someone has gained access to my computer. please help

dough254 wrote:... what to do to stop this....

Contact Apple Intel-based iMac Support.

Message was edited by: EZ Jim

Mac OSX 10.9

First, disconnect from the network by unplugging the Ethernet cable or turning off Wi-Fi, whichever is applicable.

If iChat is running, deselect Share My Screen under the Buddies menu.

In the Sharing preference pane, uncheck the boxes marked Screen Sharing, Remote Login, and Remote Management.

If you've installed an application called "TeamViewer," delete it according to the developer's instructions.

Reconnect to the network and see whether there's a recurrence.

Linc Davis wrote:

If you've installed an application called "TeamViewer," delete it according to the developer's instructions.

FYI

TeamViewer will not connect without a prominent dialog box detailing who connected, and how long ago, hard to miss it.

Uninstall Hamachi.

Any third-party software that doesn't install by drag-and-drop into the Applications folder, and uninstall by drag-and-drop to the Trash, is a system modification.

Whenever you remove system modifications, they must be removed completely, and the only way to do that is to use the uninstallation tool, if any, provided by the developers, or to follow their instructions. If the software has been incompletely removed, you may have to re-download or even reinstall it in order to finish the job.

I never install system modifications myself, and I don't know how to uninstall them. You'll have to do your own research to find that information.

Here are some general guidelines to get you started. Suppose you want to remove something called “BrickMyMac” (a hypothetical example.) First, consult the product's Help menu, if there is one, for instructions. Finding none there, look on the developer's website, say www.brickmyrmac.com. (That may not be the actual name of the site; if necessary, search the Web for the product name.) If you don’t find anything on the website or in your search, contact the developer. While you're waiting for a response, download BrickMyMac.dmg and open it. There may be an application in there such as “Uninstall BrickMyMac.” If not, open “BrickMyMac.pkg” and look for an Uninstall button.

Back up all data before making any changes. You generally have to reboot in order to complete an uninstallation.

If you can’t remove software in any other way, you’ll have to erase and install OS X. Never install any third-party software unless you're sure you know how to uninstall it; otherwise you may create problems that are very hard to solve.

You may be advised by others to try to remove complex system modifications by hunting for files by name, or by running "utilities" that purport to remove software. I don't give such advice. Those tactics often will not work and may make the problem worse.

You can also use AppCleaner to uninstall applications and most, if not all, of the files they create to support them, most notably in the Preferences folder in your Home directory.

Now, I agree that since hacking a Mac from a distance is not an easy task, it's not impossible; it just takes a lot of time, dedication and expertise.

I agree with those here who think that any screen sharing or IM application you or your relatives may have installed on this Mac are probably the ideal conduit for all the bad behavior you've been subjected to, and the best way to get rid of it all would be to back up your personal data, and to reinstall OS X after erasing (zeroing out) your hard drive.

At this stage, it's probably just a distateful prank, but it could turn ugly rather quickly. If the other party(ies) can open your Web browser like that, who knows what they'll do next?

Additionally, and though there have been hot debates about the use of antivirus applications on OS X, you could install a free antivirus such as ClamXav or Sophos (both are free) and have it scan your Mac in depth.

It may find some items of interest...

You can also install the demo version of MacScan and run a full scan, just to be on the safe side.

MacScan fails miserably. Also, unfortunately, ClamXav.

http://www.thesafemac.com/macscan-disappoints/

No harm in running an A-V (VirusBarrier Express free from the App Store has excellent results and since it works only as an after the fact scanner, it won't introduce any possibly destabilizing system modifications.)

I wouldn't recommend any of the App cleaners, since they may inadvertently remove needed files, and won't necessarily find all related files of a complex application, especially something that has installed any kexts. I don't trust any of them.

When I need to uninstall something, I do it manually using FindAnyFile or EasyFind. Use FAF from root by clicking on Option-Find, to search all locations.

Since the intruder appears to have had unlimited access and could have installed or left behind who knows what, it would probably be best to follow these instructions, courtesy Thomas Reed.

This means that the safest thing to do at this point might be to erase the hard drive completely, reinstall the system and any apps from scratch, and then restore your documents (and only documents, no settings files, applications or other such things!) from a backup. That is the only way that you can be 100% sure that there's nothing installed that is still giving these scammers access to your data.

And just to add for clarity: the danger in running any A-V, even a good one, in this situation (or any, for that matter) will be that, even if it scans fully without finding anything, it may lead the OP to feel that he or she is home free. The A-V may not have cataloged something yet, but, much more important, if the intruder installed some kind of back door, it's very unlikely any A-V will find it and this will leave the OP feeling complacent.

To use either EasyFind or FAF to uninstall, it is necessary to search by using the name of the app, or the developer or anything else that might identify the responsible files. The drawback to searching and uninstalling this way is that a search will be restricted to those titles and might miss something listed some other way. But if one is careful to search under any possible name, one of these will usually catch everything.

EF has to be set to Scan all Files (from Settings), with Ignore Case and Invisible checked.

I'm not sure I share your take on the AV applications I mentioned, but I agree with you that they may leave the user falsely comforted that his/her machine is clean, if the scan doesn't find anything.

On the other hand, and though I haven't used MacScan in a long time, it certainly pointed at possible (Windows-related...) threats once or twice in the past on my machines, so it's not all that bad. The same goes for Sophos and ClamXav, that I used recently, and uninstalled because they were hogging the CPU and RAM on my venerable 2006 MBP.

The good point in the software I pointed the OP to is that they're free, and can help in forming a first opinion as to what to do next: keep his/her machine the way it is, or reinstall after erasing the hard drive.

I would definitely go for the latter, in this case...

As far as AppCleaner is concerned, I never let it delete anything other than third-party applications, so the risk of it deleting system files and the like is pretty minimal, IMHO.

Uninstalling Hamachi on Mac

Follow the instructions to remove LogMeIn Hamachi from your Mac:

In Finder, go to the Applications folder and double-click HamachiUninstaller.

Choose if you want to Remove all settings and Hamachi configurations.

If you select this option, all your networks and membership information will be lost.

If you leave the option unselected, you will have all your networks on the Hamachi user interface when you reinstall LogMeIn Hamachi.

Click Yes.

Enter your Mac user password and click OK.

http://help.logmein.com/selfserviceknowledgerenderer?type=FAQ&id=kA0a0000000sbju CAA

Do not use "AppCleaner" or any other "utility" to remove Hamachi (or any other system modification.) "Anti-virus" software is completely useless for detecting OS X malware, which you don't have in any case.

For other situations, not yours however, A-V may or may not be useful.

For an impartial and non-dogmatic appraisal of this question, please see

http://www.thesafemac.com/mmg-antivirus/

And as Snow Leopard is now three OS iterations behind, it will inevitably lose support from Apple for security patches, and possibly XProtect updates (XProtect is Apple's built in malware detection)--this may happen sooner rather than later. At that point it may be worthwhile considering running some form of A-V.

I don't actively run any A-V now, but when it becomes clear that Snow Leopard is no longer being supported, I will seriously consider using an A-V. It will probably be Sophos, which, with some exceptions, generally has a good track record for not causing any issues. If it does cause problems, it is a simple matter to uninstall it. The latest release comes with an uninstaller.

In the meantime, if one believes they may have unwittingly become the vitctim of some kind of infection, there is VirusBarrier Express from Intego, free from the Mac App Store, which can be used for post-infection scanning. It has shown excellent results in identifying Mac malware. But, again, one needs to realize that no A-V can keep up with threats that are just emerging and yet to be cataloged.

I agree that Sophos is probably one of the best AV solutions for Mac, plus you can't beat the price... I used to have it installed, and I uninstalled it to save some megs of RAM and some CPU cycles.

The good thing is, it offers real-time protection (ClamXav does too), but as several of you guys pointed out, it's hard for AV software developers to keep up with the bad guys out there...

I have never understood the virulent objections of some to using A-V.

Of course, it depends on the A-V, but if it's reasonably good at what it does, which for example Sophos is (isn't a rip-off: Sophos is free), doesn't generally cause any system instability or massive slow downs (for any given user), one knows its limitations, including the possibility of false positives and yet to be catalogued malware, which it won't be able to identify, isn't lulled into complacence by having it installed, continues to observe safe practices in browsing and downloading, and keeps everything updated to the greatest extent possible, especially the browser, Flash and Reader (if one uses that), and keeps Java disabled, I don't see the harm or why this should arouse such a strong reaction on the part of some, as if it were somehow a criminal activity.

It's just another tool, to be used or not, and with discretion, according to circumstances. And Snow Leopard, probably soon to become unsupported, may be one such circumstance.