e.a.snell

Q: My macbook pro was accessed by  scammers via teamview. how can I do a scan to see if they have entered any malware .  Could they access my passwords?

my macbook pro was accessed by scammers posing as BT open reach engineers using teamview for 10minutes max.

What precautions should i now take? system mountain lion 10.8.5

iMac, OS X Mountain Lion (10.8.5)

Posted on Jul 30, 2016 7:02 AM

Close

Q: My macbook pro was accessed by  scammers via teamview. how can I do a scan to see if they have entered any malware .  Co ... more

  • All replies
  • Helpful answers

  • by macjack,

    macjack macjack Jul 30, 2016 7:14 AM in response to e.a.snell
    Level 9 (55,682 points)
    Mac OS X
    Jul 30, 2016 7:14 AM in response to e.a.snell

    Hi e.a.snell, that's a common scam. You can report it to http://www.apple.com/legal/more-resources/phishing/

    Once someone has physical access to your computer they can access all your information and leave any malware they like on your system.

    The only thing to do after that happens is to reformat the drive and re-install OS X.

    First make a copy of your own data.

    Then, boot up command + option + R. Choose Disk Utility and erase the entire hard drive (uppermost icon). Now, partition your drive, You need to create at least one partition for Mac OS X that should be formatted OS X Extended, GUID partition scheme which is set by default.  Be sure you are connected to the internet via Wi-Fi or ethernet.

    The original OS that computer shipped with will be installed. After set up, you can upgrade. After it finishes installing, it will reboot and put you SetUp Assistant. Once you set up your accounts, you can log into the AppStore and upgrade OS X to the newest version your Mac meets the system specification for..

    Older Macs

    First make a copy of your present hard drive, unless you have a recent backup.

    You'll need your original install DVDs for the next step.

    Boot from the install DVD. Choose the disk you want to erase in Disk Utility and choose the upper icon, representing the entire drive. Press Erase Disk.

    Then, from your DVD, you will install the original OS and from there upgrade to 10.6.8.

    EDIT: Also change your Apple ID.

  • by Csound1,

    Csound1 Csound1 Jul 30, 2016 7:17 AM in response to e.a.snell
    Level 9 (50,202 points)
    Desktops
    Jul 30, 2016 7:17 AM in response to e.a.snell

    As previously stated, your scammers had total access to your computer, so they could have done anything they wanted. Follow macjack's advice.

  • by e.a.snell,

    e.a.snell e.a.snell Jul 30, 2016 7:27 AM in response to macjack
    Level 1 (8 points)
    Notebooks
    Jul 30, 2016 7:27 AM in response to macjack

    That sounds the right thing to do but as I am a complete novice at doing what you suggest I think I'll need step by step instruction.  I have a time machine backup for 16/07/16 and this thing happened yesterday 29th July.  I don't even know what 'boot up' means. The macbook is currently turned off so when I power it back on I'll have to enter the apple id on the screen to see the desktop. Do I then press cmd +alt +R?

    How do I partition the drive? When do I attach the backup or will I be prompted to install the OS from within the computer?  Shall I try youtube for instructional videos?

  • by macjack,

    macjack macjack Jul 30, 2016 7:42 AM in response to e.a.snell
    Level 9 (55,682 points)
    Mac OS X
    Jul 30, 2016 7:42 AM in response to e.a.snell

    e.a.snell wrote:

     

    That sounds the right thing to do but as I am a complete novice at doing what you suggest I think I'll need step by step instruction.  I have a time machine backup for 16/07/16 and this thing happened yesterday 29th July.  I don't even know what 'boot up' means. The macbook is currently turned off so when I power it back on I'll have to enter the apple id on the screen to see the desktop. Do I then press cmd +alt +R?

    How do I partition the drive? When do I attach the backup or will I be prompted to install the OS from within the computer?  Shall I try youtube for instructional videos?

    Boot up = Startup.

    Look in Time Machine Snapshots and copy your data to another disk, you can use a pocket drive,

    About Time Machine local snapshots - Apple Support

    If you have a recovery partition, startup holding the command + shift + R keys but you may not, in which case you need to use the install dvd that shipped with your Mac.

    How to reinstall OS X - Apple Support

    https://www.youtube.com/watch?v=cBX6J9Ccl3A

  • by e.a.snell,

    e.a.snell e.a.snell Jul 30, 2016 8:38 AM in response to e.a.snell
    Level 1 (8 points)
    Notebooks
    Jul 30, 2016 8:38 AM in response to e.a.snell

    Ok I've done some research and now wonder if you can tell me when in the process I should use time machine backup?

    I'm considering a simple option of doing what you say and upgrading to el capitan but first copying all the 20,000 photos to external storage.  I don't mind losing all the other files on the hard drive. 

    I think there is a problem with copying iphoto libraries however and now el capitan doesn't use iphoto.  Do you have any advice for me here.

     

    BTW the scam was effective because i was expecting a call from BTopenreach and previously BT has operated my computer externally to sort out configuration problems…I did not disclose any financial information but am concerned that the hard drive may have a key logger on it or somesuch.

  • by macjack,

    macjack macjack Jul 30, 2016 8:51 AM in response to e.a.snell
    Level 9 (55,682 points)
    Mac OS X
    Jul 30, 2016 8:51 AM in response to e.a.snell

    Do you keep any financial data anywhere on your Mac? If you do then they could have access to it.

    If do a Time Machine restore, it will copy over all the mailcious stuff. Rather than that, do the erase & install and then just move back you own data. That's why I said to save your own data. It should be in your Documents folder.

  • by e.a.snell,

    e.a.snell e.a.snell Jul 30, 2016 9:12 AM in response to macjack
    Level 1 (8 points)
    Notebooks
    Jul 30, 2016 9:12 AM in response to macjack

    In documents there is an electricity bill without info on payment bank but address, name and insurance documents with personal details but no bank info however in history there were a number of pages used when we last accessed our bank to do a money transfer.  We have contacted the bank changed some of our security inc pins and closed internet access to our account until we sort this out. The macbook is offline and I'm using my imac which was open but not connected to the macbook when all this happened..  Is that enough?

  • by macjack,

    macjack macjack Jul 30, 2016 9:15 AM in response to e.a.snell
    Level 9 (55,682 points)
    Mac OS X
    Jul 30, 2016 9:15 AM in response to e.a.snell

    Yes. But don't use MacBook again until you've erased & re-installed.

  • by e.a.snell,Helpful

    e.a.snell e.a.snell Jul 30, 2016 9:29 AM in response to macjack
    Level 1 (8 points)
    Notebooks
    Jul 30, 2016 9:29 AM in response to macjack

    ok I'll give it a go.

    Thankyou very much macjack, you have been patient and helpful.

  • by macjack,

    macjack macjack Jul 30, 2016 9:33 AM in response to e.a.snell
    Level 9 (55,682 points)
    Mac OS X
    Jul 30, 2016 9:33 AM in response to e.a.snell

    You're welcome. If you have further questions please post back.