Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: duffy1987
duffy1987 Author
User level: Level 1
0 points

MacBook Pro has been hacked. What next?

Hi there,


I am very supsicious my MacBook Pro has been hacked. What next?


Symptoms (in chronological order, all within a two-hour period):


1. Would not enter sleep mode upon commanded (screen went black, then came back on just as quickly).

2. Then discovered that the letter 'p' did not work on my keyboard. The only way top enter this letter in text was by COMMAND + COPY and then pasting it.

3. Once I did this, the letter 'p' would appear any time I typed the letter 'o'. It is now doing it with other letters, too. In real time, it looks sompething likpe this.

4. Decided to restart. Upon doing so, my saved password changed on the screen right before my very eyes (it is saved on the startup page). I could not backspace, or use COMMAND + X to delete. Finally got a blank field (don't remember how), and (stupidly?) entered my usual password.

5. Once back in, the same problems continued (or got worse).

6. I then shut down the machine. Same issues upon restart.


Actions:


1. Ran avast scan. No infections found.

2. Downloaded ClamXav. As cautioned, I performed a full backup before running a scan. When I connected my external hard drive, it too behaved in an odd way, but I finally managed a full backup.

3. Then ran ClamXav scan. No infections found.


Questions:


1. Given that I have taken what I think are the appropriate steps, what now? The password change that I did not initiate concerns me most, but why my keyboard is acting so strangely remains very puzzling.


Any and all help is greatly appreciated.


Thank you.

MacBook Pro, OS X Mavericks (10.9.2)

Posted on May 3, 2014 12:38 PM

Reply
Question marked as Best reply
User profile for user: dominic23
dominic23
User level: Level 10
83,904 points

Posted on May 3, 2014 12:54 PM

Infected?


http://www.thesafemac.com/mmg-infected/


http://www.thesafemac.com/mmg/

View in context
58 replies
User profile for user: duffy1987
duffy1987 Author
User level: Level 1
0 points

May 3, 2014 1:33 PM in response to dominic23

reading all done, but i'm not sure i am any further ahead. i couldn't find anything that specifically addressed my issues. the general message i took away -- rightly or wrongly -- is that it this not a malware issue. fair enough; this is my first mac, and i've been conditioned accordingly.


what niggles, however, is that the keyboard issue is getting progressively worse -- yet with just one letter! i don't dare attempt anything that requires an adminstrator password, but am absolutelp awed by the propsect of having to change them all.

Reply
User profile for user: duffy1987
duffy1987 Author
User level: Level 1
0 points

May 3, 2014 2:07 PM in response to dominic23

i'm new to mac, but i've had this for 18 months. no warrantees apply to me. i've never had a security issue or concern until now.


if i have no other troubleshooting options but to turn to apple, would an appointment at an actual store make more sense in your estimation? or, can things be worked out best (and fastest!) with a phone call?

Reply
User profile for user: duffy1987
duffy1987 Author
User level: Level 1
0 points

May 3, 2014 2:13 PM in response to Matt Clifton

thank you, matt. it sure seems to be looking that way.


i've just tried typing into an application (MSword), and i get the same problem as i do online. perhaps the keyboard malfunction is also causing the saved password field to be completed without me typing, also.


here's an example of just how bad it's getting:


i'm goinpg top the stopre lpater tonight. woupld youp lpikpe anythipng whilpe i'm there?P

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

May 3, 2014 2:38 PM in response to duffy1987

duffy1987 wrote:


I am very supsicious my MacBook Pro has been hacked. What next?

None of the symptoms you've outlined would indicate any sort of a currently known malware infection or a sign of having been hacked. It sounds much more like a hardware issue, but it is probably easiest to eliminate software as contributing.


If you haven't allowed physical access to your Mac or shared access over your network, it would be all but impossible to have it be hacked.


Please download, run and post the results of EtreCheck which we commonly use here in the forum so we can get an idea of your setup, known problematic software or spyware installed by one of the above methods.

Reply
User profile for user: duffy1987
duffy1987 Author
User level: Level 1
0 points

May 3, 2014 3:27 PM in response to MadMacs0

thank you so much!


this all new to me, and i've been scarred by years of troubleshooting with windows on a PC.


as per your request:




Hardware Information:

MacBook Pro (13-inch, Mid 2012)

MacBook Pro - model: MacBookPro9,2

1 2.9 GHz Intel Core i7 CPU: 2 cores

8 GB RAM


Video Information:

Intel HD Graphics 4000 - VRAM: 1024 MB


System Software:

OS X 10.9.2 (13C1021) - Uptime: 1 day 0:22:32


Disk Information:

APPLE HDD HTS541010A9E682 disk0 : (1 TB)

EFI (disk0s1) <not mounted>: 209.7 MB

Macintosh HD (disk0s2) / [Startup]: 999.35 GB (758.2 GB free)

Recovery HD (disk0s3) <not mounted>: 650 MB


MATSHITADVD-R UJ-8A8


USB Information:


Microsoft Microsoft® Nano Transceiver v1.0


Apple Inc. FaceTime HD Camera (Built-in)


Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller


Apple Computer, Inc. IR Receiver


Apple Inc. Apple Internal Keyboard / Trackpad


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Kernel Extensions:

[not loaded] com.aliph.driver.jstub (1.1.2 - SDK 10.7) Support

[kext loaded] com.avast.AvastFileShield (2.1.0 - SDK 10.9) Support

[kext loaded] com.avast.PacketForwarder (1.4 - SDK 10.9) Support

[kext loaded] com.rim.driver.BlackBerryUSBDriverInt (0.0.74) Support

[not loaded] com.rim.driver.BlackBerryUSBDriverVSP (0.0.74) Support

[not loaded] com.smarttech.iokit.SMARTBoard (10) Support

[not loaded] com.tectona.driver.PL2303 (1.3.0) Support


Launch Daemons:

[loaded] com.adobe.fpsaud.plist Support

[loaded] com.avast.init.plist Support

[loaded] com.avast.uninstall.plist Support

[loaded] com.microsoft.office.licensing.helper.plist Support

[invalid] com.oracle.java.Helper-Tool.plist

[loaded] com.oracle.java.JavaUpdateHelper.plist Support

[running] com.rim.BBDaemon.plist Support


Launch Agents:

[loaded] com.avast.userinit.plist Support

[invalid] com.oracle.java.Java-Updater.plist

[running] com.rim.BBAlbumArtCacher.plist Support

[running] com.rim.BBLaunchAgent.plist Support


User Launch Agents:

[loaded] com.avast.home.userinit.plist Support

[loaded] com.google.keystone.agent.plist Support

[loaded] uk.co.markallan.clamxav.freshclam.plist Support


User Login Items:

iTunesHelper

Firefox

Welcome

Google Drive

ClamXavSentry


Internet Plug-ins:

SharePointBrowserPlugin: Version: 14.4.1 - SDK 10.6 Support

FlashPlayer-10.6: Version: 13.0.0.206 - SDK 10.6 Support

Flash Player: Version: 13.0.0.206 - SDK 10.6 Support

QuickTime Plugin: Version: 7.7.3

Default Browser: Version: 537 - SDK 10.9


Safari Extensions:

avast! Online Security: Version: 8


Audio Plug-ins:

BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9

AirPlay: Version: 2.0 - SDK 10.9

AppleAVBAudio: Version: 203.2 - SDK 10.9

iSightAudio: Version: 7.7.3 - SDK 10.9


iTunes Plug-ins:

Quartz Composer Visualizer: Version: 1.4 - SDK 10.9


3rd Party Preference Panes:

avast! Preferences Support

Flash Player Support

SMART Board Support


Time Machine:

Mobile backups: OFF

Auto backup: NO - Auto backup turned off

Volumes being backed up:

Macintosh HD: Disk size: 930.71 GB Disk used: 224.58 GB

Destinations:

My Book [Local] (Last used)

Total size: 931.19 GB

Total number of backups: 10

Oldest backup: 2014-05-03 05:55:15 +0000

Last backup: 2014-05-03 15:02:09 +0000

Size of backup disk: Adequate

Backup size 931.19 GB > (Disk used 224.58 GB X 3)

Time Machine details may not be accurate.

All volumes being backed up may not be listed.


Top Processes by CPU:

15% firefox

3% Google Drive

3% WindowServer

0% plugin-container

0% BBLaunchAgent


Top Processes by Memory:

754 MB firefox

262 MB clamd

139 MB softwareupdated

123 MB mds_stores

82 MB Finder


Virtual Memory Information:

23 MB Free RAM

2.30 GB Active RAM

4.64 GB Inactive RAM

822 MB Wired RAM

267.49 GB Page-ins

185 MB Page-outs

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

May 3, 2014 4:26 PM in response to duffy1987

The good news is that I don't see anything to indicate spyware, malware, adware, etc., although there are a couple of things I don't recognize, so I would ask you to make sure you know what everything here is. I'll try to find time to look into the ones I don't know enough about.


You'll undoubtedly get a lot of comments to the effect that you don't need Avast!. I feel this is very much a personal decision for every user based on a clear understanding of the threat any A-V software guards against vs. the computer resources it uses to accomplish that. Avast! has a very high detection rate in testing, but will also improperly identify valid files as infected, even on a brand new machine with nothing but a fresh OS X on it. So be certain that anything it finds is now something you need. It has also been strongly implicated as being responsible for heavy battery drain on Apple Laptops along with sleep disorders. If you regularly put your MBP to sleep at night, make sure it's on the charger. Lastly, I believe there was an issue with the ClamXav definition update process, so don't allow Avast! to to interfere with that.


If and when you stop connecting your BlackBerry, be sure to remove the software in accordance with the developers instructions.


When Mavericks came out there were known, documented issues with Google Drive. I don't know whether those have been cleared up now or not.


What is the login item "Welcome" about?


In general terms, driver software (.kext files) from peripheral manufacturers is not needed and can cause issues. If a hard drive, mouse, etc. works with all the functionality you need, it's best to let OS X handle it.

Reply
User profile for user: duffy1987
duffy1987 Author
User level: Level 1
0 points

May 3, 2014 4:52 PM in response to MadMacs0

my appreciation of your generosity and altruism knows no bounds! you have set my mind at ease considerably, and i thank you.


not sure anything below matters much, but for clarification:


1. have had no issues with avast! since installing it about two months ago, including improperly identifying valid files as infected (i.e. not once has this ever happened).


2. i also haven't exerienced battery drain, but admittedly put it on sleep and then toss it in my bag for the morning commute to work. i will leave it charged overnight henceforward. thank you.


3. the only indication of a 'sleep disorder' happened just once -- last night. this is when my command to sleep lasted all of 0.5 seconds, when the screen came immediately back on. this has not been an issue since.


4. i rarely use my BB, and connect it to my MBP even less -- maybe 5 times in the past 12 months. when i'm done with this phone, though, i shall heed your advice. thanks again.


5. no google drive issues to speak of, before or after mavericks.


6. the login 'welcome' is odd, especially since insofar as i have no idea why it would be significant. can you elaborate about why it might raise an eyebrow? my best guess is that it may be from one of two (entirely legitimate) sites i access for work, but i truly have no idea.


deferring to your expertise, am i wisest to conclude that this is a keyboard/hardware problem?


again, many thanks in advance.

Reply

MacBook Pro has been hacked. What next?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up