Q: Chinese hack by vpn
Hope someone can help.
The Macbook is used, but new to me. I'm using a library computer for this query.
Turns out my ISP is hacked by a VPN and ISP will not help with problem. Here's how it happened: I download a manual is was seeking for a device I have from a site that it is now clear was a hacker site. This was done on a different computer and I could tell it was a VPN. First time I connected new-to-me Macbook, it got hacked and here are some of the clues I was able to find.
1. two chinese language apps had been downloaded.
2. Internet wanted firewire connection--i've never had firewire. MAC Add for Firewire IS 00:25:bc:cc:04 (ethernet same MAC add)
3. Mac Add for my DSL Wifi is not the same (don't know if this is a clue, but do not want to publish those numbers here)
4 In Networking Advanced view, WINS Net BIOS Name was changed to MACBOOK-DBCC04, WORKGROUP. This is NOT my Net BIOS Name
5. Security is WPA2 and should be WPA/WPA2 Personal
6. Settings for Firewire/ethernet: Bypass prosy settings for these Hosts & Domains; *.local, 169.254/16 checkmark on Use Passive FTP Mode (PASV)
7. Search of "Find My Device" resulted in 13 pages, but here are the entries that matter:
0x7fff959b1000- 0x7fff959bcff7libChineseTokenizer.dylib(16) <1794A880-9C3D-37B2-8F3E-6CAFFB396080> /usr/lib/libChineseTokenizer.dylib
plus:
/System/Library/PrivateFrameworks/Language/LanguageModeling.framework/Versions/A /LanguageModeling
0x7fff95bc8000 - 0x7fff95bd1fff com.apple.icloud.FindMyDevice (1.0 - 1 <28CE764F-4C4C-3A75-B7AE-EDBC7A189E82>
(to date I've not set up my own icloud account w/apple
I have futzed around and now get blinking folder/? screen on start up, or lock screen for password with hold option key on startup.
It was running El Capitan and I have a bootable usb for El Capitan--Note usb were disabled while hacker has control.
MacBook, OS X El Capitan (10.11.1)
Posted on Dec 15, 2015 11:38 AM