An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#34867 - 06/25/15 02:52 PM computer hack
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
OS 10.6.8 Today I tried to download an old movie but a window appeared saying I had suspicious activity and to dial an 800 number which showed "GoToAssist.customer" which resulted in someone purporting to be from apple that everything on my computer was out of commission and that he would run diagnostics. After a few minutes he said that he would extend my warranty for $249 up to $999.00. At that point I knew this guy was phoney but it took me a few minutes to get control because Safari would not accept force quit at first. Has anyone else had this experience? How can you detect a phoney right off the bat? jaybass

Top
#34868 - 06/25/15 03:00 PM Re: computer hack [Re: jaybass]
artie505 Online


Registered: 08/04/09
You didn't give that guy access to your Mac to run his "diagnostics", did you? shocked

Quote:
...a window appeared saying I had suspicious activity...

I'd take that as immediate confirmation that it was phony.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34869 - 06/25/15 05:36 PM Re: computer hack [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
artie, Unfortunately I did give him access. I emailed my bank and gave instructions to stop any transfers or withdrawals so hopefully that should prevent anything disastrous from happening. I have just ran ClamXav and there are no problems.
What else might I do? jaybass

Top
#34870 - 06/25/15 05:50 PM Re: computer hack [Re: jaybass]
artie505 Online


Registered: 08/04/09
There are other posters with far more expertise in this matter than I've got, and I hope some of them will kick in, but my advice is that you run Legacy Download – Little Snitch if you're not already running it.

LS is best described as a reverse firewall, i.e. it prevents calls OUT of your Mac without your permission, and that's effective medicine against a lot of malware. It's got a bit of a learning curve in that you've got to understand what your allowing or denying every time you click on "Allow" or "Deny", but once you've established your basic rules you can coast.

It's a bit pricey, but I imagine that it still allows a trial that, when I used it, necessitated restarting it every two hours.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34871 - 06/25/15 06:11 PM Re: computer hack [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
artie, I will check out L/S and see if I can understand it. Thanks. I'll let you know. jaybass

Top
#34872 - 06/25/15 06:13 PM Re: computer hack [Re: jaybass]
artie505 Online


Registered: 08/04/09
I hope it all works out OK for you. (I wonder if calling your bank [your only financial institution?] would be a better idea than relying on e-mail?)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34873 - 06/26/15 01:59 AM Re: computer hack [Re: jaybass]
artie505 Online


Registered: 08/04/09
Another thought... Have you taken a look in /Applications, /Applications/Utilities, and any other places with which you're familiar to see if anything looks like it maybe doesn't belong?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34874 - 06/26/15 02:02 AM Re: computer hack [Re: jaybass]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: jaybass
How can you detect a phoney right off the bat?

Trust nothing that pops up and advises that your computer has a problem — it's almost certainly a scam. That can be extrapolated to virtually any scenario, including email and telephone calls.
If somebody identifies himself as an Apple rep, then disconnect and call Apple directly to verify and report the intrusion.
Any suggestion that the caller/intruder is "your friend" and is here "to help you" warrants skepticism and very close examination.
"Trust but verify" in the online world is invalid — "Distrust and verify" is the only sound practice.

Top
#34875 - 06/26/15 06:46 AM Re: computer hack [Re: grelber]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
You are so right. My son told me to hold the power button until the computer shuts down if someone has locked your browser. It will not happen again. Thanks grelber. jaybass

Top
#34876 - 06/26/15 06:52 AM Re: computer hack [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
artie, I have checked apps...utilities and there nothing there that doesn't belong and as I said, I ran the latest ClamXav (2.8.1) with no infected files. jaybass

Top
#34877 - 06/26/15 08:24 AM Re: computer hack [Re: jaybass]
Ira L Online


Registered: 08/13/09
Loc: California
You might also monitor certain folders as described in this MacIssues article.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#34878 - 06/26/15 12:02 PM Re: computer hack [Re: jaybass]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: jaybass
artie, I have checked apps…utilities and there nothing there that doesn't belong and as I said, I ran the latest ClamXav (2.8.1) with no infected files. jaybass

ClamX AV, or any other anti-virus or anti-malware for that matter, is useless in this situation. The only viruses it can detect are those that have "signatures" it recognizes and the only "signatures" available to detect are for Windows malware that cannot infect your Mac. Be aware that some malware can lie dormant in your system for months until triggered by an outside signal, so just because there is no immediate indication of infection does not mean you are not infected.

Assuming you are using Time Machine consider booting from the recovery drive, erasing the hard drive, and then restoring from a Time Machine image taken at a point in time PRIOR TO the takeover incident. If you were infected that should get you back to a clean system. Clones that were mounted when the incident occurred could easily have been infected too and I would consider them suspect.

By-the-way your son gave you excellent advice.
_________________________
joemikeb • moderator

Top
#34889 - 06/27/15 06:30 AM Re: computer hack [Re: Ira L]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Ira L
You might also monitor certain folders as described in this MacIssues article.

You can in fact automate that monitoring with the CIRCL automatic launch object detection utility, as mentioned in THE CYBER-SECURITY THREAD about a month ago. tongue
_________________________
alternaut moderator

Top
#34891 - 06/27/15 01:50 PM Re: computer hack [Re: alternaut]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
alternaut, I installed CIRCL-ALOD at your suggestion so I guess that will give me some protection. Unfortunately, I superdupered my HD after the hacking which wasn't too bright. I imagine I will have to wait and see what might happen down the road. Thank you. jaybass

Top
#34902 - 06/29/15 07:21 AM Re: computer hack [Re: jaybass]
Ira L Online


Registered: 08/13/09
Loc: California
Why not do another clone of the now good setup and completely replace the "superdupered" version? Don't wait to see what might happen down the road.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#34906 - 06/29/15 08:20 AM Re: computer hack [Re: Ira L]
artie505 Online


Registered: 08/04/09
jaybass's current setup isn't necessarily good, because it's merely protected from what we know might have happened, not necessarily from what actually did happen.

A restore from a pre-event clone would really be the best alternative...a nuke and pave, second best.

Edit: As things stand, I wouldn't be running without Little Snitch.


Edited by artie505 (06/30/15 01:03 AM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34911 - 06/30/15 09:16 AM Re: computer hack [Re: Ira L]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
Ira, Cloning what I have now wouldn't necessarily help because I don't know if what I have now is malware free. I have spoken to my financial institutions and all passwords have been changed. Reading your post again, how do I know I have a "good setup"? BTW, is there any software available that will detect dormant malware? I'm not too optimistic about that. jaybass

Top
#34913 - 06/30/15 12:56 PM Re: computer hack [Re: jaybass]
artie505 Online


Registered: 08/04/09
Quote:
I have spoken to my financial institutions and all passwords have been changed.

Just be aware that if you've been stuck with a keystroke logger, your new passwords are not protecting you.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34914 - 06/30/15 01:37 PM Re: computer hack [Re: artie505]
jaybass Offline


Registered: 08/04/09
Loc: toronto Canada
artie, Forgive my ignorance, what is a keystroke logger and how if necessary, can I change it? jaybass

Top
#34915 - 06/30/15 02:15 PM Re: computer hack [Re: jaybass]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
A keystroke logger is one of the malware apps that logs every keystroke you enter; obviously it's most useful for delimited strings, such as passwords.
There are many versions of the malware; some are easily available and often used for parental surveillance — which doesn't make it "legitimate".
There's a fair bit of info online; just Google it.

You have to find it (if indeed it's lurking on your machine) in order to remove it.

Top
#34922 - 07/01/15 07:30 AM Re: computer hack [Re: jaybass]
Ira L Online


Registered: 08/13/09
Loc: California
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#34926 - 07/01/15 08:34 AM Re: computer hack [Re: Ira L]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: Ira L
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.

What he (and joemikeb and artie) said. smirk

Top
#34927 - 07/01/15 09:40 AM Re: computer hack [Re: Ira L]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: Ira L
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.

Unfortunately as the OP said earlier, he does not have a time machine backup instead relying on a clone which he updated after the incident and would therefore be infected too.
_________________________
joemikeb • moderator

Top
#34931 - 07/01/15 12:08 PM Re: computer hack [Re: joemikeb]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Where did jaybass say he didn't have a backup (Time Machine or otherwise)? All I got is that he "superdupered" (whatever that is) his hard drive and that was no help (after potential contamination).

Top
#34932 - 07/01/15 12:14 PM Re: computer hack [Re: grelber]
jchuzi Online


Registered: 08/04/09
Loc: New York State
SuperDuper is used for cloning. If jaybass had cloned his system after the damage was done, the clone is just as contaminated.
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, dianne, MacManiac