Last night my girlfriend had a bad encounter with some nasty script via the "gnaa"... she clicked on a new iChat message that popped up and it was a link that opened Safari, then immediately opened a bunch of Terminal command windows, then was opening a slew of mail messages in Mail that it was trying to send.
I killed the Airport connection before any mail could send from her account, and we restarted her computer and reset her account password. Is the w command in Terminal the best way to check to see if someone else is using her computer still? I don't see anything else suspicious, but am not sure what something like this could actually do completely- copy passwords, continue remote access if the passwords have been changed? The firewall log shows a whole mess of rejected iChat attempts- a few hundred, but that is all I can see that looks leary, and nothing happening now.
Any suggestions on what to look for or if we should do a clean install would be appreciated. I did search the forums, but could only find one some what useful thread on a potential hack. The rest that came up in the search results were not that relevant. Thanks!
I killed the Airport connection before any mail could send from her account, and we restarted her computer and reset her account password. Is the w command in Terminal the best way to check to see if someone else is using her computer still? I don't see anything else suspicious, but am not sure what something like this could actually do completely- copy passwords, continue remote access if the passwords have been changed? The firewall log shows a whole mess of rejected iChat attempts- a few hundred, but that is all I can see that looks leary, and nothing happening now.
Any suggestions on what to look for or if we should do a clean install would be appreciated. I did search the forums, but could only find one some what useful thread on a potential hack. The rest that came up in the search results were not that relevant. Thanks!