was i hacked?

Discussion in 'OS X Mavericks (10.9)' started by davelanger, Nov 13, 2013.

  1. davelanger macrumors 6502a

    Joined:
    Mar 25, 2009
    #1
    I am using mavericks.

    when I woke up today my computer was on and at the password prompt to get into my computer and it had a bunch of dots at the password screen

    I cleared them out, and went to use my password but it didn't work.

    I went through the process of changing my admin pw but even when i reboot my computer when i get to the log on screen a bunch of dots come out

    If i clear it out now i can get into my computer but now my keychain pw won't work either.

    what changed was i started playing world of warcraft again and added some add ons and also use ventrillo.

    That is the only thing different i have done in the past week that I could see would cause this issue.

    Has anyone seen this issue before where when you log in the password is being typed out for you?

    Should I just back up everything and wipe the HD and start over?
     
  2. dean1012 macrumors regular

    Joined:
    Jul 10, 2008
    #2
    Speaking as a system administrator, If you have reason to believe you have been compromised (on any operating system), the only recourse is to reload (format and reinstall, not repair) the operating system.

    You should then restore files from backup a few at a time to ensure the problem does not repeat itself.

    It can be a very time consuming process but it is the only way to be sure there are no compromises remaining on the system.

    With that said, you should do some due diligence to ensure it is really a compromise before expending the effort. Some of those steps include googling (on another computer preferably) your problem to see if others have it.

    Also of note, if you have been compromised you should never reuse that password again and should change any passwords that may have been stored in your keychain for safety.

    I don't think a WoW addon would cause this kind of issue and I have not seen or heard of this kind of issue before so I have nothing further to add.
     
  3. davelanger, Nov 13, 2013
    Last edited: Nov 13, 2013

    davelanger thread starter macrumors 6502a

    Joined:
    Mar 25, 2009
    #3
    have you ever seen it where when you reset your mac the password window fills up automatically?


    Even after changing my password it does that.

    the other thing, I can't even update my key chain, even if i reset it, it won't take any password.

    the other weird thing is i noticed my keyboard, now when ever i plug it in the ------------ goes on and on until i stop it.

    I tried an older keyboard and that didn't do it, but that wouldn't explain why my admin password was not working and why it changed

    I guess its better to be safe and just reformat and reinstall everything even though its a hassle.

    I also found that key loggers can hack kehyboars to via the firmware? guess I need to toss that mac keyboard as well just to be safe.
     
  4. dean1012 macrumors regular

    Joined:
    Jul 10, 2008
    #4
    I've never seen that behavior, no. It might be a problem with the keyboard.

    If you haven't already, you might try another keyboard and if no further issues persist, it was likely a keyboard problem. Maybe try the current keyboard on a different mac or PC to see if the problem appears suddenly on that computer as well.

    That'll help eliminate the keyboard.

    I am not a security engineer but I think it is unlikely the keyboard itself is infected with bad firmware or a keylogger.
     
  5. davelanger, Nov 13, 2013
    Last edited: Nov 13, 2013

    davelanger thread starter macrumors 6502a

    Joined:
    Mar 25, 2009
    #5
    I tried my old keyboard and that is working without the ---- key issue but that wouldn't explain how my admin/login password got changed.

    Also my email password isn't working anymore either. I know i am putting in the right password but it keeps saying its wrong. I still get emails on my phone though.

    Thanks for taking time to assist me. i am worried since this happened the day after reinstalling wow, some add ons and ventrillo.
     
  6. dean1012 macrumors regular

    Joined:
    Jul 10, 2008
    #6
    I still believe it is unlikely the issue arose from any of those software products (although anything is possible).

    If the issue disappeared after changing keyboards, I think the other keyboard has gone bad and should be replaced.

    Regarding your login password, forgive me if I misunderstand the situation but I believe the password may not have changed. Since your keyboard was bad or going bad, it could have resulted in you typing the password wrong. You then reset the password yourself.

    Once you reset the password, the keychain password would not be reset. you still need to login to your keychain with the original password then change the password.

    I know this documentation is old but I can't seem to find the newer documentation for it and I think the process is nearly the same even today.

    http://support.apple.com/kb/PH7281

    Regarding your email password, if your keychain hasn't been unlocked and changed properly (see above), it's possible the mac is trying to login with the wrong password or simply isn't autofilling a password at all. In this case, the email password probably wasn't changed.

    This is evidenced by the fact your phone is still able to check for email.

    If you are entering your password manually and it will not login, it is possible you have forgotten your password or are entering it incorrectly. Once again, the phone wouldn't be able to check for mail if the password was incorrect.

    In any case, i'd recommend correcting keychain to use the proper new password now and if that doesn't fix your email issue, i'd reset the password to it and update the mac and phone.

    It doesn't sound like you are compromised at this point.
     
  7. davelanger thread starter macrumors 6502a

    Joined:
    Mar 25, 2009
    #7
    with ventrillo you have to check off allow app to control your computer
    so i guess that is why I am paranoid.

    as for the keyboard and password thing. it only does the ----------- thing when you first reboot or turn on the computer. once cleared out, it did not do it anymore and it still gave me an incorrect password error.

    after updating the password it did work, and I even rebooted with the bad keyboard and cleared out the ------ with the new pw and it did let me in.

    Thanks for your help, even though i may not have been hacked, I think its best to be safe to just reformat and reinstall.

    If i was hacked i should be able to see something on the activity monitor right?

    Thanks again for your help.

    Since there is no mavericks disc and i don't have a usb stick should i just find the snow leopard disc and use that? Then reinstall mavericks?
     
  8. Hungry&Foolish Suspended

    Joined:
    Mar 29, 2012
    #8
    Shouldn't Command+option+R on bootup, Reinstall?
     
  9. davelanger thread starter macrumors 6502a

    Joined:
    Mar 25, 2009
    #9
    will that wipe the HD clean as well?
     
  10. Hungry&Foolish Suspended

    Joined:
    Mar 29, 2012
    #10
    After Command+option +R, use disk utility to delete.
     
  11. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #11
    Do you use Back To My Mac? Maybe your Apple ID was compromised by the MacRumors hacker. I had a strange message on my phone shortly after the leak was announced, so I quickly changed my password.
     
  12. dean1012 macrumors regular

    Joined:
    Jul 10, 2008
    #12
    I believe it is CMD+R while rebooting to access recovery mode.

    http://support.apple.com/kb/HT4718

    ^^ That says CMD+R.

    Once it boots into recovery mode, use disk utility (accessed from the menu bar at the top) to format Macintosh HD.

    Then, exit disk utility to return to the main screen again then select to reinstall OSX. This will reinstall Mavericks.
     
  13. Hungry&Foolish Suspended

    Joined:
    Mar 29, 2012
    #13
    If the machine shipped with OS X 10.7 or later, you don't need media. It should boot into Internet Recovery mode when you hold down the key combination option-command-R at the startup chime. Release the keys when you see a spinning globe.
    Once booted from the disc or in Internet Recovery, launch Disk Utility and select the icon of the internal drive — not any of the volume icons nested beneath it. In the Partition tab, select the default options: a GUID partition table with one data volume in Mac OS Extended (Journaled) format. This operation will permanently remove all existing data on the drive, which is what you should do.
    After partitioning, quit Disk Utility and run the OS X Installer. When the installation is done, the system will automatically reboot into the Setup Assistant, which will prompt you to transfer the data from another Mac, its backups, or from a Windows computer. If you have any data to transfer, this is usually the best time to do it.

    if yours came with snow leopard,might not work.
     
  14. davelanger thread starter macrumors 6502a

    Joined:
    Mar 25, 2009
    #14
    yeah mine came with snow leopard.

    thanks for your help everyone. i guess to be safe I just am going to wipe and reinstall everything.
     
  15. davelanger, Nov 13, 2013
    Last edited: Nov 13, 2013

    davelanger thread starter macrumors 6502a

    Joined:
    Mar 25, 2009
    #15
    Thanks again for your due diligence. I did try one more thing with the keyboard, and opened up word and typed out the alphabet and the numbers , and it seems like on the keyboard i was using when ever i would type in the 7 it would be a dash after it, that must have been causing the bad password. My new password didn't have a 7 so of course it worked.

    thanks again for all your help. hopefully that was the issue, unless of course someone hacked my keyboard, but now i think I am just being paranoid.

    I am pretty sure it has to do with me cleaning the keyboard with a wipe that contained bleach. I guess that is a bad mix


    I fixed my keychain issue and that also seems to have fixed my mail issue
    the keychain errors must have been blocking my meal
     

Share This Page