Need help I think a Trojan got into mail

Discussion in 'macOS' started by sjohnson4382, Aug 18, 2010.

  1. sjohnson4382 macrumors member

    Joined:
    Dec 23, 2008
    #1
    I signed up for done coupons and it looks like some type of Trojan got into
    My system because my email account is sending all kinds of emails to my address book and also any address that I've ever sent it received mail from. How do I clear whatever needs to be done to stop these because they are embarrassing? Any help? Thanks
     
  2. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #2
    Have you installed anything and had to enter your password?


    Have a look at Activity Monitor ( Applications / Utilities / ) and select All Processes and sort by Process Name to see what the culprit may be.

    image below uses sorting by CPU as an example
    [​IMG]

    Then press CMD+A to select all processes, CMD+C to copy them to the clipboard, and paste the clipboard into your next post via CMD+V.


     
  3. ideal.dreams macrumors 68020

    ideal.dreams

    Joined:
    Jul 19, 2010
    Location:
    OH
    #3
    The chance of it being a virus is extremely slim. Have you entered in your administrator password anywhere that may have looked suspicious?
     
  4. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #4
    The chance of it being a virus are ZERO, as there are currently no viruses, that affect Mac OS X, in public circulation. A trojan is not a virus.

    The OP suspects it to be a trojan anyway, thus my question (and yours too), if s/he entered the account password at any time during those "coupon dealing".
     
  5. sjohnson4382 thread starter macrumors member

    Joined:
    Dec 23, 2008
    #5
    Ok I will try a paste of the processes. Also the email account is a free AOL account and I tried to contact them to cancel it, but I'm sure all of you know how freaking hard that is, especially with the free ones. So what do I actually need to do to get the mail to quit sending all this stuff? This is being sent to some people that do not need to be receiving it and I'm afraid it may hurt some business relationships. Also she did not enter her email password on any of the sites she signed up for.



    110 WindowServer _windowserver 0.1 4 35.3 MB Intel (64 bit)
    227 WebKitPluginAgent brandijohnson 0.0 2 992 KB Intel (64 bit)
    200 WashingMachineHelper brandijohnson 0.0 2 5.9 MB Intel (64 bit)
    252 virusbarriers root 0.0 2 36.2 MB Intel (64 bit)
    46 virusbarriers root 0.1 6 90.7 MB Intel (64 bit)
    279 virusbarriers root 0.0 2 36.0 MB Intel (64 bit)
    274 virusbarriers root 0.0 3 39.6 MB Intel (64 bit)
    260 virusbarriers root 0.0 2 36.7 MB Intel (64 bit)
    255 virusbarriers root 0.0 2 36.0 MB Intel (64 bit)
    47 virusbarrierl root 0.0 2 968 KB Intel (64 bit)
    48 virusbarrierd root 0.0 2 2.5 MB Intel (64 bit)
    122 virusbarrierb root 0.0 9 1.3 MB Intel (64 bit)
    186 UserEventAgent brandijohnson 0.0 3 5.5 MB Intel (64 bit)
    20 usbmuxd _usbmuxd 0.0 3 1.2 MB Intel
    49 TaskManagerDaemon root 0.0 2 1.7 MB Intel (64 bit)
    152 SystemUIServer brandijohnson 0.0 3 12.5 MB Intel (64 bit)
    21 SystemStarter root 0.0 2 988 KB Intel (64 bit)
    14 syslogd root 0.0 4 672 KB Intel (64 bit)
    51 sh root 0.0 1 748 KB Intel (64 bit)
    45 sh root 0.0 1 808 KB Intel (64 bit)
    24 securityd root 0.0 3 2.7 MB Intel (64 bit)
    220 Safari brandijohnson 0.2 26 218.1 MB Intel (64 bit)
    146 prl_naptd root 0.0 3 3.7 MB Intel
    179 prl_disp_service root 0.0 14 12.8 MB Intel
    50 PersonalBackupDaemon root 0.0 2 2.5 MB Intel (64 bit)
    162 pboard brandijohnson 0.0 1 836 KB Intel (64 bit)
    18 ntpd root 0.0 1 1.1 MB Intel (64 bit)
    11 notifyd root 0.0 2 588 KB Intel (64 bit)
    194 NetUpdateAgent brandijohnson 0.0 2 5.6 MB Intel (64 bit)
    86 NetBarrier Daemon X5 root 0.1 4 2.7 MB Intel
    224 mdworker _spotlight 0.0 3 8.0 MB Intel (64 bit)
    265 mdworker brandijohnson 0.0 3 6.5 MB Intel (64 bit)
    27 mds root 0.0 2 16.4 MB Intel (64 bit)
    28 mDNSResponder _mdnsresponder 0.0 3 1.8 MB Intel (64 bit)
    29 loginwindow brandijohnson 0.0 2 7.7 MB Intel (64 bit)
    147 launchd brandijohnson 0.0 2 1.0 MB Intel (64 bit)
    1 launchd root 0.0 3 1.3 MB Intel (64 bit)
    10 kextd root 0.0 2 2.6 MB Intel (64 bit)
    30 KernelEventAgent root 0.0 3 1,004 KB Intel (64 bit)
    0 kernel_task root 0.8 62 101.8 MB Intel
    197 iTunesHelper brandijohnson 0.0 3 3.1 MB Intel (64 bit)
    196 IntegoStatusItemHelper brandijohnson 0.0 2 8.1 MB Intel (64 bit)
    52 integod root 0.0 2 4.2 MB Intel (64 bit)
    32 hidd root 0.0 4 1.6 MB Intel (64 bit)
    33 fseventsd root 0.0 13 1.7 MB Intel (64 bit)
    163 fontd brandijohnson 0.0 2 4.4 MB Intel (64 bit)
    153 Finder brandijohnson 0.0 4 34.4 MB Intel (64 bit)
    214 FGDaemon brandijohnson 0.0 2 6.2 MB Intel (64 bit)
    35 dynamic_pager root 0.0 1 788 KB Intel (64 bit)
    151 Dock brandijohnson 0.0 3 13.1 MB Intel (64 bit)
    16 distnoted daemon 0.0 2 1.2 MB Intel (64 bit)
    12 diskarbitrationd root 0.0 2 1.4 MB Intel (64 bit)
    15 DirectoryService root 0.0 4 4.8 MB Intel (64 bit)
    124 cvmsServ root 0.0 2 816 KB Intel (64 bit)
    281 cvmsComp_x86_64 brandijohnson 0.0 1 6.1 MB Intel (64 bit)
    259 cupsd root 0.0 3 3.8 MB Intel (64 bit)
    87 coreservicesd root 0.0 4 28.1 MB Intel (64 bit)
    104 coreaudiod _coreaudiod 0.0 3 2.0 MB Intel (64 bit)
    13 configd root 0.0 6 3.0 MB Intel (64 bit)
    41 blued root 0.0 3 4.4 MB Intel (64 bit)
    42 autofsd root 0.0 2 940 KB Intel (64 bit)
    278 AppleSpell.service brandijohnson 0.0 2 6.8 MB Intel (64 bit)
    192 AirPort Base Station Agent brandijohnson 0.0 3 5.6 MB Intel (64 bit)
    286 activitymonitord root 0.8 1 1.2 MB Intel (64 bit)
    284 Activity Monitor brandijohnson 1.0 3 17.5 MB Intel (64 bit)
     
  6. THX1139 macrumors 68000

    THX1139

    Joined:
    Mar 4, 2006
    #6
    Two questions.

    1. Why do you have 2 threads going for the same issue?

    2. If you want help, why don't you answer the question people asked you?

    This is how a forum like this is supposed to work. You post the problem and then people make comments and offer solutions. Some of those solutions might require you to answer questions. If you ignore those questions you may never get an answer.

    By the way, the easiest and surest way to fix this problem is to restore from the latest system backup you made before answering your spam messages.
     
  7. sjohnson4382 thread starter macrumors member

    Joined:
    Dec 23, 2008
    #7
    the admin password has not been entered anywhere that looked suspect. Also I do not believe anything has been installed in relation to the coupons or anything period since then. I have tried to cancel my AOL account but that is next to impossible and it will not let me do it.
     
  8. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #8
    Change the password of the AOL account immediately. And change it to something stronger.

    A more likely explanation for the observed behavior is that someone broke into the AOL account by guessing its password, and is using it to send spam.

    I saw nothing in the process list that looked obviously out of place. The oddballs like WashingMachineHelper and FGDaemon appear to be related to the Intego antivirus you've installed.

    That's my best guess at this point.
     
  9. SDub90 macrumors 6502a

    Joined:
    Nov 9, 2009
    Location:
    Long Island
    #9
    Is this a problem with the Apple Mail application or just your email account? If it's the account, odds are it got hacked or someone is spamming using your address - not something on your computer itself.
     
  10. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #10
    This is confusing.

    Do you mean you've tried to log into your AOL account and it won't let you do it? If so, then this corroborates the AOL password being guessed and the AOL account being broken into.

    You will probably have to contact AOL support directly. Which you should do in any case.
     
  11. wackymacky macrumors 68000

    wackymacky

    Joined:
    Sep 20, 2007
    Location:
    38°39′20″N 27°13′10″W
    #11
    Brandi Johnson ,

    It would seem more likey that your AOL has been hacked that your PC.

    Good to see you're running antivirus software by the way. (I've never bothered on my Macs)

    Using your name from your post and your user name here I was able to find your Face Book page in 2 seconds.

    Should be careful what information you give out about yourself.
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    Your symptoms are not caused by a trojan or other malware. Your email account was hacked or spoofed, nothing more. Change your email account password, as has already been recommended. Also, tell your contacts NOT to put you on any email distribution lists, like for daily jokes, chain letters, etc. This is one of the prime methods used by spammers and hackers to "harvest" email addresses.
     
  13. VictoriaStudent macrumors regular

    VictoriaStudent

    Joined:
    Jul 20, 2010
    #13

    crreeeeepy, dude.

    r u spying on her?




















    just kidding :)


    what they said, brandi..yer account got hacked. make a real password for all your accounts, and change your facebook password, too. It's probably as easy to hack as your AOL account was.

    a -strong- password looks something like:

    Pas5W0rD! <<--- upper & lower case, mixed #'s & letters. and !@*&*# symbols if you are allowed to use them.

    not

    brandi1989

    and, fwiw, don't fill out those stupid questions to help you remember your password. you know, the ones like "which high school did you go to?" Just type a bunch of random crap in, not a real answer.

    The biggest reason I can think why -not- to do that is -->> http://tinyurl.com/ordw7y

    sarah palin's own account getting hacked in just that way :)
     
  14. wackymacky macrumors 68000

    wackymacky

    Joined:
    Sep 20, 2007
    Location:
    38°39′20″N 27°13′10″W
    #14
    No I'm not spying on her. I was just trying to make a point RE giving information on the web and using strong passwords.

    Saying "I think my Mac has been hacked", then ""Oh by the way, it is a web based account" reflects the little knowledge a lot of people have re basic data security.

    I don’t know if the OP’s name is Broni or just the user account they were using belongs to the wife or mother.
     

Share This Page