Antivirus , Hacked

Discussion in 'MacBook Pro' started by shadowheart, Oct 24, 2014.

  1. shadowheart macrumors member

    Joined:
    Oct 16, 2014
    #1
    Hello , guys

    I got hacked yesterday .. i presume because my harddrive name was changed and i think that my login was changed.

    Is there any way one can search their log for history or something similar?

    also i wonder if you guys have any antivirus or firewall for mac to recommend that are of course needless to say safe and trustworthy?
     
  2. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #2
    Nothing can install on OS X (so far), without your admin password - do you remember installing anything from possibly a compromised site?

    OSX has a firewall, you can use Little Snitch in addition to secure incoming and outgoing connections, ClamxAV will scan for know trojans and malware.

    BUT

    You need to make sure your machine is secure first. So:

    How do you think it was accessed - remotely or by physical access?

    What do you think may be on it?
     
  3. cjmillsnun, Oct 25, 2014
    Last edited: Oct 25, 2014

    cjmillsnun macrumors 68020

    Joined:
    Aug 28, 2009
    #3
    It is most likely someone connecting over the local network who has guessed your account password. You will need to change it.

    If you don't need to share files from your computer with others over the local network then the first thing to do is go to system preferences, sharing and turn off all of the options.

    Then go to Network (also on system preferences), security and privacy, click the lock and enter your password.

    Go to Firewall and clock on Turn On Firewall, and depending on your paranoia level, either block all incoming connections (and whitelist the services you want to allow manually), or allow signed software to receive incoming connections.

    Then enable stealth mode.

    If someone accessed your computer physically, then short of having full disk encryption or a firmware password, you cannot stop them.
     
  4. shadowheart thread starter macrumors member

    Joined:
    Oct 16, 2014
    #4
    WELL

    inside our little LAN or wlan , i was screensharing my fathers laptop to configure it and clean install it and so fourth.

    I really doubt it was someone physically at our house because as far as i know we lock all the doors .

    I did install MS office torrent downloaded on his computer but it was not his computer getting hacked which i downloaded to it was mine.
     
  5. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #5
    So an illegal version? Did you visit that or any other websites from your machine? Stolen software downloaders/installers must be THE most common malware installation vector....

    Screensharing - any other sharing on between the two machines?

    Out of interest what did "it" change the name of your drive to? Have you googled that to see if a known ad/malware hit comes up?
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    The instances of having a Mac hacked are extremely rare. It is far more likely that the explanation lies elsewhere. If you gave anyone access to your computer, either physically or remotely through screen sharing or similar tools, they could have made the changes. In over 6 years of reading "my Mac was hacked" claims, not a single one ever was really hacked.

    Antivirus apps will provide no protection against hacking or someone having access to your computer. Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
     
  7. shadowheart, Oct 25, 2014
    Last edited: Oct 25, 2014

    shadowheart thread starter macrumors member

    Joined:
    Oct 16, 2014
    #7
    The hard drive Yosemite was changed to YoShitMe

    also i think my password for my user was changed because i could not change it myself.

    what has happened ?

    i have three partitions

    macbook which is OS X MAV
    yosimite which is obviously Yos
    and bootcamp ( that i can not access anymore)



    how can i access my bootcamp and how do i bypass the password user login only macbook OS X mac? because i putt a password on it that i no longer remember


    can you trust http://download.cnet.com/ .. they add their own installer to files.
     
  8. HowEver macrumors 6502a

    HowEver

    Joined:
    May 10, 2005
    Location:
    Toronto
    #8
    If your password was "changed," how are you back on the computer?
     
  9. shadowheart thread starter macrumors member

    Joined:
    Oct 16, 2014
    #9
    I use the yosimite partition.

    the reason i dont want to format the maverick account is that i want to see if my other accounts have been hacked or not.
    I can not do that inside this partition because id not have the originally saved passwords if that makes sense.
     
  10. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #10
    Did you download and install an illegal copy of Office? If so then the likely issue is you installed some malware with the installer.

    Failing that I'd suggest someone has accessed via a share.

    To be safe you should do a fresh OS install and NOT restore applications from backup but re-download (from trusted sources). Then you can copy your user documents from your backup.

    ----------

    You are confusing Partitions (where you boot from), with accounts so no surprise if that confusion has lead to you being locked out of certain parts.
     
  11. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #11
    No you can't. Like you mentioned both CNet's download.com site and the site Softonic have been known to load adware along with apps downloaded from their sites. See this and this.

    You might try running this adware removal tool.

    At his point though, the safest route would be to just erase the whole drive and reinstall the OS then manually reinstall applications from only legit sources.
     
  12. sarthak macrumors 6502

    Joined:
    Nov 19, 2012
    Location:
    Canada
    #12
    Scan your computer with a trial version of ESET CyberSecurity for Mac.
     
  13. shadowheart thread starter macrumors member

    Joined:
    Oct 16, 2014
    #13
    how can i trust that application?
     
  14. cjmillsnun macrumors 68020

    Joined:
    Aug 28, 2009
    #15
    Heads up! In what feels like a throwback to the late 90s/early 2000’s, Microsoft has discovered one helluva bug in Microsoft Office. Executed properly, the bug could be exploited to take over your entire system running just about any version of Windows.

    Where does it refer to the Mac??
     
  15. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #16
    The site has been around quite a while and the guy has been fairly active on the adware/malware reporting front. Myself and many users on here have used that app with no issue.
     
  16. Gav Mack macrumors 68020

    Gav Mack

    Joined:
    Jun 15, 2008
    Location:
    Sagittarius A*
    #17
    I count myself as very experienced at malware removal on both platforms and that's an ok tool to use for a novice but it's very easy to find malware on a Mac compared to Windows boxes which I have to use three separate tools! Avast or ESET will find and remove anything, if you are vulnerable it will be down to plug ins like Java or acrobat.

    I've never had to zero an OS X install to clean one up, whereas with Windows I'm having to do it more and more to be absoutely certain of it. I had to swallow years of pride at having enough experience at removing anything and not have to flatten a system but the rootkit era has put paid to that.

    If you don't have any remote access tools like team viewer running at login and the ID and password were on your dads windows box if I was a gambling man I would say someone's physically gone onto your Mac and had a bit of fun changing your volume label etc.
     
  17. shadowheart thread starter macrumors member

    Joined:
    Oct 16, 2014
    #18
    what software can i use for mac?

    but who would do that+ only me and my grandmother area at this house and we lock all doors specially because she reminds me to.

    i truly doubt there has been anyoone done something physically..

    can you guys help me i can't boot into my bootcamp
     
  18. Gav Mack macrumors 68020

    Gav Mack

    Joined:
    Jun 15, 2008
    Location:
    Sagittarius A*
    #19
    Use ESET or avast and use it to scan all the OS X volumes on your MBP. If you have remote tools like teamviewer or logmein running on login that is the backdoor they are getting in with

    Most times you can reset your local Mac password via your Apple ID, that's normally enabled by default..
     
  19. JustinCPA macrumors newbie

    JustinCPA

    Joined:
    May 27, 2014
    Location:
    PA, USA
    #20

    Sounds like you have yourself a case of iWorm, kiddo!

    http://www.businessinsider.com.au/apple-and-reddit-shut-down-the-iworm-virus-2014-10

    This is why I hate torrents. I hated them since day 1. If you're going to pirate software, get your stuff from a reliable source. Anyway, if I were you I would wipe that system clean, stick with ONE partition and ONE OS and use LibreOffice if you don't want to shell out for Office 2011.
    Let this be a learning experience.

    Let me ask you another question; where did you get your copy of Yosemite?
    At one time I pirated software too so I understand the environment and the risks.
     
  20. cjmillsnun macrumors 68020

    Joined:
    Aug 28, 2009
    #21
    I would hope he got his copy of Yosemite from the MAS as it is free anyway.
     
  21. JustinCPA macrumors newbie

    JustinCPA

    Joined:
    May 27, 2014
    Location:
    PA, USA
    #22
    I hope so too, but the Yosemite InstallESD.dmg file is already on usenet and the torrent sites. The version on the torrent sites does NOT have the correct MD5.
     
  22. shadowheart thread starter macrumors member

    Joined:
    Oct 16, 2014
    #23
    I did get my Yosimite from App Store and upgraded free

    avast keeps sending me to cnet which has its own installer that i was told not to trust.

    what do i do?
     
  23. JustinCPA macrumors newbie

    JustinCPA

    Joined:
    May 27, 2014
    Location:
    PA, USA
    #24
    download.com is trustworthy, nothing to worry about there. Are you on the infected machine right now?
    Try ClamxAV though the Apple store first.
     
  24. Peace macrumors Core

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #25
    It doesn't but the OP said he had Bootcamp on a partition.
     

Share This Page