How to uninstall an occult administrative account

Discussion in 'Mac Pro' started by machacked, Nov 10, 2010.

  1. machacked macrumors newbie

    Joined:
    Nov 10, 2010
    #1
    I have a new macpro and an administrative account was created in top of my own, yes I was hacked:mad:, I found that "occult" administrative account, I have the password, I thought that I deleted cuz no longer appears under the accouns, but if the system ask me to install/delete software I can type the name of that "occult" account with the password and is still working as an administrative account.
    So I have two administrative accounts in my computer... How I get rid of this occult one?

    I know that I can format the whole computer and reinstall all the programs and this may be the ultimate solution, but I was wondering if there is a way to delete and inactivate that occult user account?

    Thanks
     
  2. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #2
    Have you deleted the Home directory from the Users folder yet?
     
  3. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #3
    How I get to the users folder? sorry I'm new in the mac world....
     
  4. NoNameBrand macrumors 6502

    Joined:
    Nov 17, 2005
    Location:
    Halifax, Canada
    #4
    If you've been hacked, re-install, and restore your documents from backups. Don't bother doing anything else, do not pass go, etc.

    Do you know how you were hacked? (someone sitting at your computer, your computer sitting on the internet with no firewall, malware, etc)
     
  5. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #5
    Go to your Home directory and use Command + ArrowUp. Or go to Macintosh HD / Users. Or use Spotlight (Command + Space).


    Also have a look at the following links to learn more about Mac OS X:

     
  6. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #6
    someone sitting in my computer...

    How to protect this in the future? besides the obvious no let anyone touch my computer...
     
  7. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #7
    Use a fairly strong (twelve characters for example) password.

    I use passwords from twelve to 25 characters, and haven't had a problem since and before.
     
  8. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #8
    I don't see a "home" directory in the users folders... :confused:
     
  9. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #9
    I had a password but the person bypass that with command "S" when u start the computer... and from there created a new administrative account... then hide that account....

    Any other suggestion?
     
  10. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #10
    The Users folder is a folder that contains at least two folders. One is called "Shared", the other folder has your short user name. Those folders are also called Home directories, while logged into them, as they store all your personal files and preferences, unless you choose to store data outside of that folder.

    If you still have problems with that third ominous user, there should be a third folder named similarly in the Users folder.

    But as it seems, you are still logged in as that user, otherwise you would not be asked to use the user name.

    How many accounts are listed in System Preferences > Accounts?
     
  11. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #11
    Ok, only 2 users are listed, myself and a guest user (which does not require password neither has administrative privileges.

    If I want to change users names, etc, it ask me for my password, which I can type my user's password and works fine, or, what bothers me, if I type this occult account name in top of my account name and use the occult account password.. also let me make changes as an administrator... so that account is somewhat still active... how I get rid of that?
     
  12. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #12
    someone was sitting in my computer and when turn it on bypass the log in screen using command "s" and created a new account administrative account...
    then hide it.... the whole purpose was to install a spyware software (which I already deleted)
     
  13. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #13
    Can you tell us what the user name is?

    If you don't have any data on that Mac yet, or can copy it from your Home directory to somewhere else, do as NoNameBrand recommended.

    Clean Install of OS X 10.6 Snow Leopard

    You might also take a look at Firmware Password Protection.


    Btw, to quote someone, just press the [​IMG] button.
    To quote several posts, use the [​IMG] button (multi-quote).
    To edit your posts, use the [​IMG] button.

    All these buttons are on the bottom right of the posts.

     
  14. al2o3cr macrumors regular

    Joined:
    Oct 14, 2009
    #14
    Install a keylogger, wait for R. Douchington the Third to log in then use the usernames/passwords captured to spam every social networking account he uses with Lastmeasure links perhaps?

    Failing that, a good LART has been known to work wonders - apply liberally to the head and groin region.

    On a more serious note, adding an EFI password might help in this situation:

    http://forums.macrumors.com/showthread.php?t=632449
     
  15. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #15
    I like the LART idea a lot!!!!!!!

    Now, which one is a good keylogger to use?
    I might get some payback time.
    After that I guess that the best option is to clean and reformat the whole thing..

    Thank you all for the help in this regard!!!!
     
  16. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #16
     
  17. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #17
    Come again please?

    If you meant, how to copy files: Use Finder and copy the files and folders from where they are (Command + C) to where there should be, which is not on the same partition as Mac OS X resides on. Either use an external HDD or one of the other possible HDDs inside the MP you have.

    Or did you mean something else? NoNameBrand is a user and responded to your post as second poster (post #3).

    And again:

    To quote someone, just press the [​IMG] button.
    To quote several posts, use the [​IMG] button (multi-quote).
    To edit your posts, use the [​IMG] button.

    All these buttons are on the bottom right of the posts.

     
  18. machacked thread starter macrumors newbie

    Joined:
    Nov 10, 2010
    #18
    Thanks again!!!!
    This was very helpful.

    And I promise I will learn how to use this quote/edit stuff...
     

Share This Page