Need help restoring a hacked MacBook Air

Discussion in 'Mac Basics and Help' started by Billy13190, Jul 21, 2014.

  1. Billy13190 macrumors newbie

    Joined:
    Jun 14, 2014
    #1
    Hi
    My MackBook Air has been hacked. Someone has got backdoor access to it somehow. I need to wipe it and start over.
    I have backed up all my data on an external disk drive but when I copy the data back onto the clean Mac how do I make sure I don't copy back the code or whatever it is the hacker used to get access in the first place?

    Thanks in advance for any help.
    Bye
     
  2. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #2
    Well, how are you hacked? Hard to give advice on what not to migrate if we don't know where the issue is coming from.
     
  3. Billy13190 thread starter macrumors newbie

    Joined:
    Jun 14, 2014
    #3
    I don't know for certain how. Not through physical access to the computer that's for sure, I work at home.
    I am being targeted by a specific individual and I know who it is.
    I think they may have succeeded in installing a keystroke logger by getting me to click on bogus update windows for Java or Javascript. I remember clicking on such windows a few months ago, and now I know that was a mistake.
    Or they may have hacked my IP address.
    The hacking is fairly mild for the time being, changing print paper sizes, turning off the sound, sending pop up windows. I want to deal with it before it gets nasty.
    At the same time they have hacked my AppleID repeatedly, despite me wiping my iPhone and reinstalling from scratch with a new AppleID. That's another reason I know my MacBook Air must have been hacked. How else could they have got the new AppleID?

    Thanks in advance for any help
     
  4. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #4
    'popups'? 'hacked your IP address'? IMHO it sounds like you just downloaded 'SpeedUpMyMac' or something like that. :p

    Anyway, hold Alt on startup, boot into Recovery partition. Wipe Macintosh HD through Disk Utility and then do a clean install where it says 'Reinstall Mac OS X'.
     
  5. Billy13190 thread starter macrumors newbie

    Joined:
    Jun 14, 2014
    #5
    Hello

    In fact they just sent one pop-up window, from Booking.com, offering hotels in LA, which just happens to be where I'm going on holiday. They found that out somehow.

    I know I have to wipe the Mac and start over. My question is how to avoid copying the code or whatever it is the hacker used to get access in the first place when I start copying my data (mainly word processing files) back onto the clean Mac.

    I forgot to mention I'm running Parallels Desktop on this Mac.

    Bye
     
  6. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #6
    I'm willing to bet, based on your first and confirmed by your second posts, that you haven't been hacked. Pop ups can occasionally appear even if you have them turned off, and the fact it advertised can be based on previous viewing, cookies, etc. the other issues you describe are just system settings, which you may be unaware of changing yourself. I see a lot of people saying they've been hacked and are in situations similar to yours, but some digging shows they're safe.
    By all means, erase your OS, but your issues will likely persist afterward.
    Has this person who claims to have hacked you shown any proof of it? Any time I ask this the answer is invariably No.
    Regarding your Apple ID, that could be someone entering a wrong password repeatedly, but changing or deactivating an Apple ID =/ hacking you.
     
  7. jeremysteele macrumors 6502

    Joined:
    Jul 13, 2011
    #7
    That's most likely just common advertising techniques. They use cookies, HTML5 storage, or your IP address to track previous page views at partner sites and display relevant ads. You go on a site that uses their ad code and up pops the ad.

    The other possibility is you installed a bad extension on your browser. I've seen that happen a few times as well.
     
  8. Billy13190 thread starter macrumors newbie

    Joined:
    Jun 14, 2014
    #8
    Hello

    Thanks for answering.
    This person has been pestering me in a variety of ways for 2 years or so now - anonymous phone calls, financial scams, creating bogus e-mail addresses using my name and using them to send pornographic materials, sell drugs, more recently offers of hotel accommodation in LA (as well as the pop-up) etc., so I am not imagining this.

    I can't imagine how I would be able to turn off the sound on my Mac or change the paper size settings for printing without knowing I was doing it.

    The person who is hacking me has absolutely no interest in telling me it's him, they would be opening themselves up to prosecution! If someone tries to sell cannabis using my name they are committing an offence. Most of his activities are illegal and legal proceedings are under way although this will take some time.

    When I say they hacked my AppleID what I mean is that apps were deleted on my iPhone, text messages were sent, alarm settings where changed, reminders were added, and the Music App would start to play music without me touching the phone. At no time was my AppleID deactivated or changed by the hacker, although one time they did change the language for my AppleID page to Korean. I've been talking to Apple for the last 3 months to try to fix the problem, wiping the iPhone and backing up to factory settings. I've also changed the AppleID and password several times, to no avail, which would seem to indicate my MacBookAir is compromised. Again, I'm not imagining this, it is happening, unfortunately.

    The person doing this is very clever. They tend to blitz me with hassle of various kinds and then stop for several weeks, hoping I'll forget about it.

    Thanks again for taking time out to help
    bye
     
  9. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #9
    Then you need to forget your computer momentarily and contact the police.
     
  10. Billy13190 thread starter macrumors newbie

    Joined:
    Jun 14, 2014
    #10
    As I said i've already done that but I have little hope that willl lead to anything In any case I don't have any proof that it is this person, they're not going to jump up and say "It's me!". That's the problem.
     
  11. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #11
    There's really nothing you can do then besides wiping your computer and changing your password regularly.

    Though if this person is doing drug deals under your name, one would think the authorities would be helpful.
     
  12. jeremysteele macrumors 6502

    Joined:
    Jul 13, 2011
    #12
    If OP's story were real, the authorities would help. Fortunately, they generally don't help people with stories they make up.

    If this were true, OP would no longer have possession of their computer or iphone - to preserve evidence and to allow a proper forensic investigation.
     
  13. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #13
    Do a command-r boot to recovery then use Disk Util to erase Macintosh HD partition to Mac OS Extended (Journaled). Then quit Disk Util and click reinstall OS X and wait for the install to complete. At the end of the install make a new user account for yourself. Then manually reinstall all your apps by obtaining the apps from either the App Store or the developer. Do not reinstall any apps from the backup drive.

    Now manually move only your documents over from the backup drive and nothing else.

    That should give you a clean setup with nothing but your documents on there.
     
  14. Billy13190 thread starter macrumors newbie

    Joined:
    Jun 14, 2014
    #14
    @ Weaselboy
    Thank you very much, somebody has finally answered my original question.

    @ Jeremy Steele
    I don't appreciate being called a liar. Do you really think I have nothing better to do with my time than invent the whole story?
    I don't know what planet you live on or how old you are (about 12?)

    "If this were true, OP would no longer have possession of their computer or iphone - to preserve evidence and to allow a proper forensic investigation."
    - HILARIOUS !!!

    but around here if I were to take my computer to the police and demand they open an inquiry because some nutcase is using my name to try to sell cannabis online they would laugh in my face and they would be right. Can you imagine the time and energy that would be required to find any proof of a transaction? Try to think before you write and start insulting people.
     
  15. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #15
    But do you not have any record of these emails etc? Otherwise how do you even know about them?
     
  16. Billy13190 thread starter macrumors newbie

    Joined:
    Jun 14, 2014
    #16
    I have obtained the answer to my question.
    I see no point in spending time trying to persuade you that I'm not lying.
    Goodbye
     

Share This Page