New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

have i been hacked - dodgy files uploaded!


Post Reply New Thread Subscribe

 
Thread Tools
rke

 
Member Since: Dec 07, 2011
Posts: 4
rke is on a distinguished road

rke is offline
Hi,
Apologies in advance for my lack of technical knowledge here - I am having issue with a mac book pro, a 'friend' recently uploaded some apparent security software on to my mac before i could stop them! (to make browsing safer - they say it is to verify all web sites i visit...?).

Now they won't tell me what it was, what files they have put on or where they are - it is not an antivirus program and so they say, has attached itself to my browser (safari) and will only alert me when I visit a fraudulent site.

I am finding this all hard to believe due to the vagueness of their replies when quizzed - the answers sometimes being it is 'adzilla' or 'akrzilla', (or neither!) both of which look fishy to me on any searches - Adzilla pro is some kind of crypter? The only ref. to akr I could find is some kind of worm for PC? They said they uploaded 3 file, apparently 'dt files', a search in finder reveals nothing i can understand only throwing up lots of system files various and other seemingly irrelevent stuff???

I have scanned with Clam Xav and Sophos and no probs there, but out of desperation using Little Snitch some odd messages (trying not to be paranoid about Little Snitch messages as I know many are quite usual!).

I am most concerned re. usbmuxd connecting to certain sites, even if I ask it to deny it keeps connecting until i shut down and restart - (it seems often to be sites connected with mac like insanely mac). I am only running safari (plus Little snitch and activity monitor which doesn't seem to show anything fishy - though I am not very clued up on all the processes) I have no i-phone and no USB device plugged in, all file sharing, printer sharing etc. is turned off, I have the firewall set to only essential connections.

Other connections include possibly normal configd connecting to ff02::2 and mDSNresponder to various IP (most of which I've blocked - whether this is necessary I don't know?!)
Also nmblooked connects when I use certain applications, eg. when I use text edit or finder - not sure if this is normal but I never use windows file sharing or share this computer on any network.

Safari also connects to a lot of sites eg. doubleclick and cdn.uservoice during minimal browsing? not sure if this is just normal behaviour and adds that are embedded in sites, occasionally I connect to a known site and there is a new 'feedback' tab stuck on the side...this happen to anyone else?
am connecting via home wireless interface, not in an office or anywhere that could be shared.

I am holding off doing a full reinstall if poss. so any info on these issues or ideas on where to look for these rogue files or what they could be would be greatly appreciated...have much appreciated all the useful info on here with trying to work out this issue so far, been trawling the threads...
just wondering too if is there any way a full erase and install would not wipe all traces of anything nasty? Hope not!

Thanks in advance for any help - rke
QUOTE Thanks
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,533
McBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to beholdMcBie is a splendid one to behold
Mac Specs: 2013 MBA 13" - OS X 10.10.1

McBie is offline
Since there is no way for us to have a look at your machine, this becomes complicated ... and then again ... not really.

My suggestion
- Do a full backup of your disk
- Wipe the disk
- Re-install the OS
- Re-install your apps from their original source and update as needed
- Restore the files you need from the backup ... and only those that you know
- Get rid of these " Friends "
- Never again share your Mac with someone else.

Cheers ... McBie

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks
rke

 
Member Since: Dec 07, 2011
Posts: 4
rke is on a distinguished road

rke is offline
Thanks - good advice (especially the 'friends' bit!)
Just one thing, I have a full time machine back up prior to the evil uploading business, I am really holding off doing it as I'm not sure if all my apps will be restored - is it possible to restore all applications from a time machine back up or will many need reinstalling from scratch?
Cheers
rke
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 40,997
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, 3 iPods, Yosemite

chscag is offline
Use the full Time Machine backup to restore before your "friends" decided to help you. Time Machine will restore everything including your apps, settings, and documents. That's what TM is for.

And congratulations on making backups. I wish more folks were as diligent.
QUOTE Thanks
harryb2448

 
harryb2448's Avatar
 
Member Since: Nov 28, 2007
Location: Nambucca Heads Australia
Posts: 18,146
harryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond repute
Mac Specs: iMac i5 2.7GHz, 16GB memory, OS 10.10.1

harryb2448 is offline
And keep 'friends' away from the MacBook Pro. Sounds like a jealous PC user showing how very clever he/she is. As chscag says, restore from TM.

Hang on to those original install discs like grim death! Using OS X.7 or later make a bootable USB thumb drive before running Installer!
QUOTE Thanks
rke

 
Member Since: Dec 07, 2011
Posts: 4
rke is on a distinguished road

rke is offline
Thanks for the advice and support,
Guess I'd better go ahead and erase and restore, hopefully without having to ask for more advice if all goes well!
Cheers
rke
QUOTE Thanks

Post Reply New Thread Subscribe


« switching from OS 10.4.11 to Lion | update to java v7 »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Corrupted files lrd Internet, Networking, and Wireless 5 12-23-2010 03:15 AM
How to Transfer/Backup iPod files (Windows/Mac) fguiytr66 Images, Graphic Design, and Digital Photography 0 10-30-2010 11:31 PM
Recommend useful iPod/iPhone Manager Tools for Winodws and Mac users chaterley00 Web Design and Hosting 0 10-13-2009 01:10 AM

All times are GMT -4. The time now is 11:46 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?