🙂 And also shows one (well, I at least) still can make basic mistakes after all these years. Even if this was quite good at disguising itself. ..

By the way, both of you will get a like since I awoken this zombie thread and wasted your time with a non-issue.