Don´t know if this is the best place to post this issue.
Recently a person came to see my house which is for sale, and asked my Macbook to perform a banking transaction. In the moment I didn´t see any problem. But when he left I felt suspicion he might have left some malicious software. Can any one point me to where to look for any risks on my Mac. Thanks
Odd that anyone would use anything but their own device for an online bank transaction. I'm sure you were trying to be nice but it's never a good idea to allow a stranger to use your personal computer.
If you only use Safari, check the history trail.
From your Safari menu bar click History. If it's been deleted, definitely check for malware. Better yet, check for malware regardless.
Download and run the AdMedic adware / malware removal tool here > AdwareMedic
Easy and only takes a minute or two.
If you would rather not download the utility, you can remove the malware manually.
Instructions here > Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
The most pointless thing you could do is to run any kind of program to detect adware. If adware was installed, you would be seeing ads.
If you know or suspect that a hostile intruder has either had physical access or has taken control of it remotely, then there are some steps you should take to make sure that the computer is safe to use.
First, depending on the circumstances, computer tampering may be a crime, a civil wrong, or both. If there's any chance that the matter will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. The computer would be the principal evidence in such a case, and you don't want to destroy that evidence.
Running any kind of "anti-virus" software is pointless. If I broke into a system and wanted to leave a back door, I could do it in a way that would be undetectable by those means—and I don't pretend to any special skill as a hacker. You have to assume that any intruder can do the same. For example, commercial keylogging software—which has legitimate as well as illegitimate uses—won't be recognized as malware, because it's not malware.
The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the state it was in before the attack. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.
If you don't know when the attack happened, or if it was too long ago for a complete rollback to be practical, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
Reinstall third-party software from original media or fresh downloads—not from a backup, which could be contaminated.
Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.
The above being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.
Thank you for your replies.
Linc, I also found a post of yours to another issue here: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
Would it be helpful if I post the output of the commands on the procedure you post there?
Thanks again for your help.
Would it be helpful if I post the output of the commands on the procedure you post there?
No, please don't. I regret that I ever responded to that question, and the last thing I want to do is start another thread like that one. If you take seriously the possibility that the computer has been tampered with, the only safe procedure is the one I described earlier. A compromised system can't be trusted to do anything, including detecting its own compromise. It's unlikely that anything is wrong with it at all, so you have to weigh the risk against the effort involved.
prevension911 wrote:
Recently a person came to see my house which is for sale, and asked my Macbook to perform a banking transaction.
This is amazingly strange... either that person was clueless beyond belief to trust someone else's computer with the credentials for an online banking account, or they were up to no good. I've got to agree with Linc, there's absolutely nothing you can do to determine with 100% certainty whether something malicious was done to your computer. You should erase the hard drive and either restore from a backup made prior to the incident or reinstall everything from scratch.
Just lent my Mac to person interested in buying house.
