#34867 - 06/25/15 02:52 PM
computer hack
|
Registered: 08/04/09
Loc: toronto Canada
|
OS 10.6.8 Today I tried to download an old movie but a window appeared saying I had suspicious activity and to dial an 800 number which showed "GoToAssist.customer" which resulted in someone purporting to be from apple that everything on my computer was out of commission and that he would run diagnostics. After a few minutes he said that he would extend my warranty for $249 up to $999.00. At that point I knew this guy was phoney but it took me a few minutes to get control because Safari would not accept force quit at first. Has anyone else had this experience? How can you detect a phoney right off the bat? jaybass
|
Top
|
|
|
#34868 - 06/25/15 03:00 PM
Re: computer hack
[Re: jaybass]
|
Registered: 08/04/09
|
You didn't give that guy access to your Mac to run his "diagnostics", did you? ...a window appeared saying I had suspicious activity... I'd take that as immediate confirmation that it was phony.
_________________________
The new Great Equalizer is the SEND button.
In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
Top
|
|
|
#34869 - 06/25/15 05:36 PM
Re: computer hack
[Re: artie505]
|
Registered: 08/04/09
Loc: toronto Canada
|
artie, Unfortunately I did give him access. I emailed my bank and gave instructions to stop any transfers or withdrawals so hopefully that should prevent anything disastrous from happening. I have just ran ClamXav and there are no problems. What else might I do? jaybass
|
Top
|
|
|
#34870 - 06/25/15 05:50 PM
Re: computer hack
[Re: jaybass]
|
Registered: 08/04/09
|
There are other posters with far more expertise in this matter than I've got, and I hope some of them will kick in, but my advice is that you run Legacy Download – Little Snitch if you're not already running it. LS is best described as a reverse firewall, i.e. it prevents calls OUT of your Mac without your permission, and that's effective medicine against a lot of malware. It's got a bit of a learning curve in that you've got to understand what your allowing or denying every time you click on "Allow" or "Deny", but once you've established your basic rules you can coast. It's a bit pricey, but I imagine that it still allows a trial that, when I used it, necessitated restarting it every two hours.
_________________________
The new Great Equalizer is the SEND button.
In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
Top
|
|
|
#34871 - 06/25/15 06:11 PM
Re: computer hack
[Re: artie505]
|
Registered: 08/04/09
Loc: toronto Canada
|
artie, I will check out L/S and see if I can understand it. Thanks. I'll let you know. jaybass
|
Top
|
|
|
#34872 - 06/25/15 06:13 PM
Re: computer hack
[Re: jaybass]
|
Registered: 08/04/09
|
I hope it all works out OK for you. (I wonder if calling your bank [your only financial institution?] would be a better idea than relying on e-mail?)
_________________________
The new Great Equalizer is the SEND button.
In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
Top
|
|
|
#34873 - 06/26/15 01:59 AM
Re: computer hack
[Re: jaybass]
|
Registered: 08/04/09
|
Another thought... Have you taken a look in /Applications, /Applications/Utilities, and any other places with which you're familiar to see if anything looks like it maybe doesn't belong?
_________________________
The new Great Equalizer is the SEND button.
In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
Top
|
|
|
#34874 - 06/26/15 02:02 AM
Re: computer hack
[Re: jaybass]
|
Registered: 08/05/09
Loc: North of 49th ||
|
How can you detect a phoney right off the bat? Trust nothing that pops up and advises that your computer has a problem — it's almost certainly a scam. That can be extrapolated to virtually any scenario, including email and telephone calls. If somebody identifies himself as an Apple rep, then disconnect and call Apple directly to verify and report the intrusion. Any suggestion that the caller/intruder is "your friend" and is here "to help you" warrants skepticism and very close examination. "Trust but verify" in the online world is invalid — "Distrust and verify" is the only sound practice.
|
Top
|
|
|
#34875 - 06/26/15 06:46 AM
Re: computer hack
[Re: grelber]
|
Registered: 08/04/09
Loc: toronto Canada
|
You are so right. My son told me to hold the power button until the computer shuts down if someone has locked your browser. It will not happen again. Thanks grelber. jaybass
|
Top
|
|
|
#34876 - 06/26/15 06:52 AM
Re: computer hack
[Re: artie505]
|
Registered: 08/04/09
Loc: toronto Canada
|
artie, I have checked apps...utilities and there nothing there that doesn't belong and as I said, I ran the latest ClamXav (2.8.1) with no infected files. jaybass
|
Top
|
|
|
#34877 - 06/26/15 08:24 AM
Re: computer hack
[Re: jaybass]
|
Registered: 08/13/09
Loc: California
|
You might also monitor certain folders as described in this MacIssues article.
_________________________
On a Mac since 1984. Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!
|
Top
|
|
|
#34878 - 06/26/15 12:02 PM
Re: computer hack
[Re: jaybass]
|
Moderator
Registered: 08/04/09
Loc: Fort Worth, Texas
|
artie, I have checked apps…utilities and there nothing there that doesn't belong and as I said, I ran the latest ClamXav (2.8.1) with no infected files. jaybass ClamX AV, or any other anti-virus or anti-malware for that matter, is useless in this situation. The only viruses it can detect are those that have "signatures" it recognizes and the only "signatures" available to detect are for Windows malware that cannot infect your Mac. Be aware that some malware can lie dormant in your system for months until triggered by an outside signal, so just because there is no immediate indication of infection does not mean you are not infected. Assuming you are using Time Machine consider booting from the recovery drive, erasing the hard drive, and then restoring from a Time Machine image taken at a point in time PRIOR TO the takeover incident. If you were infected that should get you back to a clean system. Clones that were mounted when the incident occurred could easily have been infected too and I would consider them suspect. By-the-way your son gave you excellent advice.
_________________________
joemikeb • moderator
|
Top
|
|
|
#34891 - 06/27/15 01:50 PM
Re: computer hack
[Re: alternaut]
|
Registered: 08/04/09
Loc: toronto Canada
|
alternaut, I installed CIRCL-ALOD at your suggestion so I guess that will give me some protection. Unfortunately, I superdupered my HD after the hacking which wasn't too bright. I imagine I will have to wait and see what might happen down the road. Thank you. jaybass
|
Top
|
|
|
#34902 - 06/29/15 07:21 AM
Re: computer hack
[Re: jaybass]
|
Registered: 08/13/09
Loc: California
|
Why not do another clone of the now good setup and completely replace the "superdupered" version? Don't wait to see what might happen down the road.
_________________________
On a Mac since 1984. Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!
|
Top
|
|
|
#34906 - 06/29/15 08:20 AM
Re: computer hack
[Re: Ira L]
|
Registered: 08/04/09
|
jaybass's current setup isn't necessarily good, because it's merely protected from what we know might have happened, not necessarily from what actually did happen.
A restore from a pre-event clone would really be the best alternative...a nuke and pave, second best.
Edit: As things stand, I wouldn't be running without Little Snitch.
Edited by artie505 (06/30/15 01:03 AM)
_________________________
The new Great Equalizer is the SEND button.
In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
Top
|
|
|
#34911 - 06/30/15 09:16 AM
Re: computer hack
[Re: Ira L]
|
Registered: 08/04/09
Loc: toronto Canada
|
Ira, Cloning what I have now wouldn't necessarily help because I don't know if what I have now is malware free. I have spoken to my financial institutions and all passwords have been changed. Reading your post again, how do I know I have a "good setup"? BTW, is there any software available that will detect dormant malware? I'm not too optimistic about that. jaybass
|
Top
|
|
|
#34913 - 06/30/15 12:56 PM
Re: computer hack
[Re: jaybass]
|
Registered: 08/04/09
|
I have spoken to my financial institutions and all passwords have been changed. Just be aware that if you've been stuck with a keystroke logger, your new passwords are not protecting you.
_________________________
The new Great Equalizer is the SEND button.
In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
Top
|
|
|
#34914 - 06/30/15 01:37 PM
Re: computer hack
[Re: artie505]
|
Registered: 08/04/09
Loc: toronto Canada
|
artie, Forgive my ignorance, what is a keystroke logger and how if necessary, can I change it? jaybass
|
Top
|
|
|
#34915 - 06/30/15 02:15 PM
Re: computer hack
[Re: jaybass]
|
Registered: 08/05/09
Loc: North of 49th ||
|
A keystroke logger is one of the malware apps that logs every keystroke you enter; obviously it's most useful for delimited strings, such as passwords. There are many versions of the malware; some are easily available and often used for parental surveillance — which doesn't make it "legitimate". There's a fair bit of info online; just Google it.
You have to find it (if indeed it's lurking on your machine) in order to remove it.
|
Top
|
|
|
#34922 - 07/01/15 07:30 AM
Re: computer hack
[Re: jaybass]
|
Registered: 08/13/09
Loc: California
|
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem.
_________________________
On a Mac since 1984. Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!
|
Top
|
|
|
#34926 - 07/01/15 08:34 AM
Re: computer hack
[Re: Ira L]
|
Registered: 08/05/09
Loc: North of 49th ||
|
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem. What he (and joemikeb and artie) said. 
|
Top
|
|
|
#34927 - 07/01/15 09:40 AM
Re: computer hack
[Re: Ira L]
|
Moderator
Registered: 08/04/09
Loc: Fort Worth, Texas
|
Perhaps the safest thing to do all around is to follow the advice posted above: restore everything from a (Time Machine?) backup that was prior to your problem. Unfortunately as the OP said earlier, he does not have a time machine backup instead relying on a clone which he updated after the incident and would therefore be infected too.
_________________________
joemikeb • moderator
|
Top
|
|
|
#34931 - 07/01/15 12:08 PM
Re: computer hack
[Re: joemikeb]
|
Registered: 08/05/09
Loc: North of 49th ||
|
Where did jaybass say he didn't have a backup (Time Machine or otherwise)? All I got is that he "superdupered" (whatever that is) his hard drive and that was no help (after potential contamination).
|
Top
|
|
|
#34932 - 07/01/15 12:14 PM
Re: computer hack
[Re: grelber]
|
Registered: 08/04/09
Loc: New York State
|
SuperDuper is used for cloning. If jaybass had cloned his system after the damage was done, the clone is just as contaminated.
_________________________
Jon
OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
Top
|
|
|
|
|