Please help, urgent - Spyware is installed on my Mac

Discussion in 'Mac OS X Lion (10.7)' started by billthe, Dec 28, 2012.

  1. macrumors newbie

    Joined:
    Dec 28, 2012
    #1
    Good day dear forum members,

    I really need some wise advise.

    I did search the forums, but did not find my problem being solved.

    It seems that some form of Spyware is installed on my MAC, its a long story but basically many people had access to it, it wasnt protected by a password. Now that I use my MAC all the time for work as well as personal, it can be quite damaging if someone really does have a remote access to it. I have sent some business emails, details of which got known by a third party ( it would not be possible for them to know ,unless they have access to my computer somehow ). Also, someone called me and said that they know my every move and told me that I just booked a flight ticket, and even named my destination. Again, I did not even tell to anyone this info, and the ticket was e-mailed to a brend new email adress which I specifically created for this.

    I did use ClamXV, Dr.Web, and MacScan, they found nothing, but again I guess spyware is not meant to be detected that easily. I am thinking of buying a new hard drive, and install it. BUT I am worried if they could put some sort of chip or something which leaks all my info????? Is it possible for spyware to be stored on motherboard? What are the possible points of leak in my mac? How they can do that? I tried to adress police, but they just smiled and said that they have much more important things to deal with.

    PLEASE HELP ME, what to do? I cant really buy a brand new lap top at the moment. Can just afford new hard-drive.

    THANKS A MILLION
     
  2. Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    The best way to ensure you have a clean system is to back up your data, and then format the drive and reinstall OSX/Apps and restore your data

    [MOD NOTE]
    I changed your title to make it more descriptive. Please help titles don't garner the level of attention since members won't enter the thread to see what help your asking
     
  3. macrumors 603

    mobilehaathi

    Joined:
    Aug 19, 2008
    Location:
    The Anthropocene
    #3
    You action depends on just how paranoid you are and can range from reinstalling OSX to buying a new computer. Lots of things are possible, most of them are unlikely.
     
  4. macrumors 6502

    Joined:
    Jul 10, 2010
    #4
    Yup I'd do the same. That way you don't have to worry if you got it all gone.
     
  5. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Perform a clean install of your OS and reinstall your apps.

    OS X: About OS X Recovery
    How to Clean Install OS X Mountain Lion
    Apple - OS X Recovery restores your Mac with a few clicks.
    Hands on with Mountain Lion's OS X Recovery and Internet Recovery

    Also be aware that it may have nothing to do with spyware. Most cases like yours involve someone having their email account compromised. Change all your passwords, especially for email, financial and social networking sites to secure passwords. Make sure they're long and complex, with special characters, numbers and upper and lower case letters.
     
  6. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #6
    Thanks a lot for your help guys. Its not that I am paranoid, I actually kept quite positive until it really got ridiculous. I mean how would the person know that I booked the ticket ????? Only if somehow he saw my desktop remotely. Like program, SniperSpy claims to be a remotely accessible thing....so they could watch my every step. FML.....

    If I do a clean install, how likely that it will be gone? Can programs be resistant to clean installs? Can it be stored on a mother board?
     
  7. macrumors 603

    mobilehaathi

    Joined:
    Aug 19, 2008
    Location:
    The Anthropocene
    #7
    Very likely. Yes. Yes.
     
  8. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #8
    I am sorry, but I really dont know much in details about how computers operate, are you being sarcastic now? How I can be sure that its not there?
     
  9. macrumors 603

    justperry

    #9
    First thing to do is to check if any box is checked in the Sharing preferences, I suspect you left the Mac unattended and someone switched on Remote access.
    It is in System Preferences- Sharing.
    You also should change your Account Password in Users and Groups in System Preferences.
    And, change all your passwords of all items in your keychain/mail account and other sites passwords.
    A clean install would not make a difference if you leave all your passwords the same.
    I think spyware is unlikely.
     
  10. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #10
    Because a Clean Install removes everything. mobilehaathi was not sarcastic.

    While the others responded, I made this small video to make sure, you do not have spyware installed.

    The resulting PDF should be attached to your next post and some of us can look over the PDF and see, what might be installed.
     
  11. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    Did you use an email address when you booked the ticket?
    No, that's not the only way. It is really extremely rare than any Mac user is victimized by spyware.
    If you had SniperSpy installed, the scans that you ran would have detected it.
    100% likely.
    No.
    No.
     
  12. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #12
    I did use email, but I made a new one, which nobody knew. What are the other options then? Could you please tell me, so I will be aware of them.

    Thanks for your kind answer, it does help
     
  13. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #13
    Post #10 is a start.
     
  14. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #14
    Here is my Activity monitor PDF.
     
  15. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    Here's how to take a screen shot and post it.
     
  16. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #16
    Here, one more time. Sorry guys, trying my best to do well. Thanks everybody for all the help
     

    Attached Files:

  17. macrumors 603

    justperry

    #17
    Seems all is normal.
    I looked up a few processes I don't know but all of them are Apple's own procces or normal program procceses.

    Are you logged in as Guest, who is vladimir, you?

    Guest should be even more secure than a Admin User account.

    Does not seem like remote access nor Screensharing is active.

    You should at least change all passwords as others and Me have suggested and change your main password in Users and groups.
     
  18. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #18
    Hi Justperry, I did change all the passwords already. Now, I have a question. Right, Vladimir is me, then when I found out something is wrong I created guest account and using it since then.

    Lets suppose spyware is there, would it still be monitoring me even if I created a new account? I mean doest it transfers to all acounts?

    Thank you
     
  19. macrumors 6502

    Joined:
    Sep 25, 2008
    #19
    Screen sharing/remote access would be my guess too.
     
  20. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #20
    I decided to clean install OS X Lion. But seems to me that you need an actual install.dmg file, which I dont find on my MAC. What is the posssible solution to that?
     
  21. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #21
  22. macrumors 6502a

    ConCat

    Joined:
    Jul 27, 2012
    Location:
    In an ethereal plane of existence.
    #22
    It would be fairly trivial to mask a process as one of the many instances of launchd or mdworker. You'd have to do a little bit more digging than just looking at a list of processes to ensure you don't have spyware, assuming the spyware writers were smart, but in my experience most of them are not, so perhaps that list is reliable enough.

    EDIT: I just checked though; one launchd per user and two mdworkers. All is well. :)
     
  23. macrumors 603

    justperry

    #23
    Can't really see that in his processes list now that he logged into a Guest account, and he decided to reinstall, the better choice for him.

    Didn't really think about that but the chance is remote I think, as I said before someone probably got access to his Laptop and enabled remote access or screen sharing, can't see this since he is logged in as Guest.
     
  24. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #24
    You won't find it. The installer DMG gets automatically deleted after the install process. Just do a command-r boot to recovery and you can redownload then install Lion.
     
  25. thread starter macrumors newbie

    Joined:
    Dec 28, 2012
    #25
    Thanks a lot guys, it really helps.......cause I personally have little clue on how things operating. From now, I will follow all of your advises (passwords and others ).

    Is there any chance that it could be some hardware installed? I never really opened it, so I cant know if there is anything.

    Wishing everyone a great New Year to come !!!
     

Share This Page