Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Please help, urgent - Spyware is installed on my Mac

Status
Not open for further replies.
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
Good day dear forum members,

I really need some wise advise.

I did search the forums, but did not find my problem being solved.

It seems that some form of Spyware is installed on my MAC, its a long story but basically many people had access to it, it wasnt protected by a password. Now that I use my MAC all the time for work as well as personal, it can be quite damaging if someone really does have a remote access to it. I have sent some business emails, details of which got known by a third party ( it would not be possible for them to know ,unless they have access to my computer somehow ). Also, someone called me and said that they know my every move and told me that I just booked a flight ticket, and even named my destination. Again, I did not even tell to anyone this info, and the ticket was e-mailed to a brend new email adress which I specifically created for this.

I did use ClamXV, Dr.Web, and MacScan, they found nothing, but again I guess spyware is not meant to be detected that easily. I am thinking of buying a new hard drive, and install it. BUT I am worried if they could put some sort of chip or something which leaks all my info????? Is it possible for spyware to be stored on motherboard? What are the possible points of leak in my mac? How they can do that? I tried to adress police, but they just smiled and said that they have much more important things to deal with.

PLEASE HELP ME, what to do? I cant really buy a brand new lap top at the moment. Can just afford new hard-drive.

THANKS A MILLION
 
maflynn

maflynn

macrumors Haswell
May 3, 2009
73,438
43,346
The best way to ensure you have a clean system is to back up your data, and then format the drive and reinstall OSX/Apps and restore your data

[MOD NOTE]
I changed your title to make it more descriptive. Please help titles don't garner the level of attention since members won't enter the thread to see what help your asking
 
mobilehaathi

mobilehaathi

macrumors G3
Aug 19, 2008
9,368
6,352
The Anthropocene
You action depends on just how paranoid you are and can range from reinstalling OSX to buying a new computer. Lots of things are possible, most of them are unlikely.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
billthe said:
PLEASE HELP ME, what to do?
Click to expand...
Perform a clean install of your OS and reinstall your apps.

OS X: About OS X Recovery
How to Clean Install OS X Mountain Lion
Apple - OS X Recovery restores your Mac with a few clicks.
Hands on with Mountain Lion's OS X Recovery and Internet Recovery

Also be aware that it may have nothing to do with spyware. Most cases like yours involve someone having their email account compromised. Change all your passwords, especially for email, financial and social networking sites to secure passwords. Make sure they're long and complex, with special characters, numbers and upper and lower case letters.
 
  • Like
Reactions: Simche
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
Thanks a lot for your help guys. Its not that I am paranoid, I actually kept quite positive until it really got ridiculous. I mean how would the person know that I booked the ticket ????? Only if somehow he saw my desktop remotely. Like program, SniperSpy claims to be a remotely accessible thing....so they could watch my every step. FML.....

If I do a clean install, how likely that it will be gone? Can programs be resistant to clean installs? Can it be stored on a mother board?
 
justperry

justperry

macrumors G5
Aug 10, 2007
12,557
9,750
I'm a rolling stone.
First thing to do is to check if any box is checked in the Sharing preferences, I suspect you left the Mac unattended and someone switched on Remote access.
It is in System Preferences- Sharing.
You also should change your Account Password in Users and Groups in System Preferences.
And, change all your passwords of all items in your keychain/mail account and other sites passwords.
A clean install would not make a difference if you leave all your passwords the same.
I think spyware is unlikely.
 
simsaladimbamba

simsaladimbamba

Guest
Nov 28, 2010
22,670
30
located
billthe said:
I am sorry, but I really dont know much in details about how computers operate, are you being sarcastic now? How I can be sure that its not there?
Click to expand...

Because a Clean Install removes everything. mobilehaathi was not sarcastic.

While the others responded, I made this small video to make sure, you do not have spyware installed.

The resulting PDF should be attached to your next post and some of us can look over the PDF and see, what might be installed.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
billthe said:
Thanks a lot for your help guys. Its not that I am paranoid, I actually kept quite positive until it really got ridiculous. I mean how would the person know that I booked the ticket ?????
Click to expand...
Did you use an email address when you booked the ticket?
billthe said:
Only if somehow he saw my desktop remotely.
Click to expand...
No, that's not the only way. It is really extremely rare than any Mac user is victimized by spyware.
billthe said:
Like program, SniperSpy claims to be a remotely accessible thing....
Click to expand...
If you had SniperSpy installed, the scans that you ran would have detected it.
billthe said:
If I do a clean install, how likely that it will be gone?
Click to expand...
100% likely.
billthe said:
Can programs be resistant to clean installs?
Click to expand...
No.
billthe said:
Can it be stored on a mother board?
Click to expand...
No.
 
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
GGJstudios said:
Did you use an email address when you booked the ticket?

No, that's not the only way. It is really extremely rare than any Mac user is victimized by spyware.

If you had SniperSpy installed, the scans that you ran would have detected it.

100% likely.

No.

No.
Click to expand...

I did use email, but I made a new one, which nobody knew. What are the other options then? Could you please tell me, so I will be aware of them.

Thanks for your kind answer, it does help
 
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
Here, one more time. Sorry guys, trying my best to do well. Thanks everybody for all the help
 

Attachments

  • Activity Monitor.pdf
    2 MB · Views: 833
justperry

justperry

macrumors G5
Aug 10, 2007
12,557
9,750
I'm a rolling stone.
billthe said:
Here, one more time. Sorry guys, trying my best to do well. Thanks everybody for all the help
Click to expand...

Seems all is normal.
I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

Are you logged in as Guest, who is vladimir, you?

Guest should be even more secure than a Admin User account.

Does not seem like remote access nor Screensharing is active.

You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
 
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
justperry said:
Seems all is normal.
I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

Are you logged in as Guest, who is vladimir, you?

Guest should be even more secure than a Admin User account.

Does not seem like remote access nor Screensharing is active.

You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
Click to expand...

Hi Justperry, I did change all the passwords already. Now, I have a question. Right, Vladimir is me, then when I found out something is wrong I created guest account and using it since then.

Lets suppose spyware is there, would it still be monitoring me even if I created a new account? I mean doest it transfers to all acounts?

Thank you
 
A

astrorider

macrumors 6502a
Sep 25, 2008
591
126
justperry said:
First thing to do is to check if any box is checked in the Sharing preferences, I suspect you left the Mac unattended and someone switched on Remote access.
It is in System Preferences- Sharing.
You also should change your Account Password in Users and Groups in System Preferences.
And, change all your passwords of all items in your keychain/mail account and other sites passwords.
A clean install would not make a difference if you leave all your passwords the same.
I think spyware is unlikely.
Click to expand...
Screen sharing/remote access would be my guess too.
 
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
I decided to clean install OS X Lion. But seems to me that you need an actual install.dmg file, which I dont find on my MAC. What is the posssible solution to that?
 
ConCat

ConCat

macrumors 6502a
Jul 27, 2012
722
0
In an ethereal plane of existence.
justperry said:
Seems all is normal.
I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

Are you logged in as Guest, who is vladimir, you?

Guest should be even more secure than a Admin User account.

Does not seem like remote access nor Screensharing is active.

You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
Click to expand...

It would be fairly trivial to mask a process as one of the many instances of launchd or mdworker. You'd have to do a little bit more digging than just looking at a list of processes to ensure you don't have spyware, assuming the spyware writers were smart, but in my experience most of them are not, so perhaps that list is reliable enough.

EDIT: I just checked though; one launchd per user and two mdworkers. All is well. :)
 
justperry

justperry

macrumors G5
Aug 10, 2007
12,557
9,750
I'm a rolling stone.
astrorider said:
Screen sharing/remote access would be my guess too.
Click to expand...

Can't really see that in his processes list now that he logged into a Guest account, and he decided to reinstall, the better choice for him.

ConCat said:
It would be fairly trivial to mask a process as one of the many instances of launchd or mdworker. You'd have to do a little bit more digging than just looking at a list of processes to ensure you don't have spyware, assuming the spyware writers were smart, but in my experience most of them are not, so perhaps that list is reliable enough.

EDIT: I just checked though; one launchd per user and two mdworkers. All is well. :)
Click to expand...

Didn't really think about that but the chance is remote I think, as I said before someone probably got access to his Laptop and enabled remote access or screen sharing, can't see this since he is logged in as Guest.
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,126
15,586
California
billthe said:
I decided to clean install OS X Lion. But seems to me that you need an actual install.dmg file, which I dont find on my MAC. What is the posssible solution to that?
Click to expand...

You won't find it. The installer DMG gets automatically deleted after the install process. Just do a command-r boot to recovery and you can redownload then install Lion.
 
B

billthe

macrumors newbie
Original poster
Dec 28, 2012
11
0
Thanks a lot guys, it really helps.......cause I personally have little clue on how things operating. From now, I will follow all of your advises (passwords and others ).

Is there any chance that it could be some hardware installed? I never really opened it, so I cant know if there is anything.

Wishing everyone a great New Year to come !!!
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom