help me catch my hacker...please!
Hi. I have an old Mac Pro 1,1 (2007 I believe), OSX 10.7.5 that has been hacked. I have read some of the questions here so I'll try to include all the necessary info. some of the things that have happened are that a new admin user account is on my computer where I have never created any other account and was using my admin account solely which I now know is not smart. I see the new account at the login screen although it tries to look like it is my account, same icon, but it thankfully can't shut down or restart the computer. I am the sole user of my computer and no one else has access to it physically. also, I can no longer throw anything into the trash. Everything just gets moved somewhere as I can see this from the dialog box that pops up. Also, I have to enter a password just to throw anything away(!), but the trash bin always remains empty so nothing ever makes it there but is obviously going elsewhere. The other thing is all my files are now locked and password protected which of course I didn't do. So, hopefully this all shows my computer has indeed been hacked. In fact, I do know who has done this and he's hacked my iphone as well. He currently lives in another country and when I did wipe my phone and enable location services I started getting ads for the nearest major city of that country where he lives and he is the only person I know who lives in that country. I have other info too as to how I know who it is but won't go into it here. He is some guy I used to know who somehow thinks I'm responsible for him losing his job which is completely preposterous. I know he's gone after my finances but thus far has not been able to access them. My email, which I never check on my home computer or phone anymore, will even on my home computer keep trying to connect to paypal. When I've logged into AppleID on my phone to download apps he has changed my AppleID password & security questions but I was fortunately able to change it and get back into it. He put security questions I would never use like asking something about dates and I never remember dates.
Anyway, I really need to catch this guy as I have info that he has done this to others as well. I know I could just wipe my machine but that is not something I want to do. While my mac tech guy is normally great he doesn't even believe a mac can have a virus and wants to debate that so for him to believe my computer could have been hacked is impossible so he wouldn't help me. 😟 I have contacted a couple other techs I know but one was PC-oriented and the other who does some work on macs said he didn't have enough mac experience when I told him the litany of things happening on my computer and phone. So, I am turning to the good people of this forum to help me do this myself as I know you guys are great from past experience with minor computer issues.
What I've done so far, mostly from reading these forums: I ran EtreCheck and the only thing that came up looking off was a version of Adobe Flash Player I downloaded that EtreCheck says was a mismatch in their red type. I believe that is how the hacker got his software on my computer. I made visible all the users/accounts and nothing looked funny but a lot of this stuff is greek to me as I have never used the Terminal before. I did find a root user and so disabled that. I have looked through all the Processes, and ran that 5-step terminal thing you guys recommend here that shows preferences & launch agents, etc. and looked and looked but see nothing off. I unfortunately had my computer rather wide open before and so now have done all the normal user things to tighten my security and have Little Snitch and Avast Security on my computer. Oh, I did find the Genio-L bug through MacScan and deleted that. My computer had been running at a crawl but is now faster. Also, I had read something about hackers getting access through Bluetooth and saw besides my keyboard and mouse (my modem is wired so I don't have WiFi) some third item listed. I deleted it as it looked suspicious with very little info on it compared to my other devices. (I forgot to take a screenshot of it.) I have also made all files visible through the Terminal. I was looking around in the Private/Etc files but I don't really know what i'm looking at. Also, I found 3 applications that were loading automatically on login so I deleted them: Adobe Resource Synchronizer, Optimism Agent (Optimism software I have) and FontExplorer.
Anyway, I would love recommendations for how to find this hacking software which I'm assuming can be found through the Terminal. I did try to use Deeper but when I tried to get it to show all the IP addresses for the users on the login page it had an applescript error come up. It said:
FSPathMakeRef (/System/Library/CoreServices/HelpViewer.app) failed with error -43. (1)
i'm sure this guy probably has some pretty sophisticated hacking software, which I understand can even be parental control software. I have reason to believe he has put a keylogger on my computer. So, if there is a way to catch this guy please, please give me some tips but do explain everything really simply & step by step as I know nothing about using the Terminal despite the few things I've done. I was reading under the ssh and it says something about -x being used to disable keyloggers from forwarding info. I do seem to have the applicaton X11 on my computer which I never noticed before. There was also something under ssh about ~# which can list all forwarded connections. Of course I don't know how or where to do these things but if you guys think it would help then I'd totally appreciate directions on how to do these things.
Sorry for writing an essay but I may not be able to get back to this computer for 3-4 days so wanted to give plenty of info for the questions you guys usually ask. Thanks in advance for any and all help!
Mac Pro, Mac OS X (10.6.8)