have i been hacked - dodgy files uploaded!

rke


Joined
Dec 7, 2011
Messages
4
Reaction score
0
Points
1
Hi,
Apologies in advance for my lack of technical knowledge here - I am having issue with a mac book pro, a 'friend' recently uploaded some apparent security software on to my mac before i could stop them! (to make browsing safer - they say it is to verify all web sites i visit...?).

Now they won't tell me what it was, what files they have put on or where they are - it is not an antivirus program and so they say, has attached itself to my browser (safari) and will only alert me when I visit a fraudulent site.

I am finding this all hard to believe due to the vagueness of their replies when quizzed - the answers sometimes being it is 'adzilla' or 'akrzilla', (or neither!) both of which look fishy to me on any searches - Adzilla pro is some kind of crypter? The only ref. to akr I could find is some kind of worm for PC? They said they uploaded 3 file, apparently 'dt files', a search in finder reveals nothing i can understand only throwing up lots of system files various and other seemingly irrelevent stuff???

I have scanned with Clam Xav and Sophos and no probs there, but out of desperation using Little Snitch some odd messages (trying not to be paranoid about Little Snitch messages as I know many are quite usual!).

I am most concerned re. usbmuxd connecting to certain sites, even if I ask it to deny it keeps connecting until i shut down and restart - (it seems often to be sites connected with mac like insanely mac). I am only running safari (plus Little snitch and activity monitor which doesn't seem to show anything fishy - though I am not very clued up on all the processes) I have no i-phone and no USB device plugged in, all file sharing, printer sharing etc. is turned off, I have the firewall set to only essential connections.

Other connections include possibly normal configd connecting to ff02::2 and mDSNresponder to various IP (most of which I've blocked - whether this is necessary I don't know?!)
Also nmblooked connects when I use certain applications, eg. when I use text edit or finder - not sure if this is normal but I never use windows file sharing or share this computer on any network.

Safari also connects to a lot of sites eg. doubleclick and cdn.uservoice during minimal browsing? not sure if this is just normal behaviour and adds that are embedded in sites, occasionally I connect to a known site and there is a new 'feedback' tab stuck on the side...this happen to anyone else?
am connecting via home wireless interface, not in an office or anywhere that could be shared.

I am holding off doing a full reinstall if poss. so any info on these issues or ideas on where to look for these rogue files or what they could be would be greatly appreciated...have much appreciated all the useful info on here with trying to work out this issue so far, been trawling the threads...
just wondering too if is there any way a full erase and install would not wipe all traces of anything nasty? Hope not!

Thanks in advance for any help - rke
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Since there is no way for us to have a look at your machine, this becomes complicated ... and then again ... not really.

My suggestion
- Do a full backup of your disk
- Wipe the disk
- Re-install the OS
- Re-install your apps from their original source and update as needed
- Restore the files you need from the backup ... and only those that you know
- Get rid of these " Friends "
- Never again share your Mac with someone else.

Cheers ... McBie
 
OP
R

rke


Joined
Dec 7, 2011
Messages
4
Reaction score
0
Points
1
Thanks - good advice (especially the 'friends' bit!)
Just one thing, I have a full time machine back up prior to the evil uploading business, I am really holding off doing it as I'm not sure if all my apps will be restored - is it possible to restore all applications from a time machine back up or will many need reinstalling from scratch?
Cheers
rke
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Use the full Time Machine backup to restore before your "friends" decided to help you. Time Machine will restore everything including your apps, settings, and documents. That's what TM is for.

And congratulations on making backups. I wish more folks were as diligent.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
And keep 'friends' away from the MacBook Pro. Sounds like a jealous PC user showing how very clever he/she is. As chscag says, restore from TM.
 
OP
R

rke


Joined
Dec 7, 2011
Messages
4
Reaction score
0
Points
1
Thanks for the advice and support,
Guess I'd better go ahead and erase and restore, hopefully without having to ask for more advice if all goes well!
Cheers
rke
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top