Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 28, 2012, 10:08 AM   #1
billthe
macrumors newbie
 
Join Date: Dec 2012
Unhappy Please help, urgent - Spyware is installed on my Mac

Good day dear forum members,

I really need some wise advise.

I did search the forums, but did not find my problem being solved.

It seems that some form of Spyware is installed on my MAC, its a long story but basically many people had access to it, it wasnt protected by a password. Now that I use my MAC all the time for work as well as personal, it can be quite damaging if someone really does have a remote access to it. I have sent some business emails, details of which got known by a third party ( it would not be possible for them to know ,unless they have access to my computer somehow ). Also, someone called me and said that they know my every move and told me that I just booked a flight ticket, and even named my destination. Again, I did not even tell to anyone this info, and the ticket was e-mailed to a brend new email adress which I specifically created for this.

I did use ClamXV, Dr.Web, and MacScan, they found nothing, but again I guess spyware is not meant to be detected that easily. I am thinking of buying a new hard drive, and install it. BUT I am worried if they could put some sort of chip or something which leaks all my info????? Is it possible for spyware to be stored on motherboard? What are the possible points of leak in my mac? How they can do that? I tried to adress police, but they just smiled and said that they have much more important things to deal with.

PLEASE HELP ME, what to do? I cant really buy a brand new lap top at the moment. Can just afford new hard-drive.

THANKS A MILLION
billthe is offline   0 Reply With Quote
Old Dec 28, 2012, 10:11 AM   #2
maflynn
Moderator
 
maflynn's Avatar
 
Join Date: May 2009
Location: Boston
The best way to ensure you have a clean system is to back up your data, and then format the drive and reinstall OSX/Apps and restore your data

[MOD NOTE]
I changed your title to make it more descriptive. Please help titles don't garner the level of attention since members won't enter the thread to see what help your asking
maflynn is offline   1 Reply With Quote
Old Dec 28, 2012, 10:11 AM   #3
mobilehaathi
macrumors 601
 
mobilehaathi's Avatar
 
Join Date: Aug 2008
Location: The Anthropocene
You action depends on just how paranoid you are and can range from reinstalling OSX to buying a new computer. Lots of things are possible, most of them are unlikely.
__________________
The true way is along a rope that is not spanned high in the air, but only just above the ground. It seems intended more to cause stumbling than to be walked along.
mobilehaathi is offline   0 Reply With Quote
Old Dec 28, 2012, 10:12 AM   #4
cheezeit
macrumors 6502
 
Join Date: Jul 2010
Quote:
Originally Posted by maflynn View Post
The best way to ensure you have a clean system is to back up your data, and then format the drive and reinstall OSX/Apps and restore your data
Yup I'd do the same. That way you don't have to worry if you got it all gone.
cheezeit is offline   0 Reply With Quote
Old Dec 28, 2012, 10:12 AM   #5
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by billthe View Post
PLEASE HELP ME, what to do?
Perform a clean install of your OS and reinstall your apps.

OS X: About OS X Recovery
How to Clean Install OS X Mountain Lion
Apple - OS X Recovery restores your Mac with a few clicks.
Hands on with Mountain Lion's OS X Recovery and Internet Recovery

Also be aware that it may have nothing to do with spyware. Most cases like yours involve someone having their email account compromised. Change all your passwords, especially for email, financial and social networking sites to secure passwords. Make sure they're long and complex, with special characters, numbers and upper and lower case letters.
GGJstudios is offline   0 Reply With Quote
Old Dec 28, 2012, 10:17 AM   #6
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Thanks a lot for your help guys. Its not that I am paranoid, I actually kept quite positive until it really got ridiculous. I mean how would the person know that I booked the ticket ????? Only if somehow he saw my desktop remotely. Like program, SniperSpy claims to be a remotely accessible thing....so they could watch my every step. FML.....

If I do a clean install, how likely that it will be gone? Can programs be resistant to clean installs? Can it be stored on a mother board?
billthe is offline   0 Reply With Quote
Old Dec 28, 2012, 10:19 AM   #7
mobilehaathi
macrumors 601
 
mobilehaathi's Avatar
 
Join Date: Aug 2008
Location: The Anthropocene
Quote:
Originally Posted by billthe View Post
If I do a clean install, how likely that it will be gone? Can programs be resistant to clean installs? Can it be stored on a mother board?
Very likely. Yes. Yes.
__________________
The true way is along a rope that is not spanned high in the air, but only just above the ground. It seems intended more to cause stumbling than to be walked along.
mobilehaathi is offline   0 Reply With Quote
Old Dec 28, 2012, 10:23 AM   #8
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Quote:
Originally Posted by mobilehaathi View Post
Very likely. Yes. Yes.
I am sorry, but I really dont know much in details about how computers operate, are you being sarcastic now? How I can be sure that its not there?
billthe is offline   0 Reply With Quote
Old Dec 28, 2012, 10:24 AM   #9
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
First thing to do is to check if any box is checked in the Sharing preferences, I suspect you left the Mac unattended and someone switched on Remote access.
It is in System Preferences- Sharing.
You also should change your Account Password in Users and Groups in System Preferences.
And, change all your passwords of all items in your keychain/mail account and other sites passwords.
A clean install would not make a difference if you leave all your passwords the same.
I think spyware is unlikely.
justperry is offline   1 Reply With Quote
Old Dec 28, 2012, 10:25 AM   #10
simsaladimbamba
Guest
 
Join Date: Nov 2010
Location: located
Quote:
Originally Posted by billthe View Post
I am sorry, but I really dont know much in details about how computers operate, are you being sarcastic now? How I can be sure that its not there?
Because a Clean Install removes everything. mobilehaathi was not sarcastic.

While the others responded, I made this small video to make sure, you do not have spyware installed.
The resulting PDF should be attached to your next post and some of us can look over the PDF and see, what might be installed.
simsaladimbamba is offline   0 Reply With Quote
Old Dec 28, 2012, 10:25 AM   #11
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by billthe View Post
Thanks a lot for your help guys. Its not that I am paranoid, I actually kept quite positive until it really got ridiculous. I mean how would the person know that I booked the ticket ?????
Did you use an email address when you booked the ticket?
Quote:
Originally Posted by billthe View Post
Only if somehow he saw my desktop remotely.
No, that's not the only way. It is really extremely rare than any Mac user is victimized by spyware.
Quote:
Originally Posted by billthe View Post
Like program, SniperSpy claims to be a remotely accessible thing....
If you had SniperSpy installed, the scans that you ran would have detected it.
Quote:
Originally Posted by billthe View Post
If I do a clean install, how likely that it will be gone?
100% likely.
Quote:
Originally Posted by billthe View Post
Can programs be resistant to clean installs?
No.
Quote:
Originally Posted by billthe View Post
Can it be stored on a mother board?
No.
GGJstudios is offline   0 Reply With Quote
Old Dec 28, 2012, 12:40 PM   #12
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Quote:
Originally Posted by GGJstudios View Post
Did you use an email address when you booked the ticket?

No, that's not the only way. It is really extremely rare than any Mac user is victimized by spyware.

If you had SniperSpy installed, the scans that you ran would have detected it.

100% likely.

No.

No.
I did use email, but I made a new one, which nobody knew. What are the other options then? Could you please tell me, so I will be aware of them.

Thanks for your kind answer, it does help
billthe is offline   0 Reply With Quote
Old Dec 28, 2012, 12:41 PM   #13
simsaladimbamba
Guest
 
Join Date: Nov 2010
Location: located
Quote:
Originally Posted by billthe View Post
What are the other options then?
Post #10 is a start.
simsaladimbamba is offline   0 Reply With Quote
Old Dec 28, 2012, 12:47 PM   #14
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Here is my Activity monitor PDF.
billthe is offline   0 Reply With Quote
Old Dec 28, 2012, 01:01 PM   #15
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by billthe View Post
Here is my Activity monitor PDF.
Here's how to take a screen shot and post it.
GGJstudios is offline   0 Reply With Quote
Old Dec 28, 2012, 01:25 PM   #16
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Here, one more time. Sorry guys, trying my best to do well. Thanks everybody for all the help
Attached Files
File Type: pdf Activity Monitor.pdf (2.02 MB, 188 views)
billthe is offline   0 Reply With Quote
Old Dec 29, 2012, 01:53 AM   #17
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by billthe View Post
Here, one more time. Sorry guys, trying my best to do well. Thanks everybody for all the help
Seems all is normal.
I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

Are you logged in as Guest, who is vladimir, you?

Guest should be even more secure than a Admin User account.

Does not seem like remote access nor Screensharing is active.

You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
justperry is offline   0 Reply With Quote
Old Dec 29, 2012, 09:06 PM   #18
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Quote:
Originally Posted by justperry View Post
Seems all is normal.
I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

Are you logged in as Guest, who is vladimir, you?

Guest should be even more secure than a Admin User account.

Does not seem like remote access nor Screensharing is active.

You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
Hi Justperry, I did change all the passwords already. Now, I have a question. Right, Vladimir is me, then when I found out something is wrong I created guest account and using it since then.

Lets suppose spyware is there, would it still be monitoring me even if I created a new account? I mean doest it transfers to all acounts?

Thank you
billthe is offline   0 Reply With Quote
Old Dec 29, 2012, 09:11 PM   #19
astrorider
macrumors 6502
 
Join Date: Sep 2008
Quote:
Originally Posted by justperry View Post
First thing to do is to check if any box is checked in the Sharing preferences, I suspect you left the Mac unattended and someone switched on Remote access.
It is in System Preferences- Sharing.
You also should change your Account Password in Users and Groups in System Preferences.
And, change all your passwords of all items in your keychain/mail account and other sites passwords.
A clean install would not make a difference if you leave all your passwords the same.
I think spyware is unlikely.
Screen sharing/remote access would be my guess too.
astrorider is offline   0 Reply With Quote
Old Dec 29, 2012, 11:05 PM   #20
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
I decided to clean install OS X Lion. But seems to me that you need an actual install.dmg file, which I dont find on my MAC. What is the posssible solution to that?
billthe is offline   0 Reply With Quote
Old Dec 29, 2012, 11:21 PM   #21
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by billthe View Post
I decided to clean install OS X Lion. But seems to me that you need an actual install.dmg file, which I dont find on my MAC. What is the posssible solution to that?
OS X: About OS X Recovery
How to Clean Install OS X Mountain Lion
Apple - OS X Recovery restores your Mac with a few clicks.
Hands on with Mountain Lion's OS X Recovery and Internet Recovery
GGJstudios is offline   0 Reply With Quote
Old Dec 29, 2012, 11:32 PM   #22
ConCat
Banned
 
Join Date: Jul 2012
Location: In an ethereal plane of existence.
Quote:
Originally Posted by justperry View Post
Seems all is normal.
I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

Are you logged in as Guest, who is vladimir, you?

Guest should be even more secure than a Admin User account.

Does not seem like remote access nor Screensharing is active.

You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
It would be fairly trivial to mask a process as one of the many instances of launchd or mdworker. You'd have to do a little bit more digging than just looking at a list of processes to ensure you don't have spyware, assuming the spyware writers were smart, but in my experience most of them are not, so perhaps that list is reliable enough.

EDIT: I just checked though; one launchd per user and two mdworkers. All is well.
ConCat is offline   0 Reply With Quote
Old Dec 29, 2012, 11:47 PM   #23
justperry
macrumors 603
 
justperry's Avatar
 
Join Date: Aug 2007
Location: 7 Km South of an active upside down (boat) volcano.
Quote:
Originally Posted by astrorider View Post
Screen sharing/remote access would be my guess too.
Can't really see that in his processes list now that he logged into a Guest account, and he decided to reinstall, the better choice for him.

Quote:
Originally Posted by ConCat View Post
It would be fairly trivial to mask a process as one of the many instances of launchd or mdworker. You'd have to do a little bit more digging than just looking at a list of processes to ensure you don't have spyware, assuming the spyware writers were smart, but in my experience most of them are not, so perhaps that list is reliable enough.

EDIT: I just checked though; one launchd per user and two mdworkers. All is well.
Didn't really think about that but the chance is remote I think, as I said before someone probably got access to his Laptop and enabled remote access or screen sharing, can't see this since he is logged in as Guest.
justperry is offline   0 Reply With Quote
Old Dec 30, 2012, 09:56 AM   #24
Weaselboy
macrumors P6
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by billthe View Post
I decided to clean install OS X Lion. But seems to me that you need an actual install.dmg file, which I dont find on my MAC. What is the posssible solution to that?
You won't find it. The installer DMG gets automatically deleted after the install process. Just do a command-r boot to recovery and you can redownload then install Lion.
Weaselboy is offline   0 Reply With Quote
Old Dec 30, 2012, 12:20 PM   #25
billthe
Thread Starter
macrumors newbie
 
Join Date: Dec 2012
Thanks a lot guys, it really helps.......cause I personally have little clue on how things operating. From now, I will follow all of your advises (passwords and others ).

Is there any chance that it could be some hardware installed? I never really opened it, so I cant know if there is anything.

Wishing everyone a great New Year to come !!!
billthe is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
UNIX commands to check if there was any kind of spyware installed, can you help? throwing OS X 10.8 Mountain Lion 5 Jun 3, 2013 01:16 PM
Urgent: Mountain Lion could not be installed because HD is damaged diablo9333 OS X 10.8 Mountain Lion 3 Feb 21, 2013 02:39 PM
Please help find spyware installed on my MacBook Air! greenenvy Mac Applications and Mac App Store 9 Feb 19, 2013 02:06 PM
[URGENT] rMBP does not work after Windows installed undermilli MacBook Pro 1 Oct 11, 2012 02:41 AM
Can a Virus or Spyware Exist on a Mac?? What if I use Parallels or Windows VPS? VideoNewbie Mac Basics and Help 5 Jul 9, 2012 11:42 AM

Forum Jump

All times are GMT -5. The time now is 07:29 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC