Askmate LCC - send check/ computer compromised?

I hate to give you bad news, but you fell victim to a common scam and that Mac can no longer be considered secure. No, do not send the check. If you sent a video or photograph of the check it may already have been cashed (it is legal to do so, using an image of the check), in which case you should contact the issuing bank and order a stop payment.

Anyone, anywhere on Earth with a telephone, can perpetrate this scam. It is a scam because there is no conceivable way for a remote system to automatically diagnose any alleged problem with your Mac, absent your active participation, so the popup warnings are themselves fraudulent. Because it is a scam, any identifying information that appears in the popup may not be authentic, and might not be associated with any legitimate company. For more information read Phony "tech support" / "Ransomware" popups and web pages.

The proceeds derived from a single successful exploit of this type are usually on the order of hundreds of dollars. The revenue could be used for any conceivable purpose from paying their phone bill to funding international terrorism and murder.

If you consented to the installation of remote access software such as Teamviewer or LogMeIn, followed by permitting the installation of additional software, or control of your Mac, you should consider that Mac no longer secure from unauthorized access. If you have a Time Machine backup, disconnect that Mac from the Internet completely (turn off Wi-Fi and disconnect Ethernet, as applicable) and restore from a backup preceding the intrusion. Change your Mac's password, and any other passwords that you may have used for any service. Do not reconnect that Mac to the Internet until it has been erased or a backup created prior to the intrusion has been restored.

• If you have a backup that you created prior to the intrusion, now is the time to use it. For Time Machine, boot OS X Recovery, and at the Mac OS X Utilities screen, choose Restore from Time Machine Backup. Choose a date preceding the remote login event.
• If you do not have a backup that predates the intrusion, create one now. To do that read Mac Basics: Time Machine backs up your Mac.
  • The recovery procedure will require that you erase the Mac using OS X Recovery, and then create a new user whose contents will be empty. You will then be able to use Setup Assistant to migrate your essential documents including photos, music, work products and other essential files.
  • When doing so, select only your previous User account and do not select "Applications", "Computer and Network Settings" or "Other files and folders". De-select those choices.
  • Subsequent to using Setup Assistant, you will need to reinstall the essential software you may require, once again remembering to install software only from their original sources, and omitting all non-essential software.
  • "Non-essential software" is a broad category that includes but is not limited to third party "cleaning", "maintenance", and "anti-virus" products.

To erase and install Yosemite read: OS X Yosemite: Erase and reinstall OS X

To migrate your essential documents read: OS X Yosemite: Transfer your info from a computer or storage device and follow the procedure under Transfer info from a Time Machine backup or other storage device.

If you showed them a check from your bank account, you need to contact your bank's Fraud Security immediately. They have your bank account number. You bank undoubtedly has a 24 hour hotline for Fraud. See if you can find it and contact them immediately!

Best of luck,

GB

Wow, really sorry that happened to you. It will be a good idea to get your account number changed. These people are animals (not even that - calling them animals is an insult to animals) looking for anyone as prey.....Glad you were able to alert your bank. I don't know if you have ever looked into using a service like LifeLock, but I would highly recommend it (especially now). LifeLock is an identity Protection Service that you can register all of your credit cards and bank info with, and they will keep you abreast of any untoward activity (or all activity, if you wish) on your accounts.

I have used their service for many years now - not cheap, but protecting my identity is worth it to me. I also have the only credit card I ever use online (American Express) and my Bank account set up to send me alerts whenever any electronic activity takes place on them. I get an email whenever anything is charged to either my Amex or Debit card, and I know immediately if it is legit or not. If it is legit, I trash the email so I don't have a million of them in my Inbox. But, again, it is worth it to me to be able to know what is happening on my accounts at any given point in time.

I know there are folks here (probably John can tell you what to do if he is still online) who know how to uninstall CleanMyMac from your Mac. But if you don't hear from anyone, it would not be a bad idea to take it to the Apple Store for help. Make a Genius Bar appointment first.

Best of luck!

GB

marize2007 wrote:

I'm a bit lost on what to do about my macbook air, they have installed a program called cleanmymac 2.2.2 and I can not uninstall it...

Go back and read John's post more carefully... Although he doesn't say so very clearly, the fact that you gave the scammers remote access to your Mac means it has been compromised. It must be erased, and either restored from a backup made prior to giving the scammers access, or the system and all apps should be reinstalled from scratch. John has instructions on how to do this.

Under no circumstances should you be trying to undo whatever the scammers did... that will not be sufficient to remove all possible things they could have done.

marize2007 wrote:

Many thanks John, I really appreciate your guidance. I'm a bit lost on what to do about my macbook air, they have installed a program called cleanmymac 2.2.2 and I can not uninstall it... should I go the an apple store tomorrow and try to have their help? :-(

CleanMyMac is not trivial to uninstall, but what makes that fact worse is that it is capable of making irreversible changes to your system. Merely uninstalling it does not undo those alterations. Neither you nor I can possibly know what the scam outfit did by using it, or even if they used it. That is another reason I advocate completely erasing your Mac and reconfiguring it.

If you are reluctant to carry out the instructions I posted, an Apple Store can certainly accomplish it for a reasonable fee. The first thing they will ask is if you have a backup of your data, which is the reason for suggesting you use Time Machine. It is only one example of a "backup" though. The reason for that is that the Apple Store won't do anything more than erase your Mac and reinstall OS X. You can just as easily do that yourself, but all your personally installed programs and files will be gone until you restore them from original sources or the backups you create prior to erasing it (respectively).

That will leave your Mac in a condition in which it can be assured no third party personal information-harvesting software remains. To reinstall the essential documents and files you normally use will require restoring those files from the backup. Reinstalling any programs you normally use requires reinstalling them from their original sources, ones guaranteed to have been unaltered by either CleanMyMac or whatever else may have been installed by the scam artists.

In all likelihood, all the scam outfit wanted was your $350. However, it would be irresponsible of me or anyone else to just leave it at that, assuring you that there is no more need for concern. Is it likely they surreptitously installed a "backdoor" or otherwise left your Mac in a condition leaving it vulnerable to continued exploits? Probably not, but no one can say for certain. Is it possible to use a diagnostic program or script to examine your Mac for the existence of malicious software? Yes, but only within the limitations of any such diagnostic routines, leaving you short of 100% assurance nothing is amiss. If it were my Mac, I would be satisfied with nothing less than what I described. It is likely to require the least amount of your time and constant interaction, and is what I do myself given any Mac in an unknown condition. It also has the advantage of being unequivocally supported by Apple's support publications.

So it's your choice to take your Mac to Apple, or to erase and reconfigure it yourself. If you elect the latter, and need help with the instructions I posted, either write back or post a new Discussion asking for help. Since this one is marked "answered" it is not likely to attract the additional attention you may require.

marize2007 wrote:

I was helped by a very nice lady through the steps to delete all the files and everything new and unsafe I could have in my laptop. It took some time and we checked many folders and files.

I'm sure she was nice and was trying to be helpful, but there's no way that she can guarantee you that your machine is safe. Once a malicious individual has had remote access to your computer, the only thing that can guarantee that there's nothing nasty hiding somewhere is to erase the hard drive. If you don't do that, you're probably okay, but the point is that without doing that there is no guarantee that the scammer isn't still spying on you. It's a trade-off between a bit of extra work for the peace of mind of knowing you're safe and the easier way out without that peace of mind.

marize2007 wrote:

... My doubt now is if what we did was safe as John had advocated completely erasing my Mac and reconfiguring it, which we didn't... Please advise once again?

Though it may be small, that element of doubt will exist unless you erase your Mac and reconfigure it as I recommended. As I wrote I would be satisfied with nothing less, but it is your Mac we are discussing, not mine. Ultimately this is a personal decision only you can make.