Go Back   MacRumors Forums > Apple Hardware > Notebooks > MacBook Air

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 24, 2013, 10:55 AM   #1
derekkeogan
macrumors newbie
 
Join Date: Mar 2013
Desperately needing some assistance with Macbook Air

Hi All, i need some help please. My ex has installed a key logger and possibly a RAT program on my new Macbook. She basically is causing untold damage and despair by basically watching me from her own computer. Everything i do.. email, skype, and any internet activity is monitored from her computer. Everytime i change a password she can see it.. and its become out of control now. She finds it amusing and freely admits it, finding it amusing in the process

Firstly I would like to know which steps i should start with? I think if i erase the OS and install a fresh one this might help but do i need to reformat the hard disc first? Could the keylogger be encrypted on the partitions? Will a erase of OS and a new one installed be enough?
Secondly if i do the above and that works, what should i do to prevent further attacks?
I get a message up on my screen sometimes which is very suspicious.. it says "Your IP address is being used by another user". Is this her? How is she doing this?
Any help would be appreciated guys, i am really struggling here.
derekkeogan is offline   0 Reply With Quote
Old Mar 24, 2013, 11:32 AM   #2
Mrbobb
macrumors 601
 
Join Date: Aug 2012
Ex are hilarious arent they?

Backup data, if any. Be sure you have the images to re-install all needed Apps. All purchases from Apple should be able to re-acquire them online.

Re-install clean OS from either a saved image, or online restore, by first booting into Recovery Mode (Option-Boot), then use the Disk Utility to first erase the boot drive, THEN proceed with the re-install.

When done, re-install all needed Apps.

Allocate better part of a day to do this, specially if you have slow Internet.

Future prevent: Don't give anybody your signon pwd. If she says "check out this site" be very skeptical.
__________________
Solution: FREE, Explanation: Is gonna cost ya.
Mrbobb is offline   0 Reply With Quote
Old Mar 24, 2013, 11:47 AM   #3
derekkeogan
Thread Starter
macrumors newbie
 
Join Date: Mar 2013
Thanks Mrbobb
Yeah ex's are great fun :-) i'm not worried about losing any data from the computer, she has already wiped it clean once already by using the remote disable function ( she nailed both my iphone and mac already, findmyiphone or i cloud, i think)
Ok so i just rebooted into the recovery mode and i'm ready to go. I am on the disc utility screen but i'm wondering which to delete? It has 2 options..
"121.13 GB APPLE SSD TS..
and then something called
"untitled"
Below this is :
"Disc 1"
and below that..
Mac OS x Base System

Which one should i erase?
derekkeogan is offline   0 Reply With Quote
Old Mar 24, 2013, 03:48 PM   #4
eric/
Guest
 
Join Date: Sep 2011
Location: Ohio, United States
Maybe try this?

http://support.apple.com/kb/PH10763?...S&locale=en_US

You can unplug the laptop from the internet, too, and maybe find and delete the logger?
eric/ is offline   0 Reply With Quote
Old Mar 25, 2013, 10:49 PM   #5
derekkeogan
Thread Starter
macrumors newbie
 
Join Date: Mar 2013
Thanks guys for your help so far. I have now found out its something called JRat she has on my computer. I still want to wipe it clean and re-install the OS, just to be sure she cant get in again. I have also read that it gets in via a port or my ip address. Does that mean she needs to be online at the same time i am connected to the net?
Oh and if someone could answer my second post as to which file i need to delete then it would be a big relief.
derekkeogan is offline   0 Reply With Quote
Old Mar 26, 2013, 12:24 AM   #6
phoenixsan
macrumors 65816
 
phoenixsan's Avatar
 
Join Date: Oct 2012
I.....

strongly suggest you to backup all your important/sensitive data. And later do a complete format on your HDD and reinstall the OS, apps and documents you use. I have the idea your ex can be prosecuted for her wrondoing, but that is me just thinking/talking....


__________________
Mac Pro 2012 3.06 Westmere version, 12 Core 64 GB RAM, 4 TB , iPhone 5 (black), Moto G 8 GB (black)
phoenixsan is offline   0 Reply With Quote
Old Mar 26, 2013, 05:57 AM   #7
Acorn
macrumors 68020
 
Acorn's Avatar
 
Join Date: Jan 2009
Location: Fangorn Forest
you should also disable location services so she cannot remote wipe again. it may ask you if you want to turn it on when you reinstall. choose no.

also remember to turn on your firewall after reinstall. its off by default

i would update all passwords starting with your email first. changing them all one by one after you do a clean install.
Acorn is offline   0 Reply With Quote
Old Mar 26, 2013, 06:54 AM   #8
Santabean2000
macrumors 65816
 
Santabean2000's Avatar
 
Join Date: Nov 2007
I'd recommend getting a new computer altogether. The old one could then be used to turn against your 'loved one'. False activity could be quite amusing if she thought it all to be real.
Santabean2000 is offline   1 Reply With Quote
Old Mar 26, 2013, 09:53 AM   #9
Hirakata
macrumors regular
 
Join Date: Mar 2011
Location: Burbank, CA
She may be having fun, but she is committing a Class B misdemeanor which is up to six months in prison, a fine of up to $1,000, or both. I'd make her aware of this after you wipe your disc. Sounds like she needs to grow up and learn that all actions have consequences.
Hirakata is offline   2 Reply With Quote
Old Mar 26, 2013, 11:18 AM   #10
derekkeogan
Thread Starter
macrumors newbie
 
Join Date: Mar 2013
Thanks everyone for the posts. The whole thing has been taking its toll on me, sleepless nights etc etc. Its good to hear that this kind of thing has consequences if i ever had to go down that line. I would never resort to this type of thing so i wont be trying to get back at her. I'm a firm believer in the idea that people who do this sort of thing will always end up paying for it in someway or another.
Anyway could someone please tell me which of the following i need to remove when i am on the disc utility function in order to wipe it clean:

"121. 33 GB Apple SSD TS"
or
"Untitled"
or
"Disc 1"
or
"Mac OS X Base system"

These are the 4 options I have. Which one to delete? Oh and by the way sorry if i seem a little green here, its my first Mac :-)
derekkeogan is offline   0 Reply With Quote
Old Mar 26, 2013, 12:05 PM   #11
TheRealDamager
macrumors 65816
 
Join Date: Jan 2011
Quote:
Originally Posted by Santabean2000 View Post
I'd recommend getting a new computer altogether. The old one could then be used to turn against your 'loved one'. False activity could be quite amusing if she thought it all to be real.
I like this idea a LOT.
TheRealDamager is offline   1 Reply With Quote
Old Mar 26, 2013, 02:44 PM   #12
stchman
macrumors 6502a
 
Join Date: Jul 2012
Location: St. Louis, MO
Send a message via AIM to stchman Send a message via Yahoo to stchman Send a message via Skype™ to stchman
To the OP:

So your ex-wife is that computer savvy? Is she in the same house as you? If no, then it is unlikely that her keylogger will get through the router's firewall unless she has opened up the proper ports in YOUR router.

Are you able to verify that she has indeed installed this keylogging program, or did she just say she did to get under your skin.

Just to be in the safe side, I would delete all the partitions using Disk Utility and re-install the OS. If you hold down the Command key during boot, you will be able to select the recovery, run disk utility, and then re-install the OS.
stchman is offline   0 Reply With Quote
Old Mar 26, 2013, 06:00 PM   #13
Saturn1217
macrumors 6502a
 
Join Date: Apr 2008
Before you wipe and fix everything is there a way to document what she's done to your computer?

Because with someone crazy (and mean) enough to do this you probably need to keep a legal solution in the back of your mind.

Having things documented so you can prove what happened is a good start (although I have no experience in how you would do this).
__________________
13" MBA 2013, 1.7 GHz i7, 8GB RAM, 256 SSD
Saturn1217 is online now   0 Reply With Quote
Old Mar 27, 2013, 10:44 AM   #14
DisplacedMic
macrumors 65816
 
Join Date: May 2009
Quote:
Originally Posted by derekkeogan View Post
Hi All, i need some help please. My ex has installed a key logger and possibly a RAT program on my new Macbook. She basically is causing untold damage and despair by basically watching me from her own computer. Everything i do.. email, skype, and any internet activity is monitored from her computer. Everytime i change a password she can see it.. and its become out of control now. She finds it amusing and freely admits it, finding it amusing in the process

Firstly I would like to know which steps i should start with? I think if i erase the OS and install a fresh one this might help but do i need to reformat the hard disc first? Could the keylogger be encrypted on the partitions? Will a erase of OS and a new one installed be enough?
Secondly if i do the above and that works, what should i do to prevent further attacks?
I get a message up on my screen sometimes which is very suspicious.. it says "Your IP address is being used by another user". Is this her? How is she doing this?
Any help would be appreciated guys, i am really struggling here.
ex wife or ex gf? if you're going through a divorce i would talk to your attorney. otherwise i personally would do a fresh install of the OS. if you're not comfortable doing that or don't want to i'd take it to the geniuses and tell them what you told us.

sorry man - it gets better!
DisplacedMic is offline   0 Reply With Quote
Old Mar 27, 2013, 11:15 AM   #15
DisplacedMic
macrumors 65816
 
Join Date: May 2009
Quote:
Originally Posted by Saturn1217 View Post
Before you wipe and fix everything is there a way to document what she's done to your computer?

Because with someone crazy (and mean) enough to do this you probably need to keep a legal solution in the back of your mind.

Having things documented so you can prove what happened is a good start (although I have no experience in how you would do this).
agree 100%
DisplacedMic is offline   0 Reply With Quote
Old Apr 3, 2013, 08:23 AM   #16
JohnnyComeLatly
macrumors member
 
Join Date: Nov 2010
FYI a out-of-the-box install of OS X and typical router will NOT stop one of these programs. I have Witness and Defender installed on my MBP and MBA, and can get through a routers firewall with no issues. However, the Mac OS X firewall is off... not sure if I did that *shrug*

If JRat is like Defender, you need to wipe (assuming it's not bios locked somehow) and reinstall to get rid of it. I'd use a Time Machine backup to restore the apps, just be certain you don't re-add the spy app.
__________________
2 iPad (2nd gen), New iPad (3rd gen), iPhone 5, Apple TV, 2008 build iMac, 2012 Mac Mini base (OWC upgraded SSD, more memory), 2008 MBP w/ Hybrid SSD/Platter HD, 2012 MBA
JohnnyComeLatly is offline   0 Reply With Quote
Old Apr 3, 2013, 10:33 PM   #17
JHUFrank
macrumors Demi-God
 
Join Date: Apr 2010
Legal issues out the wazoo on this one. Document everything, and I would double check that she is not using any of your other sensitive information.
__________________
13" 11/2013 refurb RMBPro, 16gigs ram, 512 gig SSD ;
Lenovo X220, 16 gigs ram, 512 gig SSD, 1TB Hybrid
SG iPhone 6 Plus 64GB; Lenovo and Apple Fanboy
JHUFrank is offline   0 Reply With Quote
Old Apr 4, 2013, 08:05 AM   #18
dbroncos78087
macrumors regular
 
Join Date: Feb 2013
Location: Northern Virginia
Quote:
Originally Posted by derekkeogan View Post
Thanks everyone for the posts. The whole thing has been taking its toll on me, sleepless nights etc etc. Its good to hear that this kind of thing has consequences if i ever had to go down that line. I would never resort to this type of thing so i wont be trying to get back at her. I'm a firm believer in the idea that people who do this sort of thing will always end up paying for it in someway or another.
Anyway could someone please tell me which of the following i need to remove when i am on the disc utility function in order to wipe it clean:

"121. 33 GB Apple SSD TS"
or
"Untitled"
or
"Disc 1"
or
"Mac OS X Base system"

These are the 4 options I have. Which one to delete? Oh and by the way sorry if i seem a little green here, its my first Mac :-)
Karma works because people who are wronged take action to get justice. I'm not saying revenge because they are two different words. I look at karma as something that happens because people act and not something that will passively get better. Karma is Newtonian but remember that an object at rest tends to stay at rest.
dbroncos78087 is offline   0 Reply With Quote
Old Apr 4, 2013, 09:17 AM   #19
SoIsays
macrumors regular
 
Join Date: Nov 2011
Wow, OP, hilarious and sad at the same time. I would disconnect from the internet, back up your most important data, then reinstall your OS two times just to be sure.
SoIsays is offline   0 Reply With Quote
Old Apr 5, 2013, 06:34 AM   #20
eric/
Guest
 
Join Date: Sep 2011
Location: Ohio, United States
Really though, you should contact a lawyer or the police. See if there is anything you can do.
eric/ is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Hardware > Notebooks > MacBook Air

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
HELP for BOOT CAMP on macbook air early 2008,macbook air 1,1 abraarukuk Windows, Linux & Others on the Mac 2 Jan 11, 2014 03:51 PM
itunes on MB air needing help. tbaker00 MacBook Air 0 Mar 10, 2013 07:26 PM
itunes on MB air needing help. tbaker00 iPhone 0 Mar 10, 2013 06:47 PM
iPad for MacBook trade. [ noobie needing advice ] Wesj00 Buying Tips and Advice 7 Jan 14, 2013 11:08 AM
New Macbook Pro Purchase Assistance JediSkipdogg MacBook Pro 0 Jun 12, 2012 01:57 AM

Forum Jump

All times are GMT -5. The time now is 12:28 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC