You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Anybody hear of Geek Technical Support? They seemed to know what they're doing, but I have to question their business practices.
iMac (27-inch, Late 2012), OS X Mavericks (10.9.5)
MaryCarolG wrote:
What do I do?
Definitely follow Csound1's suggestions. You should be able to get your money back.
Erasing your Mac and reinstalling is a good idea, but not everyone can do that at the drop of a hat. I suggest you contact the real Apple support at http://www.apple.com/support/ (1-800-275-2273), tell them what happened, and schedule a Genius Bar appointment to have them check your Mac. If you don't already have a backup, you will probably have to purchase a backup drive. At least it will cost much less than $600 and is something you need anyway. If you are too far from an Apple Store, you could go to any Authorized Apple Service centre, like Best Buy, for example. Apple would be best, of course, but sometimes you have to take what you can get. And when in doubt, you can always ask us. Just tell us which "big box" computer stores are nearby and we can tell you the best one to go to.
I fully agree with the advice you've already received. You need to erase your hard drive to ensure that these scammers don't still have some kind of remote access, or haven't installed some kind of keylogger or other spyware. Anti-virus software will not help, as a savvy scammer can do such things using tools and techniques designed to avoid detection by anti-virus software.
For detailed instructions on how to do this, see:
How to reinstall Mac OS X from scratch
As to the things they told you... tech support scammers are able to trick people by having them run "tests" whose results are completely normal, but which the scammers can point to and say, "Look, here's evidence of a hack." In reality, there never was any hack or virus, until you gave access to your computer to these scammers.
In the future, if you are looking for help with your Apple devices, go straight to Apple's Support page:
Do not use Google to search for Apple Support... you'll get a bunch of scam ads that Google doesn't do a good job of screening.
We ran the app just now. Here are the results.
Problem description:
Desktop will not let me drag and drop any files.
Also, files from the desktop show through any open windows.
EtreCheck version: 2.1.8 (121)
Report generated April 18, 2015 at 6:48:09 AM CDT
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
iMac (27-inch, Late 2012) (Technical Specifications)
iMac - model: iMac13,2
1 3.2 GHz Intel Core i5 CPU: 4-core
8 GB RAM Upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
BANK 0/DIMM1
Empty
BANK 1/DIMM1
Empty
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ℹ️
NVIDIA GeForce GTX 675MX - VRAM: 1024 MB
iMac 2560 x 1440
System Software: ℹ️
OS X 10.9.5 (13F34) - Time since boot: 3 days 12:57:54
Disk Information: ℹ️
APPLE HDD ST1000DM003 disk0 : (1 TB)
EFI (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 999.35 GB (894.52 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
USB Information: ℹ️
Apple Inc. MacBook Air SuperDrive
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/Library/Extensions
[loaded] com.logmein.hamachi (1.0.0 - SDK 10.9) [Click for support]
/Users/Shared/Old Files/MAC/Applications/Utilities/DiskWarrior.app
[not loaded] com.alsoft.Preview (4.1.1) [Click for support]
Problem System Launch Daemons: ℹ️
[failed] com.apple.wdhelper.plist
Launch Agents: ℹ️
[loaded] com.google.keystone.agent.plist [Click for support]
[running] com.logmein.hamachimb.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[running] com.logmein.hamachi.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]
[loaded] com.skype.skypeinstaller.plist [Click for support]
User Login Items: ℹ️
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Dropbox Application (/Applications/Dropbox.app)
Canon IJ Network Scanner Selector2 Application Hidden (/Library/Printers/Canon/IJScanner/Utilities/Canon IJ Network Scanner Selector2.app)
Internet Plug-ins: ℹ️
FlashPlayer-10.6: Version: 17.0.0.169 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 17.0.0.169 - SDK 10.6 [Click for support]
net.juniper.DSSafariExtensions: Version: Unknown [Click for support]
EPPEX Plugin: Version: 3.0.5.0 [Click for support]
Default Browser: Version: 537 - SDK 10.9
SharePointBrowserPlugin: Version: 14.4.8 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.30317.0 - SDK 10.6 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 31 Check version
User internet Plug-ins: ℹ️
WebEx64: Version: 1.0 - SDK 10.6 [Click for support]
Safari Extensions: ℹ️
SocialPlus!
Facebook Improved
3rd Party Preference Panes: ℹ️
Flash Player [Click for support]
Java [Click for support]
Time Machine: ℹ️
Mobile backups: OFF
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 999.35 GB Disk used: 104.82 GB
Destinations:
Data [Network]
Total size: 2.00 TB
Total number of backups: 54
Oldest backup: 2015-01-30 07:25:00 +0000
Last backup: 2015-04-18 11:17:21 +0000
Size of backup disk: Adequate
Backup size 2.00 TB > (Disk used 104.82 GB X 3)
Top Processes by CPU: ℹ️
3% WindowServer
0% fontd
0% AppleSpell
0% dpd
Top Processes by Memory: ℹ️
206 MB WindowServer
146 MB softwareupdated
94 MB mds_stores
94 MB Mail
77 MB Safari
Virtual Memory Information: ℹ️
4.56 GB Free RAM
1.32 GB Active RAM
1.13 GB Inactive RAM
1.16 GB Wired RAM
3.79 GB Page-ins
42 MB Page-outs
Diagnostics Information: ℹ️
Apr 16, 2015, 02:15:47 PM /Users/[redacted]/Library/Logs/DiagnosticReports/Mail_2015-04-16-141547_[redact ed].crash
Why do you ask? Did you get hit by the tech support scam? If you question someone's business practices, then don't do business with them.
If this is regarding a tech support scam, please describe everything that happened. You may need to start changing passwords, calling your bank, and calling the police.
I googled for help with my iCloud dialogue box. It had been popping up for the past few weeks asking me for my PW, but it wouldn't accept it. Then for the past 2 days, I had a frozen beach ball cursor. I finally called for Tech Support and called a number that said Apple Tech Support.
When I got on the phone with them, they had me log into LogMeInRescue--very familiar to me because we use it at work. They had me go to the Apple Home page and had me click on a blinking blue and white button that was labeled: Connect to Mac Support. So they seemed completely legitimate.
And there WAS something wrong with my computer.
They said I had a virus; showed me all the error messages that my computer had sent to Apple.
On the window, the bottom panel listed 4000 hacking attempts with 339 successes. The numbers were there, but they explained what the numbers meant. And they discovered that my Firewall had been turned off.
All of this seemed real; they said there is a virus that prevents users from accessing their iCloud accounts. And they spent about 45 minutes cleaning up my computer. It really does run better and the problem is gone.
However, they made it sound like they would not fix my problem unless I paid for either a 3-year plan for $299, or a 5-year plan for $599.00. I'm embarrassed to say that I paid the $599. But I was getting quesy.
Now I'm really worried.
You have been scammed, and now that you have allowed the criminals access to your Mac you must consider it compromised, and all personal info (bank accounts, other online accounts etc) similarly compromised.
Contact your credit card companies (especially the one you used to pay them with) and stop them all, file a dispute in order to recover your money) Change all passwords that could have been accessed by the criminals and watch your financial accounts very carefully
Then erase your Mac and reinstall from scratch everything except data files.
Exactly what I just posted (the post you replied to) start with the financial items, that is where the most risk is. Turn the Mac off and leave it that way, you do not know whether 'Geeks' are still inside it
Thanks to everyone! I was able to cancel the charge immediately. And my husband instantly turned off the wi-fi access. Then I called my other creditors and put warnings on the accounts. I closed two accounts and called my bank. All was in advance of any damage.
Then my husband contacted the real Apple Support who walked us through the real fix that I needed and removed the "Adgard" shield "favicon" that they had placed in the Safari browser bar.
It was a tense few hours, but we made it through. The next couple of days we'll continue to watch our accounts.So far, so good.
Thank you all for your quick replies. All were helpful and very much appreciated. 😊😁
The standard recommendation is to erase your hard drive and reinstall the operating system directly from Apple. Then restore only your user files. Technically, that is the correct approach, but it can be intense if you aren't comfortable with that sort of thing.
If you don't want to do that, the next best option is to have someone look at the machine in person to verify there is nothing out of place. In particular, they should check System Preferences > Sharing and make sure everything is turned off.
If you can't do that either, there is still one more step that would make me feel a little better. I wrote a little diagnostic program to help show what programs are running hidden in the background. Download EtreCheck from http://www.etresoft.com/etrecheck, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.
Running EtreCheck is not going to guarantee a 100% clean machine. It is not as good as erasing your hard drive and reinstalling. it is not as good as having a competent technician look at your machine in person. But if there is some obvious back door still installed, it might show it.
Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.
Thank you. My husband says he will run your program as soon as he finishes the taxes. Thanks for your help.
We are also willing to take my computer to the Apple store at the Woodfield Mall, near us. The Apple Support technician on the phone, Will (?), checked our computer and felt very confident that the machine was clean--and he cleaned out several applications (MacKeeper and others). He ran Adware Medic and reset Safari, threw away all our downloads and emptied the trash. He helped us reset our Apple ID. He said that he had worked with 9 other people yesterday who had run into the same scam, and the Apple assessment of this particular group--at this point--is that they are looking for money, not implanting viruses.
However, we will take your advice and bring the computer to the Apple store to have them check it.😀
I wouldn't be so sure that all the scammers wanted was money. You should read the following article on the topic, posted yesterday, especially the reports of how some scammers respond when they don't get what they want:
http://www.welivesecurity.com/2015/04/14/tech-support-scammers-teeth/
It's likely that there's nothing wrong and your machine is clean, but not even the Apple tech's confidence in that is a guarantee. Only a true security expert could give you such a guarantee, and only after a lot of work. I wouldn't even attempt it, as there's always room for error, and it's much less effort to just erase everything.
Of course, it is your choice, and you must do what you're comfortable with. If you are comfortable taking a small risk that something malicious may have been done in order to avoid the hassle of reinstalling everything, then you can leave the system as it is. If even a small risk of that makes you uncomfortable, though, you should erase the hard drive for peace of mind.
Thanks, Thomas.
I took a peek at the article, but don't have time to read it now. But Craig and I will definitely read it. And we definitely plan to get into the Apple Store to have them check the computer.
My husband has very little tolerance for risk😉, so he's definitely taking my computer in.
Question from Craig: We have a Time Machine. If we wipe the computer, can we reinstall from the Time Machine? (Although, during the last couple of weeks we were getting messages saying that it couldn't access the Cloud.)
MaryCarolG wrote:
We have a Time Machine. If we wipe the computer, can we reinstall from the Time Machine?
Yes, absolutely. Erase the hard drive and restore to a point in time before the scammer had access. That will be the most painless way to deal with that.
However, for safety's sake, it would be best to have another secondary backup before erasing your hard drive. I've heard too many sad stories of people who thought they were backed up, erased the hard drive, and then found that their Time Machine backup drive had failed without them realizing it. Having two separate backups protects you against that.
I did read through what has been mentioned, but don't think I saw this one. Have that credit card number cancelled immediately and have a new card issued. Either the scammers will try to use it for illegal purchases, or they'll sell the number to any number of other crooks who will.
MaryCarolG wrote:
My husband says he will run your program as soon as he finishes the taxes.
Just post the results here and pretty much anyone can tell if anything looks wrong.
You are correct about the current scams. Plus, there are very few true viruses to implant. The biggest risk are perfectly legitimate programs that can be used to create backdoors. EtreCheck will only report some of these because some of them are built into the operating system. You would have to go to System Preferences > Sharing and make sure everything is turned off. Hopefully the Apple support technician did that.
I don't disagree with what anyone says about erasing the hard drive and reinstalling. Thomas really nails it. It is possible to thoroughly check things out in person, but in the real world it is so much easier to just wipe and restore. But even that may be a challenge for some people and there may not be any nearby support options. Each situation is different and I don't want anyone to risk losing irreplaceable data out of fear that someone else may have accessed it.
Another reason I would like to see the EtreCheck report is because it includes some information about the status of your backups. Before taking a machine in for any kind of service, you should have a good backup. As Thomas pointed out, if you know you are going to need such a backup, the ideal action is to make a secondary backup in addition to Time Machine. And don't forget than any changes you make during this period, like taxes, should be saved somewhere else too. If you wind up restoring your machine to a state from 3 days ago, your tax information could be lost. If you are using some software, make sure to look for an archive feature and save everything somewhere else.
Anybody hear of Geek Technical Support? They seemed to know what they were doing, but their business practices were suspicious.
