Did I Nuke my Mac?

Discussion in 'Mac Basics and Help' started by doubledee, Feb 19, 2014.

  1. doubledee, Feb 19, 2014
    Last edited by a moderator: Feb 20, 2014

    doubledee macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #1
    Curiosity killed the cat!!!


    I just got an e-mail from a former colleague, with this in the e-mail body...

    URL Removed by moderator


    I checked the domain name in Google and it seemed okay.

    Since the person supposedly sending the e-mail is a developer, so I figured it was a project he was working on.

    And since you guys have told me a million times before that my Mac CANNOT get infected, curiosity got the best of me and I clicked on the link.

    To be honest I sorta forget what happened next, but as I recall...

    - I pasted the above URL into the Address Bar and hit enter.
    - Some fairly normal site came up promoting Turkey.
    - I clicked on "About" and "Contact" tabs and didn't see any info
    - I *think* I closed the window.

    Then I got interrupted.

    - Somewhere along the was, I went to this website...

    topzfxs.com

    - This site is clearly a scam at best because all of the links point to...

    URL Removed


    I don't remember how I got from aboutturkey2012.com to topzfxs.com but I know that nothing "popped up", so I must have surfed there?!


    At any rate, did I just Nuke my new Mac??? :eek:

    (I fear maybe I launched some script that installed malware on my Mac...)

    I should NOT went to that URL, but for the reasons I mentioned above, it seemed like a reasonable risk.

    What do you think?

    Sincerely,


    Debbie
     
  2. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #2
    As long as you dont have Java installed then you didnt damage anything.
    Even if you did have java installed its highly unlikely unless you are on old software that you did anything. And thats java by the way, not javascript.

    BTW, the fact that someone you know "sent" you link is no proof its good.

    I've had plenty of links "sent" to me either from a colleague or friends compromised PC, or from a site spoofing their address.

    If you dont think its of use to you or you have no reason to go there or its just out of character, eg "hey look at this neat site I found www.scam-ripoff-malware.com" and no other info, dont follow it, ping them an email and ask if their email has been compromised.
     
  3. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #3
    How do I check that?

    (I thought I turned off Java, but don't remember now...)


    Would you be so confident if I was on a Windows PC?


    I know that, but since I *never* get any e-mails from anyone, and since I have never been on Social Media, I figured it was okay to click it.

    Petty stupid of me in retrospect!!!


    What pisses me off the most, is that for the life of me, I cannot remember how I went from "AboutTurkey2012.com" to "topzfxs.com"...

    Even when I Google the two separately or together, and I can't figure the connection. :confused:

    But when I was researching "AboutTurkey2012.com", I must have found something that lead me to research "topzfxs.com"

    (If anyone can help me figure out that connection, I would sleep better tonight...)


    I guess I have been lucky so far.


    Yeah, I screwed up!!

    :( :( :( :(


    So are they reading what I type to you right now in the Ukraine or in Sochi... :confused:


    Debbie
     
  4. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #4
    Unless you are the first one, or at least one of the ones in the first day of a new malware attack, no you didn't nuke your Mac. :)

    If you are really worried, download and run ClamAV - I know that you are more sensitive to these kinds of threats than the average Mac user. Then delete it when it doesn't find anything. ClamAV is the antivirus recommended by the Mac Gurus I respect.

    Check the DNS servers .... Preferences/Network/Advanced Anytime I've read about a malicious script, a guru will suggest checking the DNS servers. They should match either what you already set them to, or the default DNS servers that your ISP wants you to use. You can also use OpenDNS or Google's DNS servers.

    I wish I could be more help, but like most Mac users - I have no experience recovering from a malware. And I'm far more trusting than about clicking on links than you are. It is just that Macs are much more difficult to infect.
     
  5. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #5
    With my luck, I'll be on the 6 O'clock news...

    "Debbie discovers first-ever Mac Malware!!"


    Is it free?

    Will it screw up my Mac?

    One reason I am leery about installing Anti-Virus software on my - formerly "virgin" - Mac is that I have heard lots of bad things about people installing AV software and it turns out to be spyware, or it bogs down their OS so much that they wish they had a virus instead?!

    I don't remember the names, but I know this is a fairly debated topic from what I've seen in the past.

    (And, of course, on PC's, AV software like Norton definitely gums up the OS!)


    Here is a case were I proved an earlier point I was trying to make.

    I spent a few weeks taking screen-shots of ever last setting and corner of my new Mac last summer.

    So now when I need to check things like you are suggesting, I was able to verify that my DNS settings are what I set them to in under 30 seconds!!

    (God Bless screenshots!!)


    Yeah, but when you think about what the Russian Mafia is up to these days, I think it makes sense to be paranoid on any electronic device.

    Ever hour the hackers get smarter and smarter.

    Ever read "Krebs on Security" and see what the Eastern European/Russian Mafia has done to that poor guy?

    Between that and the NSA, I don't know how anyone can stay safe anymore...

    Maybe I need to by a new MBP and turn this one into my "brick", Surfing the Internet box... :cool:


    Debbie
     
  6. Tyler23 macrumors 603

    Tyler23

    Joined:
    Dec 2, 2010
    Location:
    Atlanta, GA
    #6
    Malware in the form of Trojans does exist for Mac, however, to get it, you need to manually install it, which is why safe computing practices are preached even on a Mac.

    ClamXav is free and can be downloaded from the Mac App Store. It's the best AV software available for Mac - it's safe, and takes limited resources. You can download it, scan your computer to give you peace of mind, and then delete the app for all intents and purposes.
     
  7. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #7
    No. :D

    You can google as to how to remove java I can't recall offhand
     
  8. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #8
    IIRC, removing Java (not JavaScript) is very very difficult.
     
  9. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #9
    I recall it took me 5 minutes including googling how to do it so no it's not difficult.
     
  10. dan1eln1el5en macrumors 6502

    dan1eln1el5en

    Joined:
    Jan 3, 2012
    Location:
    Copenhagen, Denmark
    #10
    if you think it's dangerous, why did you link to it here ?

    could you edit your original post to add a space or (delete me) in there, so none else is clicking on a potential bad domain
     
  11. Crazy Badger macrumors 65816

    Crazy Badger

    Joined:
    Apr 1, 2008
    Location:
    Scotland
    #11
    Yes, pure stupidity posting a link to a site you think nuked your Mac. Do you want to be responsible for nuking everyone's else's too?
     
  12. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #12
    Apparently not... nobody else is reporting this, so not a widespread attack.
    Excellent!
    Nope. I don't agree. I take the same basic precautions with my electronic devices as I do my car and my home. I lock them, of course....but I don't bother sweeping for bugs, or hidden cameras, etc. All sorts of things could be hidden in my home or car, and I'd never know it. Yet, I am confident that I'm bug free.... because why would anyone bother targeting me? I know that my electronic devices could be compromised, so I check my bank statements etc. Banks and credit card companies insure you against fraud. I am a little more careful with paper though... I shred anything that has anything beyond my name and address.
    So do car robbers, but I don't lose sleep over it... I have insurance to cover the loss.
    If you are going to be targeted, then there is nothing you can do in any case. Some people just have bad luck and there is nothing that anyone can do about it.
    The government has always had the ability to get a warrant to read your mail and tap your phone. Nothing new here.
    Well, technically, all you really need to do is to reinstall OS X if you actually that worried. Though I'm confident that in fact nothing at all has been installed if the behaviour is not being repeated. On the other hand, I'm all for a good excuse to buy a new system.... so go ahead!
    Cheers
     
  13. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #13
    snberk103,

    Thanks for the response.

    I checked out ClamAV or whatever. Thought it checked for "Mac virsuses", but alas, there aren't any. So since I'm not e-mailing tons of PC users, they are on their own!

    In the end, it appears that I didn't nuke my new MBP, although it still bothers me how I got to the site "topzfxs dot com", because that site was marked as "suspicious" by some Norton website.

    Oh well.

    -------
    BTW... If you had to guess, where do you think all of this started?

    I assumed that this former colleague had been sloppy, and someone infected his PC or e-mail and that they got my e-mail from his computer.

    But maybe I have it backwards, and instead someone swiped his e-mail from my e-mail or computer and then sent me an e-mail pretending to be him? :eek:


    Sincerely,


    Debbie
     
  14. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #14
    Debbie,

    You have to check out your iCloud Account and also change your iCloud account password by visiting Apple - My ID, to be safe. Also change your password with your ISP and any other sites you have to use a password.

    Think about getting a password manager like 1Password or many others. Then all you have to remember is the one master password because the secure password database can also be used on iOS, Windows, Android too.

    Lastly boot into Recovery Mode and do a reinstall will NOT erasing your disk and this will just reinstall the system and not harm the applications.
     
  15. Tumbleweed666, Feb 20, 2014
    Last edited: Feb 20, 2014

    Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #15
    Email addresses can be "swiped" from numerous sources and it's very easy to spoof an email as coming from any address you want.

    Its most likely to have come from a PC that had your email address on it in some form, it might not be anyone you know at all.
    Let me give you an example. Recently some idiot sent out an email to a group of about 100 people including me, with all addresses in the "to" or "cc" field rather than the "bcc" field . That meant everyone could see everyone's email address.

    So, what are the odds that at least one of those 100 pcs's (mostly windows pcs) will have a virus? Absolutely certain. And my email address is on that PC. So its available to be sent to and to be spoofed as a source of spam and that could originate from the PC of someone who doesn't know me from Adam.
     
  16. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona
    #16
    I like the way you describe that. :apple:

    Scary, but true!!

    Thanks,


    Debbie
     
  17. s15119 macrumors 65816

    s15119

    Joined:
    Nov 20, 2010
  18. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #18
    That's because there isn't a single known "virus" for Macs in the wild. While there are a few other nasty things - Trojans for instance - self-replicating viruses just don't exist for us. And Apple's own security sub-system does a pretty good job of keeping everything out... assuming your OS is more or less up to date. At this point, the chances of Mac getting infected by a simple email or just randomly surfing are virtually non-existent. As long as you don't install anything you aren't really sure of. This could all change overnight of course - but at the the moment if you are not being targeted and if you don't give other people physical access to your machine then you can sleep at night.

    Honestly, I would have been genuinely surprised if ClamAV had found anything... I just figured you'd be happier seeing the results yourself.

    That said...it now appears routers are being targeted.... make sure your router has had it's default password changed and that you've turned off remote access.
    All sorts of non-harmful (to you) possibilities. The website itself may have been compromises. People's email addresses are constantly stolen, spoofed, etc.

    So enjoy your day, and don't worry about it. Life is short.
     
  19. doubledee thread starter macrumors 6502

    doubledee

    Joined:
    May 14, 2012
    Location:
    Arizona

Share This Page