Compromised security and curious symptoms

Discussion in 'macOS' started by Fedoranorwood, Dec 20, 2012.

  1. Fedoranorwood macrumors newbie

    Joined:
    Dec 20, 2012
    #1
    So I woke up this morning to a couple of email notifications from Blizzard/Battle.net alerting me first to a request for a password change to my WoW account (that I did not make myself) and then to an account lock for hacker behavior. Since moving to China, I've come to expect account locks to a certain degree, but this one was different than the others, and when I tried to access my battle.net account, I found that my password had already been changed by a third party. That's all just background, though.

    In the process of trying to recover my account and verify my system's security, I found a few interesting problems while using my web browsers. In Chrome and Safari, certain buttons on battle.net would highlight as if ready to click, but actually clicking on the button did nothing. No links were activated. Nothing happened. All form fields were properly filled out, and the button appeared available, but would not function.

    When I tried to do the same thing in firefox, I found that every page I tried to visit produced a 403 forbidden w/ nginx written below. A little preliminary digging only turned up a connection to a windows trojan.

    I'm currently running a system scan with Avast! anti-virus for mac (though I'm certainly open to running with a different anti-virus), but no infections have been detected so far. Next step will be a system permissions check.

    Anything else I should be doing? Any idea what's happened to my machine? Any and all help would be greatly appreciated

    P.S. general system specs: I'm on a MacPro running snow leopard version 10.6.8. If you need any other information, just ask.
     
  2. Fedoranorwood thread starter macrumors newbie

    Joined:
    Dec 20, 2012
    #2
    Just an update;

    The Avast scan finished after 8 or so hours and found no infections. On advice I found elsewhere online, I looked up ClamXav and have been using it to scan any location on my Mac with recent activity or that seemed like a likely culprit. The desktop, downloads, system, library, and applications folders are all clear according to it.

    I ran disk permissions repairs, and everything appeared to go according to plan on that front.

    After all this, though, firefox remains inopperative. I'm thoroughly uncertain as to what steps I should take next. As far as I can tell, my machine appears clean, but my account was definitely accessed.

    Any help would certainly be appreciated.
     
  3. charlieegan3 macrumors 68020

    charlieegan3

    Joined:
    Feb 16, 2012
    Location:
    U.K
    #3
    Not sure what you mean by this? You're in OSX right, not boot camp/vmware?
     
  4. Fedoranorwood thread starter macrumors newbie

    Joined:
    Dec 20, 2012
    #4
    Sorry, I should have been more clear about this. I'm operating in OSX, version 10.6.8. My reference to the windows trojan was only because, when I looked up the firefox symptoms, the only results I was seeing was for a windows trojan, which I figured wouldn't be the cause of my problems, hence my confusion.

    Minor update, since my last post, I managed a complete clean reinstall of firefox after deleting the old versions profile, and that seems to have restored complete functionality to that browser. I'm still at a total loss for what happened, though.
     
  5. charlieegan3 macrumors 68020

    charlieegan3

    Joined:
    Feb 16, 2012
    Location:
    U.K
    #5
    Does sound a little odd, Glad you're back up and running.
     

Share This Page