I recently allowed 3rd party vendor into iMac, possibly compromising system. My concerns: Compromised modem, router, email account, viruses, worms, spyware, any type of malware. No problems detected on system, but very concerned. Is there scanning software available to detect these problems? Should I reload operating system. Thanks.
Running OS X 10.9.4
What 3rd party vendor and which remote access software did they install?
There is no way to know exactly what they did or what they saw. You should erase the Mac entirely (after backing up your data files) and reinstall from original media (downloads or disc) then restore the data you backed up.
You should also change all passwords that are on your Mac, ccredit card online access, banks, mail systems etc etc.
Never let a stranger login to your computer.
Was it one of those "Mike from Mumbai" calls where a person with a strong accent tells you they have remotely detected a problem with your computer? In cases like that, checking your credit card charges may be more important than checking the computer. One person posted a couple of month ago that she got one of those calls, gave a credit card number for help with the "problem," and found she was billed nearly US$600.
YEs, contact your bank and credit card companies and Tel them them your computer security may have been comprommised. They will advise you on how to proceed. However, they also may advise you to get anti-virus protection--don't do it. Banks are so Windows-centric they still think a Mac is a hamburger! Anyway, all the software in the world would not have prevented you from giving access to another person.
Although I don't know of a specific scanning tool, you can give us a snapshot of your system that can sometimes spot key loggers. Please download and install this free utility:
http://www.etresoft.com/etrecheck
It is secure and written by one of our most valued members to allow ASC users to show details of their computer's configuration in Apple Support Communities without revealing any sensitive personal data.
Run the program and click the "Copy report to clipboard" button when it displays the results. Then return here and paste the report into a response to your initial post. It can often show if any harmful files/programs are dragging down your performance.
One of the more common companies is URTechies (website of the same name). Based in NJ I came across them when a good friend thought she gave them $100 to 'cleanup' her Mac (they called, cold). They billed $460, and left a Teamviewer remote login hidden but active. My friend got her money back from Visa, changed credit cards etc and I cleaned her machine.
I'd like to know the name of this one as well, I will add them to my (so far) short list.
If you know or suspect that a hostile intruder has either had physical access to the computer, or has been able to log in remotely, then there are some steps you should take to make sure that the computer is safe to use.
First, depending on the circumstances, computer tampering may be a crime, a civil wrong, or both. If there's any chance that the matter will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. The computer would be the principal evidence in such a case, and you don't want to contaminate that evidence.
Running any kind of "anti-virus" software is pointless. If I broke into a system and wanted to leave a back door, I could do it in a way that would be undetectable by those means—and I don't pretend to any special skill as a hacker. You have to assume that any intruder can do the same. Commercial keylogging software—which has legitimate as well as illegitimate uses—won't be recognized as malware, because it's not malware.
The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.
If you don't know when the attack happened, or if it was too long ago for a complete rollback to be feasible, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated.
Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.
That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.
The 3rd party vendor name is "Global Tech Help" based in California. The package used to gain remote access was LogMeInRescue.
As I said, I have not seen any problems and it's possible that they did nothing more than charge me a hundred and fifty dollars
for doing nothing. But, I'm not sure and I don't believe I can take any chances.
I had the same thought as you, but I wanted to think about it and get other opinions. I will probably clear the system completely, reload the operating system and restore data files from a backup taken before the incident. (I don't want to use the current files on system because of possible malware corruption.)
Thanks.
Thanks for the name, it's new to me but I'll note it down.
I did find a number of consumer complaints though, here's one (from someone who lost $600)
Thanks for the advice. Before I do anything drastic, I will try to scan the system.
I called all financial institutions and protected the accounts as much as possible. I will have to keep an eye
on everything with phone calls and online (AFTER I clear and reload my system).
Thanks again.
Agree TOTALLY!! Since I don't have a complete backup of the entire system and my data files could be corrupted, I think it is best to bite the bullet, clear the system, in its entirety, and reload the O/S. I have an external hard drive with a backup of some data files before the incident.
I have to find out from Apple how to clear the entire hard drive. I assume I will have to get a cd to reload the O/S.
Thanks for you advice.
I just read the complaint that you sent me. If you replaced "Yahoo" with "Comcast", the complaint could have been written by me.
The description is almost EXACTLY what happened to me.
I have been instructed by "my boss" aka "MY WIFE" that any further actions must be reviewed and approved by her.
How can I argue after what happened??!!
Thanks.
You're welcome.
And one piece of advice. Nobody reputable will approach you in such a manner, they know noting about your computer. Next time you get a call like that, smile and hang up. 🙂
Here's one who went from horrible to just bad, by ending up at the Geek Squad.
Last time one of these scammers called, I just said I don't have a computer. Haven't had any more of those calls since I did that. It could be fun to string them along, but the ones who do the cold calling don't know enough for that to be enjoyable.
You don't need to get rid of documents. You just need to make sure no back door was hidden in the system. Probably it wasn't, but you can't take the chance.
How to confirm if iMac has been hacked?
