An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 1 of 2 1 2
computer hack
#34867 06/25/15 09:52 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
OS 10.6.8 Today I tried to download an old movie but a window appeared saying I had suspicious activity and to dial an 800 number which showed "GoToAssist.customer" which resulted in someone purporting to be from apple that everything on my computer was out of commission and that he would run diagnostics. After a few minutes he said that he would extend my warranty for $249 up to $999.00. At that point I knew this guy was phoney but it took me a few minutes to get control because Safari would not accept force quit at first. Has anyone else had this experience? How can you detect a phoney right off the bat? jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34868 06/25/15 10:00 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
You didn't give that guy access to your Mac to run his "diagnostics", did you? shocked

Quote:
...a window appeared saying I had suspicious activity...

I'd take that as immediate confirmation that it was phony.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: computer hack
artie505 #34869 06/26/15 12:36 AM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
artie, Unfortunately I did give him access. I emailed my bank and gave instructions to stop any transfers or withdrawals so hopefully that should prevent anything disastrous from happening. I have just ran ClamXav and there are no problems.
What else might I do? jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34870 06/26/15 12:50 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
There are other posters with far more expertise in this matter than I've got, and I hope some of them will kick in, but my advice is that you run Legacy Download – Little Snitch if you're not already running it.

LS is best described as a reverse firewall, i.e. it prevents calls OUT of your Mac without your permission, and that's effective medicine against a lot of malware. It's got a bit of a learning curve in that you've got to understand what your allowing or denying every time you click on "Allow" or "Deny", but once you've established your basic rules you can coast.

It's a bit pricey, but I imagine that it still allows a trial that, when I used it, necessitated restarting it every two hours.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: computer hack
artie505 #34871 06/26/15 01:11 AM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
artie, I will check out L/S and see if I can understand it. Thanks. I'll let you know. jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34872 06/26/15 01:13 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I hope it all works out OK for you. (I wonder if calling your bank [your only financial institution?] would be a better idea than relying on e-mail?)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: computer hack
jaybass #34873 06/26/15 08:59 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Another thought... Have you taken a look in /Applications, /Applications/Utilities, and any other places with which you're familiar to see if anything looks like it maybe doesn't belong?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: computer hack
jaybass #34874 06/26/15 09:02 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: jaybass
How can you detect a phoney right off the bat?

Trust nothing that pops up and advises that your computer has a problem — it's almost certainly a scam. That can be extrapolated to virtually any scenario, including email and telephone calls.
If somebody identifies himself as an Apple rep, then disconnect and call Apple directly to verify and report the intrusion.
Any suggestion that the caller/intruder is "your friend" and is here "to help you" warrants skepticism and very close examination.
"Trust but verify" in the online world is invalid — "Distrust and verify" is the only sound practice.

Re: computer hack
grelber #34875 06/26/15 01:46 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
You are so right. My son told me to hold the power button until the computer shuts down if someone has locked your browser. It will not happen again. Thanks grelber. jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
artie505 #34876 06/26/15 01:52 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
artie, I have checked apps...utilities and there nothing there that doesn't belong and as I said, I ran the latest ClamXav (2.8.1) with no infected files. jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34877 06/26/15 03:24 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
You might also monitor certain folders as described in this MacIssues article.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: computer hack
jaybass #34878 06/26/15 07:02 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: jaybass
artie, I have checked apps…utilities and there nothing there that doesn't belong and as I said, I ran the latest ClamXav (2.8.1) with no infected files. jaybass

ClamX AV, or any other anti-virus or anti-malware for that matter, is useless in this situation. The only viruses it can detect are those that have "signatures" it recognizes and the only "signatures" available to detect are for Windows malware that cannot infect your Mac. Be aware that some malware can lie dormant in your system for months until triggered by an outside signal, so just because there is no immediate indication of infection does not mean you are not infected.

Assuming you are using Time Machine consider booting from the recovery drive, erasing the hard drive, and then restoring from a Time Machine image taken at a point in time PRIOR TO the takeover incident. If you were infected that should get you back to a clean system. Clones that were mounted when the incident occurred could easily have been infected too and I would consider them suspect.

By-the-way your son gave you excellent advice.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: computer hack
Ira L #34889 06/27/15 01:30 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Ira L
You might also monitor certain folders as described in this MacIssues article.

You can in fact automate that monitoring with the CIRCL automatic launch object detection utility, as mentioned in THE CYBER-SECURITY THREAD about a month ago. tongue


alternaut moderator
Re: computer hack
alternaut #34891 06/27/15 08:50 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
alternaut, I installed CIRCL-ALOD at your suggestion so I guess that will give me some protection. Unfortunately, I superdupered my HD after the hacking which wasn't too bright. I imagine I will have to wait and see what might happen down the road. Thank you. jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34902 06/29/15 02:21 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Why not do another clone of the now good setup and completely replace the "superdupered" version? Don't wait to see what might happen down the road.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: computer hack
Ira L #34906 06/29/15 03:20 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
jaybass's current setup isn't necessarily good, because it's merely protected from what we know might have happened, not necessarily from what actually did happen.

A restore from a pre-event clone would really be the best alternative...a nuke and pave, second best.

Edit: As things stand, I wouldn't be running without Little Snitch.

Last edited by artie505; 06/30/15 08:03 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: computer hack
Ira L #34911 06/30/15 04:16 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Ira, Cloning what I have now wouldn't necessarily help because I don't know if what I have now is malware free. I have spoken to my financial institutions and all passwords have been changed. Reading your post again, how do I know I have a "good setup"? BTW, is there any software available that will detect dormant malware? I'm not too optimistic about that. jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34913 06/30/15 07:56 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Quote:
I have spoken to my financial institutions and all passwords have been changed.

Just be aware that if you've been stuck with a keystroke logger, your new passwords are not protecting you.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: computer hack
artie505 #34914 06/30/15 08:37 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
artie, Forgive my ignorance, what is a keystroke logger and how if necessary, can I change it? jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: computer hack
jaybass #34915 06/30/15 09:15 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
A keystroke logger is one of the malware apps that logs every keystroke you enter; obviously it's most useful for delimited strings, such as passwords.
There are many versions of the malware; some are easily available and often used for parental surveillance — which doesn't make it "legitimate".
There's a fair bit of info online; just Google it.

You have to find it (if indeed it's lurking on your machine) in order to remove it.

Re: computer hack
jaybass #34922 07/01/15 02:30 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: computer hack
Ira L #34926 07/01/15 03:34 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: Ira L
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.

What he (and joemikeb and artie) said. smirk

Re: computer hack
Ira L #34927 07/01/15 04:40 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: Ira L
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.

Unfortunately as the OP said earlier, he does not have a time machine backup instead relying on a clone which he updated after the incident and would therefore be infected too.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: computer hack
joemikeb #34931 07/01/15 07:08 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Where did jaybass say he didn't have a backup (Time Machine or otherwise)? All I got is that he "superdupered" (whatever that is) his hard drive and that was no help (after potential contamination).

Re: computer hack
grelber #34932 07/01/15 07:14 PM
Joined: Aug 2009
Likes: 7
Offline

Joined: Aug 2009
Likes: 7
SuperDuper is used for cloning. If jaybass had cloned his system after the damage was done, the clone is just as contaminated.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Page 1 of 2 1 2

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.044s Queries: 65 (0.030s) Memory: 0.7046 MB (Peak: 0.8798 MB) Data Comp: Zlib Server Time: 2024-03-29 08:09:52 UTC
Valid HTML 5 and Valid CSS