Apple Event: May 7th at 7 am PT
Anybody hear of Geek Technical Support? They seemed to know what they're doing, but I have to question their business practices.
iMac (27-inch, Late 2012), OS X Mavericks (10.9.5)
Why do you ask? Did you get hit by the tech support scam? If you question someone's business practices, then don't do business with them.
If this is regarding a tech support scam, please describe everything that happened. You may need to start changing passwords, calling your bank, and calling the police.
I did read through what has been mentioned, but don't think I saw this one. Have that credit card number cancelled immediately and have a new card issued. Either the scammers will try to use it for illegal purchases, or they'll sell the number to any number of other crooks who will.
MaryCarolG wrote:
My husband says he will run your program as soon as he finishes the taxes.
Just post the results here and pretty much anyone can tell if anything looks wrong.
You are correct about the current scams. Plus, there are very few true viruses to implant. The biggest risk are perfectly legitimate programs that can be used to create backdoors. EtreCheck will only report some of these because some of them are built into the operating system. You would have to go to System Preferences > Sharing and make sure everything is turned off. Hopefully the Apple support technician did that.
I don't disagree with what anyone says about erasing the hard drive and reinstalling. Thomas really nails it. It is possible to thoroughly check things out in person, but in the real world it is so much easier to just wipe and restore. But even that may be a challenge for some people and there may not be any nearby support options. Each situation is different and I don't want anyone to risk losing irreplaceable data out of fear that someone else may have accessed it.
Another reason I would like to see the EtreCheck report is because it includes some information about the status of your backups. Before taking a machine in for any kind of service, you should have a good backup. As Thomas pointed out, if you know you are going to need such a backup, the ideal action is to make a secondary backup in addition to Time Machine. And don't forget than any changes you make during this period, like taxes, should be saved somewhere else too. If you wind up restoring your machine to a state from 3 days ago, your tax information could be lost. If you are using some software, make sure to look for an archive feature and save everything somewhere else.
MaryCarolG wrote:
What exactly constitutes a secondary backup? (A second time machine?)
Can they do all this at the Apple Store?
Yes. Time Machine can do that. The hard part is that it requires a second hard drive. The Apple Store does sell those, but you need to have a good backup before you drop off the machine.
This is where you have to balance what you can reasonably do vs. what the scammers might have done and pick something in the middle that you can live with.
MaryCarolG wrote:
What exactly constitutes a secondary backup? (A second time machine?)
Can they do all this at the Apple Store?
Buy an external hard drive that is big enough to hold everything on your hard drive with room to spare. You can then use Time Machine to back up to that drive in addition to whatever other drive it is currently backing up to. Maintain the backups on both drives. Alternately (preferably, in my opinion), you can use a different backup program (such as Carbon Copy Cloner) to back up to the second drive. The advantage to this is that, if Time Machine has some kind of malfunction that affects all your backups, it won't affect that one.
My own personal strategy is to use Time Machine to back up to a Time Capsule, and use Carbon Copy Cloner to back up to two other hard drives. One of those drives is at home, the other in my safe deposit box, and every now and then I swap them. Even if there's a fire or theft or some other catastrophe, I still have the copy at the bank.
Thank you! Done!
Wow! What a system. My husband is eager to look into it.
The major pain of having a card cancelled is that you have to go to all of your online accounts and wherever else to update them to the new number. But better that than unauthorized purchases showing up.
Yes. We've had to do that before when our bank issued everyone new debit cards just as a precaution. It's a pain, but well worth it.
We ran the app just now. Here are the results.
Problem description:
Desktop will not let me drag and drop any files.
Also, files from the desktop show through any open windows.
EtreCheck version: 2.1.8 (121)
Report generated April 18, 2015 at 6:48:09 AM CDT
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
iMac (27-inch, Late 2012) (Technical Specifications)
iMac - model: iMac13,2
1 3.2 GHz Intel Core i5 CPU: 4-core
8 GB RAM Upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
BANK 0/DIMM1
Empty
BANK 1/DIMM1
Empty
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ℹ️
NVIDIA GeForce GTX 675MX - VRAM: 1024 MB
iMac 2560 x 1440
System Software: ℹ️
OS X 10.9.5 (13F34) - Time since boot: 3 days 12:57:54
Disk Information: ℹ️
APPLE HDD ST1000DM003 disk0 : (1 TB)
EFI (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 999.35 GB (894.52 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
USB Information: ℹ️
Apple Inc. MacBook Air SuperDrive
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/Library/Extensions
[loaded] com.logmein.hamachi (1.0.0 - SDK 10.9) [Click for support]
/Users/Shared/Old Files/MAC/Applications/Utilities/DiskWarrior.app
[not loaded] com.alsoft.Preview (4.1.1) [Click for support]
Problem System Launch Daemons: ℹ️
[failed] com.apple.wdhelper.plist
Launch Agents: ℹ️
[loaded] com.google.keystone.agent.plist [Click for support]
[running] com.logmein.hamachimb.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[running] com.logmein.hamachi.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]
[loaded] com.skype.skypeinstaller.plist [Click for support]
User Login Items: ℹ️
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Dropbox Application (/Applications/Dropbox.app)
Canon IJ Network Scanner Selector2 Application Hidden (/Library/Printers/Canon/IJScanner/Utilities/Canon IJ Network Scanner Selector2.app)
Internet Plug-ins: ℹ️
FlashPlayer-10.6: Version: 17.0.0.169 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 17.0.0.169 - SDK 10.6 [Click for support]
net.juniper.DSSafariExtensions: Version: Unknown [Click for support]
EPPEX Plugin: Version: 3.0.5.0 [Click for support]
Default Browser: Version: 537 - SDK 10.9
SharePointBrowserPlugin: Version: 14.4.8 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.30317.0 - SDK 10.6 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 31 Check version
User internet Plug-ins: ℹ️
WebEx64: Version: 1.0 - SDK 10.6 [Click for support]
Safari Extensions: ℹ️
SocialPlus!
Facebook Improved
3rd Party Preference Panes: ℹ️
Flash Player [Click for support]
Java [Click for support]
Time Machine: ℹ️
Mobile backups: OFF
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 999.35 GB Disk used: 104.82 GB
Destinations:
Data [Network]
Total size: 2.00 TB
Total number of backups: 54
Oldest backup: 2015-01-30 07:25:00 +0000
Last backup: 2015-04-18 11:17:21 +0000
Size of backup disk: Adequate
Backup size 2.00 TB > (Disk used 104.82 GB X 3)
Top Processes by CPU: ℹ️
3% WindowServer
0% fontd
0% AppleSpell
0% dpd
Top Processes by Memory: ℹ️
206 MB WindowServer
146 MB softwareupdated
94 MB mds_stores
94 MB Mail
77 MB Safari
Virtual Memory Information: ℹ️
4.56 GB Free RAM
1.32 GB Active RAM
1.13 GB Inactive RAM
1.16 GB Wired RAM
3.79 GB Page-ins
42 MB Page-outs
Diagnostics Information: ℹ️
Apr 16, 2015, 02:15:47 PM /Users/[redacted]/Library/Logs/DiagnosticReports/Mail_2015-04-16-141547_[redact ed].crash
Logmein is remote access software. That needs to be removed as soon as possible. See http://help.logmein.com/articles/en_US/FAQ/How-do-I-uninstall-LogMeIn-for-Mac-en 1/?q=Uninstall&l=en_US&fs=Search&pn=1
Logmein, as pointed out is a remote access gateway, remove it entirely.
Frankly I would erase your Mac and reinstall, it is the best way to keep safe.
I'd also question this:
com.logmein.hamachimb
see here:
https://secure.logmein.com/products/hamachi/
as well as a couple of other potential entries.
I'd definitely second the recommendation to wipe your drive and reinstall from scratch as there may be other things hidden somewhere. And only use a backup to restore from a date before you were dealing with these scammers.
hi do want it back
???????
do u want you want money back from geeks
Anybody hear of Geek Technical Support? They seemed to know what they were doing, but their business practices were suspicious.
