Q: Anybody hear of Geek Technical Support? They seemed to know what they were doing, but their business practices were suspicious.

I did read through what has been mentioned, but don't think I saw this one. Have that credit card number cancelled immediately and have a new card issued. Either the scammers will try to use it for illegal purchases, or they'll sell the number to any number of other crooks who will.

MaryCarolG wrote:

 

My husband says he will run your program as soon as he finishes the taxes.

Just post the results here and pretty much anyone can tell if anything looks wrong.

You are correct about the current scams. Plus, there are very few true viruses to implant. The biggest risk are perfectly legitimate programs that can be used to create backdoors. EtreCheck will only report some of these because some of them are built into the operating system. You would have to go to System Preferences > Sharing and make sure everything is turned off. Hopefully the Apple support technician did that.

I don't disagree with what anyone says about erasing the hard drive and reinstalling. Thomas really nails it. It is possible to thoroughly check things out in person, but in the real world it is so much easier to just wipe and restore. But even that may be a challenge for some people and there may not be any nearby support options. Each situation is different and I don't want anyone to risk losing irreplaceable data out of fear that someone else may have accessed it.

Another reason I would like to see the EtreCheck report is because it includes some information about the status of your backups. Before taking a machine in for any kind of service, you should have a good backup. As Thomas pointed out, if you know you are going to need such a backup, the ideal action is to make a secondary backup in addition to Time Machine. And don't forget than any changes you make during this period, like taxes, should be saved somewhere else too. If you wind up restoring your machine to a state from 3 days ago, your tax information could be lost. If you are using some software, make sure to look for an archive feature and save everything somewhere else.

MaryCarolG wrote:

 

What exactly constitutes a secondary backup? (A second time machine?)

 

Can they do all this at the Apple Store?

Yes. Time Machine can do that. The hard part is that it requires a second hard drive. The Apple Store does sell those, but you need to have a good backup before you drop off the machine.

This is where you have to balance what you can reasonably do vs. what the scammers might have done and pick something in the middle that you can live with.

MaryCarolG wrote:

 

What exactly constitutes a secondary backup? (A second time machine?)

 

Can they do all this at the Apple Store?

Buy an external hard drive that is big enough to hold everything on your hard drive with room to spare. You can then use Time Machine to back up to that drive in addition to whatever other drive it is currently backing up to. Maintain the backups on both drives. Alternately (preferably, in my opinion), you can use a different backup program (such as Carbon Copy Cloner) to back up to the second drive. The advantage to this is that, if Time Machine has some kind of malfunction that affects all your backups, it won't affect that one.

My own personal strategy is to use Time Machine to back up to a Time Capsule, and use Carbon Copy Cloner to back up to two other hard drives. One of those drives is at home, the other in my safe deposit box, and every now and then I swap them. Even if there's a fire or theft or some other catastrophe, I still have the copy at the bank.

The major pain of having a card cancelled is that you have to go to all of your online accounts and wherever else to update them to the new number. But better that than unauthorized purchases showing up.

Logmein is remote access software. That needs to be removed as soon as possible. See http://help.logmein.com/articles/en_US/FAQ/How-do-I-uninstall-LogMeIn-for-Mac-en 1/?q=Uninstall&l=en_US&fs=Search&pn=1

Logmein, as pointed out is a remote access gateway, remove it entirely.

Frankly I would erase your Mac and reinstall, it is the best way to keep safe.

I'd also question this:

com.logmein.hamachimb

see here:

https://secure.logmein.com/products/hamachi/

as well as a couple of other potential entries.

I'd definitely second the recommendation to wipe your drive and reinstall from scratch as there may be other things hidden somewhere. And only use a backup to restore from a date before you were dealing with these scammers.

hi do want it back

???????