Terminal commands to remove VPN & remote management-programs unknowingly installed

Discussion in 'Mac Basics and Help' started by MissMymac, Aug 1, 2014.

  1. MissMymac macrumors newbie

    Aug 1, 2014
    Gisborne new zealand
    A nasty guy I dated last year secretly installed a series of programs onto my MacBook Pro and I need help with allocating and removing them please. I haven't switched it on for 11 months so it's still running snow leopard. I live now in a very remote area with no access to an Apple store nor do I have my macbook installation disc. Please read on and do let me know of anything I can do in safe mode and use of terminal commands.

    Please note that I haven't opened my macbook for 11 months due to this problem. My questions are:

    Here's what I know:
    - He used a USB to install: remote management, Remote Desktop, remote installer
    - He also put a file that looked like a PDF but it was a virus or malware that is an executable file
    - He uses both mac and windows and also uses his Nokia as a device to access his victims remotely as well.

    Ihad no idea this guy was a fraud and had been jailed for fraud and extortion 6 years before I knew him and I only knew him for a couple of months. Please don't remind me how silly or stupid I am I just need help.

    I began to realise something was up from the following:
    - A little screen appeared when I logged onto my mac asking for the IP address I'd like to remotely connect to
    - my mouse would move when I wasn't using it
    - my wifi would be switched to 'on' when I'd have turned it off on a previous screen
    - files and folders were recreating themselves and multiplying and wouldn't allow me to delete them
    - activity monitor showed hundreds of thousands of files uploaded in the sent messages column
    - I looked at the sharing settings and it had a connection under the 802.1 (not sure on the correct number) in the VPN or vnc settings
    - when I tried to quickly back up my home folder to my external hard drive and any other USB I'd try it wouldn't allow me and would say "unable to transfer files as "flash is using the USB or ex hard drive"(or something similar to this I can't recall the exact words sorry). I also went and purchased a brand new ex hard drive and when I connected it and went to format it it said something like this "unable to perform this operation as the flash is using the ex hard drive"

    Upon searching 'recent' in spotlight, the following appeared which I hadn't opened or used: (!!!!)
    - terminal
    - dropbox(I don't and have NEVER downloaded Dropbox)
    - system settings
    - the PDF executable file
    - remote management
    - remote installer
    - keychain app
    - activity monitor
    - Apple remote "something"(can't recall)

    Please note that I haven't opened my macbook for 11 months due to this problem. My questions are:
    - has the program he's obviously installed able to connect a VPN or vpc automatically to my public wifi if I turn my macbook on?
    - has he uploaded my files and documents etc to a Dropbox that he can access to view all my private documents off my mac?
    - it's been 11 months since this happened, can he still acces me now when I turn it on?
    - what terminal commands do I use to remove any vnc or VPN he's installed?
    - how can I seriously remove these program's I've installed? And can I do it in safe mode through the terminal?
    - how do I check for malware/spyware I believe he's installed? And remove it through terminal?
    - there are 3 accounts on my mac so how can I do this so cleans all of them at once?
    - I already tried to back up my data but i couldn't even get passed the formatting (I believe that was the malware or spyware installing something to do with dodgy flash on that ex hard drive I tried)
    - can I fix my mac in safe mode and do this by using certain commands in terminal? Please help? thank you!
  2. Ann P macrumors 68020

    Jun 29, 2009
  3. MissMymac thread starter macrumors newbie

    Aug 1, 2014
    Gisborne new zealand
  4. Mac Write, Aug 2, 2014
    Last edited: Aug 2, 2014

    Mac Write macrumors member

    Dec 16, 2012
    Vancouver British Columbia
    I would keep the computer as is and goto the police in person (with your computer he hacked) as this guy has committed "Cyber terrorism," and your computer is the evidence). Tell them you haven't been able to backup the data so they don't wipe the drive after they have done there computer forensics.

    Keep us updated. If you get a new Mac or don't want to goto the police and help put this guy away. we can help you get back your data and build a clean computer and secure.

    PM me if you want any further help or questions.
  5. BrianBaughn macrumors 603


    Feb 13, 2011
    Baltimore, Maryland
    Do you know the MacBook Pro model number and what operating system version it's running? Sounds like it was a Leopard (10.5) or Snow Leopard (10.6) machine. Were you using "FileVault" on the computer?

    If you don't want to deal with this guy anymore (and it sounds like you don't) I'd skip the police suggestion.

    I'm confident no one here could possibly guide you through the maze that would be getting that Mac, as it is, back to a safe state.

    I assume you've changed the passwords for all of your email accounts and other online logins.

    What you need to do is get whatever files you need off of there, then reinstall the system. This won't be free but it'll work.

    If it was a 10.5 or 10.6 machine, you can order a Snow Leopard installer disk from Apple for $25 NZ money. This is the first thing to do.

    While you wait, get an external USB drive if you don't already have one. You would start up from the SL installer disk, install a new system to the USB drive and start up from that USB drive.

    The rest involves "How to recover files from a Mac drive to a new system drive...and not via Migration Assistant". Once you've done that, you can reformat the drive inside the Mac and migrate over from the USB drive.

Share This Page