Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ziah_tombo
ziah_tombo Author
User level: Level 1
0 points

Do I have a virus? My Mac is acting very strangely

There are lots of strange things happening with my mac.


When I first got this mac, everything was fine. Then I had a run-in with someone who I suspect tried to or did in fact hack in to spy. There was one instance when it seemed to me like someone was using remote access to move around windows and open files right in front of me.

Anyway, long story short, this person is no longer a concern and I have since tightened security, enalbled my firewalls and installed a VPN.

But...here are just some of the problems I have noticed.


When I power up, sometimes the log in window appears with only the text box visible, the rest of the screen is black. At times, when I move the mouse over the screen, it leaves a trail behind that 'erases' the black screen to reveal the log in screen behind. Sometimes part of the screen is black and some of it is not.


Sometimes, when I power down, my mac turns itself back on again, even though the lid is shut. It sits there on sleep until further notice.


When I walk away, leaving my mac to turn on the screen saver and then go to sleep, sometimes when I wake it up again, all of my applications have quit. I have to open eberything again and sign back in, very annoying! In these situations, my wi-fi has quite often also been turned off. When I turn it back on, it asks for my network password again, but then does not recognise it when it is entered. I have to restart before I can connect again.


I've ran disk uitility checks and everything appears fine, I've also installed Trend Micro Titanium virus protection - it's scanned all my files and has detected nothing suspicious.


Sometimes I have wondered about the functionality of my VPN? Maybe it is the problem? I often turn it off because it slows down my page loading.


If anyone has any help or advice, I'd be ever so grateful...!

MacBook Pro, Mac OS X (10.7.5)

Posted on Jan 5, 2014 7:59 PM

Reply
Question marked as Best reply
User profile for user: Donald Morgan
Donald Morgan
User level: Level 6
12,807 points

Posted on Jan 5, 2014 8:05 PM

Sounds like someone has downloaded a KEYLOGGER.

View in context
12 replies
User profile for user: ziah_tombo
ziah_tombo Author
User level: Level 1
0 points

Jan 5, 2014 11:14 PM in response to Tlix

Thanks Tlix, it does sound like the same problem but I'm running 10.7.5 so can't update to 10.8.3 unless I buy new software. I might be inclined to do so in the future, but right now my mac is stil compatible with everything so it seems like a bit of a waste of money.

Also, what about the other problems I am having? I'm kinda freaked out now that Donald Morgan suggested that I might have a keylogger....

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Jan 6, 2014 4:34 AM in response to ziah_tombo

You say someone "hacked in." Did this person have unmonitored physical access to your machine? If so, you should immediately erase the hard drive and reinstall a fresh system:


How to reinstall Mac OS X from scratch


If not, you probably don't have anything to worry about... at least, in regards to hacking. All the problems you describe could easily be the result of a hardware issue, so it would be a good idea to get the machine checked out by Apple.


One thing you can test beforehand, though... restart the machine in safe mode. If the problems persist in safe mode, it's definitely hardware. (Be sure you test in safe mode long enough to know whether the problems are truly gone or just haven't happened yet.) If they go away, and come back when you restart normally, then I'm wrong and it's a third-party software issue.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Jan 6, 2014 7:12 PM in response to ziah_tombo

If you know or suspect that a hostile intruder has either had physical access to your computer, or has been able to log in remotely, then there are some steps you should take to make sure that the computer is safe to use.

First, if there's any chance that the incident will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. Your computer would be the principal evidence in such a case, and you don't want to tamper with it.

Running any kind of software to scan for "viruses" or "rootkits" is worse than useless. If I broke into your system and wanted to leave a back door, I could do it in a way that would be undetectable by those means — and I don't pretend to any special skill as a hacker. You have to assume that any intruder could do whatever I could do. The "anti-virus" software itself will slow down and destabilize the computer with no offsetting benefit.

The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. The easiest approach is to recover your entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to your data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.

If you don't know when the attack happened, or if it was too long ago for a complete rollback to be feasible, then you should erase and install OS X. If you don't already have at least two complete, independent backups of your data, then you must make them first. One backup is not enough to be safe.

When you reboot after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from one of your backups in Setup Assistant.


Select only users in the Setup Assistant dialog — not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.


Reinstall your third-party software from original media or fresh downloads — not from a backup, which may be contaminated.



Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.

That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after your system has been secured, not before.
Reply

Do I have a virus? My Mac is acting very strangely

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up