Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to uninstall an occult administrative account

M

machacked

macrumors newbie
Original poster
Nov 10, 2010
10
0
I have a new macpro and an administrative account was created in top of my own, yes I was hacked:mad:, I found that "occult" administrative account, I have the password, I thought that I deleted cuz no longer appears under the accouns, but if the system ask me to install/delete software I can type the name of that "occult" account with the password and is still working as an administrative account.
So I have two administrative accounts in my computer... How I get rid of this occult one?

I know that I can format the whole computer and reinstall all the programs and this may be the ultimate solution, but I was wondering if there is a way to delete and inactivate that occult user account?

Thanks
 
If you've been hacked, re-install, and restore your documents from backups. Don't bother doing anything else, do not pass go, etc.

Do you know how you were hacked? (someone sitting at your computer, your computer sitting on the internet with no firewall, malware, etc)
 
someone sitting in my computer...

How to protect this in the future? besides the obvious no let anyone touch my computer...
 
spinnerlys said:
Use a fairly strong (twelve characters for example) password.

I use passwords from twelve to 25 characters, and haven't had a problem since and before.
Click to expand...

I had a password but the person bypass that with command "S" when u start the computer... and from there created a new administrative account... then hide that account....

Any other suggestion?
 
machacked said:
I don't see a "home" directory in the users folders... :confused:
Click to expand...

The Users folder is a folder that contains at least two folders. One is called "Shared", the other folder has your short user name. Those folders are also called Home directories, while logged into them, as they store all your personal files and preferences, unless you choose to store data outside of that folder.

If you still have problems with that third ominous user, there should be a third folder named similarly in the Users folder.

But as it seems, you are still logged in as that user, otherwise you would not be asked to use the user name.

How many accounts are listed in System Preferences > Accounts?
 
spinnerlys said:
The Users folder is a folder that contains at least two folders. One is called "Shared", the other folder has your short user name. Those folders are also called Home directories, while logged into them, as they store all your personal files and preferences, unless you choose to store data outside of that folder.

If you still have problems with that third ominous user, there should be a third folder named similarly in the Users folder.

But as it seems, you are still logged in as that user, otherwise you would not be asked to use the user name.

How many accounts are listed in System Preferences > Accounts?
Click to expand...

Ok, only 2 users are listed, myself and a guest user (which does not require password neither has administrative privileges.

If I want to change users names, etc, it ask me for my password, which I can type my user's password and works fine, or, what bothers me, if I type this occult account name in top of my account name and use the occult account password.. also let me make changes as an administrator... so that account is somewhat still active... how I get rid of that?
 
NoNameBrand said:
If you've been hacked, re-install, and restore your documents from backups. Don't bother doing anything else, do not pass go, etc.

Do you know how you were hacked? (someone sitting at your computer, your computer sitting on the internet with no firewall, malware, etc)
Click to expand...

someone was sitting in my computer and when turn it on bypass the log in screen using command "s" and created a new account administrative account...
then hide it.... the whole purpose was to install a spyware software (which I already deleted)
 
machacked said:
Ok, only 2 users are listed, myself and a guest user (which does not require password neither has administrative privileges.

If I want to change users names, etc, it ask me for my password, which I can type my user's password and works fine, or, what bothers me, if I type this occult account name in top of my account name and use the occult account password.. also let me make changes as an administrator... so that account is somewhat still active... how I get ride of that?
Click to expand...

Can you tell us what the user name is?

If you don't have any data on that Mac yet, or can copy it from your Home directory to somewhere else, do as NoNameBrand recommended.

Clean Install of OS X 10.6 Snow Leopard

You might also take a look at Firmware Password Protection.


Btw, to quote someone, just press the
quote.gif
button.
To quote several posts, use the
multiquote_off.gif
button (multi-quote).
To edit your posts, use the
edit.gif
button.

All these buttons are on the bottom right of the posts.

Minor Problems

6. Sequential posts.
Combine your comments into one post rather than making many consecutive posts to a thread within a short period of time.
Click to expand...
 
machacked said:
I had a password but the person bypass that with command "S" when u start the computer... and from there created a new administrative account... then hide that account....

Any other suggestion?
Click to expand...

Install a keylogger, wait for R. Douchington the Third to log in then use the usernames/passwords captured to spam every social networking account he uses with Lastmeasure links perhaps?

Failing that, a good LART has been known to work wonders - apply liberally to the head and groin region.

On a more serious note, adding an EFI password might help in this situation:

https://forums.macrumors.com/threads/632449/
 
al2o3cr said:
Install a keylogger, wait for R. Douchington the Third to log in then use the usernames/passwords captured to spam every social networking account he uses with Lastmeasure links perhaps?

Failing that, a good LART has been known to work wonders - apply liberally to the head and groin region.

On a more serious note, adding an EFI password might help in this situation:

https://forums.macrumors.com/threads/632449/
Click to expand...

I like the LART idea a lot!!!!!!!

Now, which one is a good keylogger to use?
I might get some payback time.
After that I guess that the best option is to clean and reformat the whole thing..

Thank you all for the help in this regard!!!!
 
machacked said:
Thanks for the help,
How you copy all this files as nonamebrand?
Click to expand...

Come again please?

If you meant, how to copy files: Use Finder and copy the files and folders from where they are (Command + C) to where there should be, which is not on the same partition as Mac OS X resides on. Either use an external HDD or one of the other possible HDDs inside the MP you have.

Or did you mean something else? NoNameBrand is a user and responded to your post as second poster (post #3).

And again:

To quote someone, just press the
quote.gif
button.
To quote several posts, use the
multiquote_off.gif
button (multi-quote).
To edit your posts, use the
edit.gif
button.

All these buttons are on the bottom right of the posts.

Minor Problems

6. Sequential posts.
Combine your comments into one post rather than making many consecutive posts to a thread within a short period of time.
Click to expand...
 
Thanks again!!!!
This was very helpful.

And I promise I will learn how to use this quote/edit stuff...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back