PDA

View Full Version : Desperately needing some assistance with Macbook Air




derekkeogan
Mar 24, 2013, 10:55 AM
Hi All, i need some help please. My ex has installed a key logger and possibly a RAT program on my new Macbook. She basically is causing untold damage and despair by basically watching me from her own computer. Everything i do.. email, skype, and any internet activity is monitored from her computer. Everytime i change a password she can see it.. and its become out of control now. She finds it amusing and freely admits it, finding it amusing in the process :mad:

Firstly I would like to know which steps i should start with? I think if i erase the OS and install a fresh one this might help but do i need to reformat the hard disc first? Could the keylogger be encrypted on the partitions? Will a erase of OS and a new one installed be enough?
Secondly if i do the above and that works, what should i do to prevent further attacks?
I get a message up on my screen sometimes which is very suspicious.. it says "Your IP address is being used by another user". Is this her? How is she doing this?
Any help would be appreciated guys, i am really struggling here.:(



Mrbobb
Mar 24, 2013, 11:32 AM
Ex are hilarious arent they?

Backup data, if any. Be sure you have the images to re-install all needed Apps. All purchases from Apple should be able to re-acquire them online.

Re-install clean OS from either a saved image, or online restore, by first booting into Recovery Mode (Option-Boot), then use the Disk Utility to first erase the boot drive, THEN proceed with the re-install.

When done, re-install all needed Apps.

Allocate better part of a day to do this, specially if you have slow Internet.

Future prevent: Don't give anybody your signon pwd. If she says "check out this site" be very skeptical.

derekkeogan
Mar 24, 2013, 11:47 AM
Thanks Mrbobb
Yeah ex's are great fun :-) i'm not worried about losing any data from the computer, she has already wiped it clean once already by using the remote disable function ( she nailed both my iphone and mac already, findmyiphone or i cloud, i think)
Ok so i just rebooted into the recovery mode and i'm ready to go. I am on the disc utility screen but i'm wondering which to delete? It has 2 options..
"121.13 GB APPLE SSD TS..
and then something called
"untitled"
Below this is :
"Disc 1"
and below that..
Mac OS x Base System

Which one should i erase?

eric/
Mar 24, 2013, 03:48 PM
Maybe try this?

http://support.apple.com/kb/PH10763?viewlocale=en_US&locale=en_US

You can unplug the laptop from the internet, too, and maybe find and delete the logger?

derekkeogan
Mar 25, 2013, 10:49 PM
Thanks guys for your help so far. I have now found out its something called JRat she has on my computer. I still want to wipe it clean and re-install the OS, just to be sure she cant get in again. I have also read that it gets in via a port or my ip address. Does that mean she needs to be online at the same time i am connected to the net?
Oh and if someone could answer my second post as to which file i need to delete then it would be a big relief. :o

phoenixsan
Mar 26, 2013, 12:24 AM
strongly suggest you to backup all your important/sensitive data. And later do a complete format on your HDD and reinstall the OS, apps and documents you use. I have the idea your ex can be prosecuted for her wrondoing, but that is me just thinking/talking....:eek:


:):apple:

Acorn
Mar 26, 2013, 05:57 AM
you should also disable location services so she cannot remote wipe again. it may ask you if you want to turn it on when you reinstall. choose no.

also remember to turn on your firewall after reinstall. its off by default

i would update all passwords starting with your email first. changing them all one by one after you do a clean install.

Santabean2000
Mar 26, 2013, 06:54 AM
I'd recommend getting a new computer altogether. The old one could then be used to turn against your 'loved one'. False activity could be quite amusing if she thought it all to be real.

Hirakata
Mar 26, 2013, 09:53 AM
She may be having fun, but she is committing a Class B misdemeanor which is up to six months in prison, a fine of up to $1,000, or both. I'd make her aware of this after you wipe your disc. Sounds like she needs to grow up and learn that all actions have consequences.

derekkeogan
Mar 26, 2013, 11:18 AM
Thanks everyone for the posts. The whole thing has been taking its toll on me, sleepless nights etc etc. Its good to hear that this kind of thing has consequences if i ever had to go down that line. I would never resort to this type of thing so i wont be trying to get back at her. I'm a firm believer in the idea that people who do this sort of thing will always end up paying for it in someway or another.
Anyway could someone please tell me which of the following i need to remove when i am on the disc utility function in order to wipe it clean:

"121. 33 GB Apple SSD TS"
or
"Untitled"
or
"Disc 1"
or
"Mac OS X Base system"

These are the 4 options I have. Which one to delete? Oh and by the way sorry if i seem a little green here, its my first Mac :-)

TheRealDamager
Mar 26, 2013, 12:05 PM
I'd recommend getting a new computer altogether. The old one could then be used to turn against your 'loved one'. False activity could be quite amusing if she thought it all to be real.

I like this idea a LOT.

stchman
Mar 26, 2013, 02:44 PM
To the OP:

So your ex-wife is that computer savvy? Is she in the same house as you? If no, then it is unlikely that her keylogger will get through the router's firewall unless she has opened up the proper ports in YOUR router.

Are you able to verify that she has indeed installed this keylogging program, or did she just say she did to get under your skin.

Just to be in the safe side, I would delete all the partitions using Disk Utility and re-install the OS. If you hold down the Command key during boot, you will be able to select the recovery, run disk utility, and then re-install the OS.

Saturn1217
Mar 26, 2013, 06:00 PM
Before you wipe and fix everything is there a way to document what she's done to your computer?

Because with someone crazy (and mean) enough to do this you probably need to keep a legal solution in the back of your mind.

Having things documented so you can prove what happened is a good start (although I have no experience in how you would do this).

DisplacedMic
Mar 27, 2013, 10:44 AM
Hi All, i need some help please. My ex has installed a key logger and possibly a RAT program on my new Macbook. She basically is causing untold damage and despair by basically watching me from her own computer. Everything i do.. email, skype, and any internet activity is monitored from her computer. Everytime i change a password she can see it.. and its become out of control now. She finds it amusing and freely admits it, finding it amusing in the process :mad:

Firstly I would like to know which steps i should start with? I think if i erase the OS and install a fresh one this might help but do i need to reformat the hard disc first? Could the keylogger be encrypted on the partitions? Will a erase of OS and a new one installed be enough?
Secondly if i do the above and that works, what should i do to prevent further attacks?
I get a message up on my screen sometimes which is very suspicious.. it says "Your IP address is being used by another user". Is this her? How is she doing this?
Any help would be appreciated guys, i am really struggling here.:(

ex wife or ex gf? if you're going through a divorce i would talk to your attorney. otherwise i personally would do a fresh install of the OS. if you're not comfortable doing that or don't want to i'd take it to the geniuses and tell them what you told us.

sorry man - it gets better!

DisplacedMic
Mar 27, 2013, 11:15 AM
Before you wipe and fix everything is there a way to document what she's done to your computer?

Because with someone crazy (and mean) enough to do this you probably need to keep a legal solution in the back of your mind.

Having things documented so you can prove what happened is a good start (although I have no experience in how you would do this).

agree 100%

JohnnyComeLatly
Apr 3, 2013, 08:23 AM
FYI a out-of-the-box install of OS X and typical router will NOT stop one of these programs. I have Witness and Defender installed on my MBP and MBA, and can get through a routers firewall with no issues. However, the Mac OS X firewall is off... not sure if I did that *shrug*

If JRat is like Defender, you need to wipe (assuming it's not bios locked somehow) and reinstall to get rid of it. I'd use a Time Machine backup to restore the apps, just be certain you don't re-add the spy app.

JHUFrank
Apr 3, 2013, 10:33 PM
Legal issues out the wazoo on this one. Document everything, and I would double check that she is not using any of your other sensitive information.

dbroncos78087
Apr 4, 2013, 08:05 AM
Thanks everyone for the posts. The whole thing has been taking its toll on me, sleepless nights etc etc. Its good to hear that this kind of thing has consequences if i ever had to go down that line. I would never resort to this type of thing so i wont be trying to get back at her. I'm a firm believer in the idea that people who do this sort of thing will always end up paying for it in someway or another.
Anyway could someone please tell me which of the following i need to remove when i am on the disc utility function in order to wipe it clean:

"121. 33 GB Apple SSD TS"
or
"Untitled"
or
"Disc 1"
or
"Mac OS X Base system"

These are the 4 options I have. Which one to delete? Oh and by the way sorry if i seem a little green here, its my first Mac :-)

Karma works because people who are wronged take action to get justice. I'm not saying revenge because they are two different words. I look at karma as something that happens because people act and not something that will passively get better. Karma is Newtonian but remember that an object at rest tends to stay at rest.

SoIsays
Apr 4, 2013, 09:17 AM
Wow, OP, hilarious and sad at the same time. I would disconnect from the internet, back up your most important data, then reinstall your OS two times just to be sure.

eric/
Apr 5, 2013, 06:34 AM
Really though, you should contact a lawyer or the police. See if there is anything you can do.