Possible hacker

Discussion in 'macOS' started by jonny46251, Dec 19, 2012.

  1. jonny46251 macrumors newbie

    Joined:
    Dec 19, 2012
    #1
    For some reason when I go to Finder there is another computer name colortyme-pc that shows up under my "Shared" section. I have turned off all guest user privileges and unchecked all of the system preference share file options. However, this person is still getting access to my computer. How do I stop this????
     

    Attached Files:

  2. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #2
    If none of your file sharing boxes are checked he can't get into your computer.

    He is on your network though, you might have to change your wireless router's network password.

    Are you sure it is not another device which you own yourself?
     
  3. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #3
    I don't have any application called colortyme. Is there another spot that I would look to see if it is something I downloaded?

    It is not always there. When I first saw it last night, I pulled out my ethernet cord (my wireless is shut off). Then I waited 5 minutes before plugging back in. colotyme-pc status changed to disconnected then disappeared. I plugged it back in and he did not show up for about 10 minutes when he regained connected guest privilege access to my computer. I kept doing this 5 to 6 times. Although it varied, between 1 minute and 15 minutes he would regain guest user connected status.

    I got up at 4:30 am today figuring it would be too early for him. It has been over an hour and he still hasn't shown up. So, I don't think it is on my computer or else he would be on whenever my computer was on. I fear I might have spyware or something that tricks my computer to letting him in even after disabling privileges.
     
  4. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #4
  5. dinggus macrumors 65816

    Joined:
    Jan 17, 2012
    #5
    Google is showing that ColorTyme is a Rent to Own store, is there one around you?
     
  6. justperry, Dec 19, 2012
    Last edited: Dec 19, 2012

    justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #6
    I didn't say anything about an Application.

    I said there might be a hacker on your wireless network, change your Broadband/Modem/Router wireless password!!!!!!!!!!!!!


    www.colortyme.com/ near to you?

    Are you sure you are not on "their" network and not on your own?

    Their = any network near to you.
     
  7. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #7
    Thank you everybody for your help. Unfortunately, there is no colortyme store within 50 miles of me.

    The link provided to remove colortyme was for Windows. On Mac OSX do you know how to find programs installed by colortyme? I tried control right click but it did not give me information about who downloaded them.

    I bought my computer from a Best Buy, they never told me that it was used I thought I had bought it new.

    I changed the password on my computer last night and it didn't help. t am not sure how to change the password for my modem. I used to be able to type the below and it gave me the option for a WEP password. Now it just gives me a blank white screen. How would I change it?
    http://192.168.0.11/

    I came across a URL that took me to keychain access. One of these is a tubedownloader which I thought I deleted. Is there anyway he could be using one of these to get into my system?
     

    Attached Files:

  8. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #8
    You should try the following, most of them are:

    192.168.1.1
    Or
    192.168.2.1

    Oh and never use WEP, use WPA/WPA2

    WEP is very easy to hack into.

    And, I would delete that entry in your Screenshot.
     
  9. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #9
    Thanks, I have to head off to work for now. I will respond by tomorrow if I was able to change my password.
     
  10. dinggus macrumors 65816

    Joined:
    Jan 17, 2012
    #10
    I'd be pretty upset. How long ago did you buy this?
     
  11. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #11
    And I found this:

    What is WEPtubez?

    Best buys unbroadcasted wireless network for their Geek Squad



    So, delete that entry first.

    Hope Best Buy is not peeking inside your network but I find that hard to believe, unless there is a deamon running on your Mac which broadcasts your IP.

    I think your Mac was used before at BestBuy, was it new, was the box sealed?
     
  12. benwiggy macrumors 68020

    Joined:
    Jun 15, 2012
    #12
    The "Shared" section of the Sidebar shows you what OTHER computers are sharing TO you; not what you are sharing to other computers.
    So there is another device that you are capable of connecting to and logging into. It is not some device that is peeking into your computer; it is a device that is offering you to peek into it!

    Wireless routers often show up as Shared devices. If you turn off "Bonjour Computers" in the Finder > Preferences > Sidebar, does the device disappear from the list?
     
  13. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #13
    I deleted What is WEPtubez. I thought I downloaded that but who knows. It didn't solve the problem as colortyme-pc is still able to connect.

    I was unable to change my password. The below 3 all take me to a blank white page that will not load.

    http://192.168.0.11
    http://192.168.1.1/
    http://192.168.2.1/

    If the shared section only shows what I can connect to, how do I disconnect? And why does it automatically keep connecting me?

    The box was open. Best Buy offered to set my computer up for me and I had never owned a Mac before so I let them. It is a year old now, but I don't ever remember seeing colortyme-pc connected to me under my shared section.

    Thank you everybody for your help, but the problem is still persisting. Is there anything else that I could do to stop him from connecting to me? Or, a way that i could disconnect him w/o having to pull out my ethernet coord?
     
  14. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #14
    You can see which IP you have to enter, forgot to say yesterday but you have to go into Network Preferences in System Preferences to see the IP number.
    See Screenshot below.
    Screenshot 1: Click on Advanced.
    Screenshot 2: Choose TCP/IP and look for router(IP Highlighted in blue)

    If that does not work connect the router with a cable to your Mac, then again look into Network Preferences and look up the IP.

    Copy the IP into Safari's Address Bar and hit return.
    If you have further question about the router's interface just ask.

    P.S.: is 192.168.0.11 your IP? Strange but if that's the case you probably need 192.168.0.1 or 192.168.0.0 but just check as per the above instructions.
     

    Attached Files:

  15. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #15
    http://192.168.0.1 worked. Kind of. It prompted me for a Netgear password which I didn't know. Would I have to call my cable company to get this password?

    Thank you again for your help.
     
  16. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #16
    By default, the password is usually "admin" lower case without the quotes.

    so username= admin
    password = admin

    If these work, it's a good idea to change them. Some companies also label the passphrase on the back of the router too.
     
  17. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #17
    Thanks! It turned out to be admin / password. Another basic setting by Netgear.

    The area for guests was already disabled. I found an area for remote control which was also disabled. I couldn't find an area to change the admin password (except for the remote access) so I am not sure how to update that.

    I did however, find an area to uncheck "Enable Wireless Access Point". Since I am using an ethernet cord, I figured that I didn't need it. I originally thought that I had disabled this, but it might have been that I just disabled my computer's wireless access and not the wireless access of the router itself.

    I will wait a couple days and see if he shows up again. Thanks for your help!
     

    Attached Files:

  18. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #18
    Sorry I didn't see your post earlier, better use quote next time.

    Were these your settings or did you change them, you said before 192.168.0.1 worked yet in your screenshot it shows 192.168.1.1, this is odd.....

    As for L/P on network gear it is almost alway admin/admin.

    And it is in your screenshot:
    You have to enable it and then change the password, might have to save if there is a save button, switch off after you have changed it.

    [​IMG]
     
  19. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #19
    Thank you for the password tip, I will try that and then get back to you a week from now when I get back from vacation.

    In terms of the IP address, I see what you are saying. However, I tried 192.168.1.1 multiple times with no success other than a blank white screen. It was 192.168.0.1 that prompted me for a password and took me to my router settings.

    I wanted to state that it has been close to 24 hours and I have not seen any other computers connected to mine through the shared section of finder since I disabled my wireless point for my router. I am extremely happy now and I thank you and everybody else for their help :)

     
  20. mentaluproar macrumors 68000

    mentaluproar

    Joined:
    May 25, 2010
    Location:
    Ohio, USA
    #20
    someone just teamviewer into his system and change all the settings to what they are supposed to be, please?
     
  21. justperry, Dec 21, 2012
    Last edited: Dec 21, 2012

    justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #21
    Happy Holidays.:)

    BTW, what brand/type is your modem/router, I can look into it if I find something else in the manual.

    Don't worry, I can't/will not break into your router, don't have your IP, just want to look because I think the "Wireless Guest Network' settings is chosen oddly, why 'GUEST', normally there is no guest settings.
     
  22. benwiggy, Dec 21, 2012
    Last edited: Dec 21, 2012

    benwiggy macrumors 68020

    Joined:
    Jun 15, 2012
    #22
    Again, for the sake of clarity: Something showing in Shared does not mean it is connected to your COMPUTER. It has to be on your network, however. But not every device connected to your network will show up in Shared. Someone could connect to your network and NOT show up there. If something is in your Shared list, it means they are inviting you to connect with them.

    It's possible that the Shared device WAS your wireless router. They often show up there.

    Your router may have a section where you can see the IP addresses and MAC addresses of devices connected: you can therefore count the devices there and see if anything shouldn't be there. MAC addresses contain digits that identify the manufacturer and sometime the type of device, (there are websites with databases), so you can check whether it's a computer or a router or a toaster.
     
  23. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #23
    This ^^, Benwiggy is right here, it is the shared Folder/HD/whatever from the other computer, if you click on it you can see that you can connect to this share, you could R/W from that share, but as long as you have all your sharing of in Preferences he can not see you.
     
  24. jonny46251 thread starter macrumors newbie

    Joined:
    Dec 19, 2012
    #24
    I will look for that section if I go back to enabling my wireless router.

    Couple things to clarify. On the Shared List it specifically says that I was connected. It was not just an option to connect. Also, I would have internet access for 1-15 minutes before the connection was made. So it could not have been my own router.
     
  25. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #25
    It said you were connected as a guest, because you clicked on it and your computer therefore tried to make the connection. That has no bearing on whether that device is connected to your computer, however. If all your sharing options were turned off, whatever that device is, it's not connecting to you, it's just advertising it's presence on your network. Have to say, if I were hacking into your network, I wouldn't want my own computer advertised like that, so that alone probably indicates there's nothing to fear, but from your posts I can tell you that your computer is safe. Your network is in question, perhaps, but not the computer.

    jW
     

Share This Page