My Mac got hacked.

Similar Messages

• My Mac got hacked. I was working on a word document when the computer suddenly started typing meaningful sentences on its own that describes how the hacker is skillful. At the that time I was on a password protected wifi and file sharing was off.

  This is the first time I get hacked this bad. I was working on a microsoft word document when the computer suddenly started typing meaningful sentences on its own that describes how skillfull the hacker is. At the that time I was on a friends wifi network that is password protected (not sure about the encyrption), the Os X Firewall was on. I was using the admin profile, however, file sharing was off. I'm very careful not to install any suspecious 3rd party software.
  So far I have verified permissions and fixed some errors there, and changed passwords.
  Do I have to erase/format my computer and reinstall the Os? If so is it adequte to use the internet recovery tool or will it use old and possibly infected EFI/Root files?
  Would appreciate the advice of all the Mac experts out there. Thanks

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac. 
  These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing. 
  Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects. 
  Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it. The headings “Step 1” and so on are not part of the commands. 
  Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply. 
  Launch the Terminal application in any of the following ways: 
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.) 
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens. 
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid. 
  When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign. 
  Step 1 
  Triple-click anywhere in the line of text below on this page to select it:
  kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' | open -ef
  Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste (command-V). I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window will open with the output of the command. If the command produced no output, the window will be empty. Post the contents of the TextEdit window (not the Terminal window), if any — the text, please, not a screenshot. You can then close the TextEdit window. The title of the window doesn't matter, and you don't need to post that. No typing is involved in this step.
  Step 2 
  Repeat with this line:
  { sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}'; echo; sudo launchctl getenv DYLD_INSERT_LIBRARIES; echo; sudo defaults read com.apple.loginwindow LoginHook; echo; sudo crontab -l; } 2> /dev/null | open -ef
  This time you'll be prompted for your login password, which you do have to type. Nothing will be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator. 
  Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step. 
  Step 3
  { launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)/{print $3}'; echo; launchctl getenv DYLD_INSERT_LIBRARIES; echo; crontab -l 2> /dev/null; } | open -ef
  Step 4
  ls -A /e*/{cr,la,mach}* {,/}Lib*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts .la* 2> /dev/null | open -ef
  Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting. 
  Step 5
  osascript -e 'tell application "System Events" to get name of login items' | open -ef
  Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output. 
  You can then quit Terminal.

• My mac and iPhone 6  has been hacked! foresure! Antivirus sentinel pro from apple store detected apr or arp spoofing, thereafter Antivirus protection also got hacked, I turn network monitoring on they turn off like 3 times then they close Antivirus

  my mac and iPhone 6  has been hacked! foresure! Antivirus sentinel pro from apple store detected apr or arp spoofing, thereafter Antivirus protection also got hacked, I turn network monitoring on they turn off everytime then they close Antivirus for good, also Google.com is being imitated and not showing a true certificate (apr spoofing)?.these guys r good! I erased and reinstall Yosemite changed all passwords even on the wifi...could be wifi sniffing? I got Kaspersky hoping to use virtual keyboard for passwords and Kaspersky is comprised too..the virtual keyboard doesn't work it freezes up not allowing me to enter password. So I Uninstall and reinstall Kaspersky, so now I have problem with reinstall that doesn't work, then way later that day it is reinstalled..not over yet..that virtual keyboard now pops up randomly wanting me to use password? seems like they can copy anything real fast for i have to enter info like 2 or 3 times, never had that problem before. I'm thinking about going old school with paper docs and checks..yes technology ***...too vulnerable. .on the news they said 97% of businesses are hacked! can someone help me to counter this attack? thx
  Message was edited by: technologysux

  You have not been hacked. Get rid of all that antivirus. It is just making your life harder.

• Please any ideas on how I got hacked

  Hello,
  I would like to know how it could be possible I got hacked. The hackers defaced the company website with a custom html file. I do not allow FTP, or SSH, just AFP.
  There were no AFP logs at the time the files were "uploaded" Here are some entries form my log.
  /var/log/httpd/access_log.1202342400:88.230.101.222 - - [07/Feb/2008:16:19:34 -0500] "PUT /zk.txt HTTP/1.0" 201 250
  /var/log/httpd/access_log.1202342400:88.251.250.240 - - [07/Feb/2008:16:33:29 -0500] "PUT /folio.asp HTTP/1.0" 201 253
  /var/log/httpd/access_log.1202342400:78.176.236.85 - - [07/Feb/2008:16:41:03 -0500] "PUT /testhost.htm HTTP/1.1" 201 268
  /var/log/httpd/access_log.1202342400:78.176.236.85 - - [07/Feb/2008:16:42:09 -0500] "PUT /index.html HTTP/1.1" 201 266
  /var/log/httpd/access_log.1202342400:78.176.236.85 - - [07/Feb/2008:16:42:14 -0500] "PUT /index.html HTTP/1.1" 204 0
  /var/log/httpd/access_log.1202342400:78.176.236.85 - - [07/Feb/2008:16:42:33 -0500] "PUT /index.html HTTP/1.1" 204 0
  /var/log/httpd/access_log.1202342400:88.238.249.221 - - [07/Feb/2008:16:44:51 -0500] "PUT /testhost.htm HTTP/1.1" 204 0
  The index.html is the one that did the damage. Any ideas how they PUT files on my server. My gut says a php exploit. I turned off allowurlfopen, could that have been the hole?
  Any ideas would be appreciated.

  That your web server was able to write into the web directories was probably the central configuration issue here. This is a Really Bad Idea. The web server can and should have read access, and should not have ownership nor write access, save to specified and potentially protected subdirectories, and then only as required.
  The usual trigger with php vulnerabilities is down-revision software; a php-based package that is insecure. Either due to long-standing bugs that have been found, or due to a failure to maintain a current version of the software. (The CMS systems I'm fond of do require some diligence around staying current.)
  php code needs to validate its input. More than a few folks do try to jam unexpected data into the php code, seeking to cause it to perform untoward acts. If you review your logs, you'll probably find evidence of cross-site scripting attacks, too. Here's the [Wikipedia XSS|http://en.wikipedia.org/wiki/Cross-site_scripting] article.
  There are any number of other attacks against php code, and web masters will tend to use the conf configuration file or the .htaccess file to try to protect against various of these. There are gremlins around the net that look for weak php mail scripts, etc.
  As for testing against PUT, look to use +curl --upload-file+ at the shell. There are other ways to do this, though curl is among those built into Mac OS X Server. (telnet, too, can issue PUT, but that's too much like work.)

• I got hacked and someone was using my mouse how can i be protected?

  I resentrly got hacked. someone was using my mouse and was going to reload a website. i could not move my mouse but i could see my mouse moving. how can I be protected?

  well a simpler and less "evil" possibility is a wireless mouse or some other signal interfering.  Are you using a blutooth or other wireless mouse?
  If you don't have any sharing turned on, it would take a pretty advanced hacker to gain control of your mac.
  If you don't have remote login turned on, or screen sharing, or file sharing, it would be very very hard to do.  But nothing's impossible.....

• My iTunes downloads were made using my old gmail address.  I had to quit using this email address as it got hacked.  I created a new gmail account.  How can I get my iTunes downloads into the new gmail account?

  My iTunes downloads were made using my old gmail address.  I had to quit using this address  as it got hacked.  How do I get my iTunes downloads into my new iTunes account that was created with a new gmail address?  In my old iTunes account (with the old gmail address,  I can't 'update' my email address or even 'add an alternate address' as I had already created this gmail account and inputting the new address into iTunes gives me the 'pop-up' that 'this account is already in use.'   Advice please!

  Good luck. It took me weeks to fix this when I had to do it. Your old ID branches out in lots of places. You may have to delete app and get them again, at least that is what Apple told me. Plus, all of your settings on your iPad that required any ID, will have to be changed. My old ID kept showing up in different places for weeks. Changing it on Apple.com is just the beginning.

• Windows 8.1 Installation On Mac - Got a Problem

  Windows 8.1 Installation On Mac - Got a Problem
  Hi everyone,
  I'v researched a lot about installing Win on Mac but I still got a problem when everything seems to be fine.
  I got a Macbook Pro Retina, Late 2013 with OSX Mavericks and Bootcamp 5 installed on. And for installing windows, I already got an empty 8GB USB Drive formatted as MS-DOS (FAT32). And I've prepared Windows 8.1 ISO in my Downloads folder.
  During my last effort, I opened Bootcamp Assist and then Chose the options: "Create Windows 7 or later version installation disk" and "Download the latest windows support software from Apple". Then I chose my Windows 8.1 ISO location and my destination. When it finished ,I was expecting it to run windows setup. But it closed and nothing happened
  When I opened BootCamp again, only the first two options were available as before and "Install or remove Windows 7 or later" wasn't.
  Now ,what do I have to do exactly? (NOTE: I'm not a professional. So please answer in a simple way. )
  Should I restart the Mac and Hold OPTION while booting to run Windows setup? I was thinking about it but I thought I might screw it up all. So I decided to ask it here to be sure.
  Any help will be appreciated by heart!

  Hi Alcatrax,
  I would recommend following the steps in this link in order to help you complete your installation of Boot Camp:
  Boot Camp Help: Install Windows on your Mac
  https://help.apple.com/bootcamp/mac/5.0/help/#apdecf0e4b6-b472-438d-881e-57c230b 1c250
  Prepare your Mac for Windows
  Boot Camp Assistant helps prepare your Mac for Windows by creating a new partition for Windows and then starting the Windows installer. Optionally, you can install Windows using an external USB drive that contains a Windows ISO image downloaded from Microsoft and Windows support software.
  Important: If you’re using a portable computer, connect the power adapter before continuing.
  Insert an external drive into the USB port on your Mac and keep it inserted while you install Windows and Windows support software.
  Open Boot Camp Assistant, located in the Other folder in Launchpad.
  Select the option to install Windows, select other options you need, then click Continue.
  Here are the other options you can choose:
  If you want to install Windows from an external USB drive and you have a Windows ISO image, select the option to copy the image to an external USB drive. If this option isn’t available, your Mac doesn’t support installing Windows from an external USB drive.
  If you haven’t already downloaded the Windows support software for your Mac, select the option to download it. In a later step, you’ll install the Windows support software on your Windows partition.
  Follow the onscreen instructions for the options you selected.
  When you’re asked to create a Windows partition, specify a partition size. If you have multiple hard drives in your computer, you can select a different hard drive and create a single partition on that drive, so that the drive is solely used for Windows.
  Note: You can’t resize the partition later.
  If you need help determining the best size for your Windows partition, refer to your Windows installer documentation. For Windows 8, create a partition that is at least 30 GB.
  In a later step, you’ll format the Windows partition.
  If you are using an installation disc for the 64-bit version of Windows, insert it into the optical drive in your Mac or the external optical drive. Otherwise, keep the external USB drive with the 64-bit version of Windows inserted.
  Click Install.
  Boot Camp Assistant creates the Windows partition, restarts your Mac, then opens the Windows installer.
  Thanks for being a part of the Apple Support Communities!
  Regards,
  Braden

• My mac got too slow within certain minutes

  Hello,
  I've got a huge problem with my iMac: -
  iMac from 2012
  8GB Ram
  3,4 GHz i7 Quadcore
  1 TB hard disk
  AMD HD 6970M 2GB
  - within only minutes, my mac got unbelievable slow. Way too slow.
  Certain examples:
  My mac isn't able to show the clock on the dashboard fluently, that means, the second hand does two steps, and then the mac stops for 10-15 seconds. The again two steps, then it stops again..
  My mac is useless. After every click with the mouse, the colored circle comes up, and I have to wait for 10-15 seconds.
  I didn't change anything when this problem comes up. On the harddisk is more than 25% free space.
  I am absolutely confused and frustrated.
  I should tell you, that my windows partition on the Mac hard disc works without any problems, so actually the problem cannot be any hardware issues... I think..
  Please, Please help me, I need my mac.
  Greetings
  Tim

  Launch the Console application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
  The title of the Console window should be All Messages. If it isn't, select
            SYSTEM LOG QUERIES ▹ All Messages
  from the log list on the left. If you don't see that list, select
            View ▹ Show Log List
  from the menu bar at the top of the screen. Click the Clear Display icon in the toolbar. Then take one of the actions that you're having trouble with. Select any messages that appear in the Console window. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
  The log contains a vast amount of information, almost all of which is irrelevant to solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
  Please don't indiscriminately dump thousands of lines from the log into this discussion.
  Please don't post screenshots of log messages—post the text.
  Some private information, such as your name, may appear in the log. Anonymize before posting.

• My mac got slow suddenly.... how to clean wanted files????

  My mac got slow suddenly.... i think too much buildup of cache (i am a ex-windows user).... how to clean wanted files and make my Macbook to run again like a horse?????

  #12 here for cleaning the caches with OnyX
  ..Step by Step to fix your Mac
  If you want to make it and keep it fast
  Why is my computer slow?
  How to safely defrag a Mac's hard drive

• Old computer with iTunes got hacked, now iPod needs "restore"...HELP!!!

  I have an 80G iPod video, and had about 3800 songs on there. I had everything backed up on iTunes, but the computer got hacked and permanently shut down. I figured, okay, I just won't ever add anything to my iPod again, because I don't want to connect it to a new computer and lose all of my songs. I could live with those songs for a while.
  Well, the other night my iPod froze, and when I tried to reset it, it popped up with a message that said "Please connect to iTunes to restore." And won't let me do anything. I've reset it a bunch of times before, but I've never seen this message before.
  My main concern is losing 8 years worth of music. Is there ANY way to connect this iPod to a computer and save all of my music?
  Thanks,
  kirstin

  Sounds to me like you mistakenly thought that the iPod would transfer its contents back to your iTunes library on your new computer.
  This is not the case. iTunes --> iPod was specifically designed as a one way transfer.
  It sounds like you've replaced the contents of your iPod with the contents of your new (nearly empty) iTunes library.
  If this is the case, then your songs are gone. No way around that unless you can get access to your old dead computer and bring it back to life.
  Seems Apple doesn't want me calling them, because I can find no number anywhere.
  The contact information for Apple is on this page:
  http://www.apple.com/contact/
  I don't think they will be of any help with this, but you could always call them anyway. Since your iPod is most likely out of warranty, there will probable be a fee to talk to technical support about your problem.

• I got hacked and I lost $25 from a app, how do I get my money back and delete the app from my purchases?

  I got hacked and I lost $25 from a app, how do I get my money back and delete the app from my purchases?

  Click here and ask the iTunes Store staff for assistance.
  (103424)

• Skype got hacked - charged by someone in Taiwan

  Found out a charge for $29.99 was made using my paypal to Skype yesterday.  Somehow someone got into my account and used the paypal information I had on record from years ago when I used to use Skype to charge money to the account.  I haven't used Skype for a long time.
  Apparently, there are many others who got hacked as seen in this post:
  http://community.skype.com/t5/Payments-and-Billing/Payment-to-Skype-Communications-Sarl/td-p/268842
  and the one responded to here:
  http://community.skype.com/t5/Security-Privacy-Trust-and/Payment-Scam/m-p/1321876#U1321876
  The great thing is that when I go into my account, I can't cancel the subscription so my paypal information will be deleted from my account.  In the walkthrough on how to do this it says there is a link called "cancel subscription" under the "change payment method", but there isn't one in mine.  It only has the change payment method link.
  I would prefer to just have my entire Skype account deleted, but apparently that is not possible (which is total b.s.).  Is there any way someone at Skype can delete the payment information from my account for me?  I'd prefer to not have my money stolen because your system got hacked.

  you can visit the link below for suggestions regarding hacked/compromised accounts;
  http://community.skype.com/t5/Security-Privacy-Trust-and/Suggestions-on-how-to-handle-Hacked-Skype-A...
  IF YOU FOUND OUR POST USEFUL THEN PLEASE GIVE "KUDOS". IF IT HELPED TO FIX YOUR ISSUE PLEASE MARK IT AS A "SOLUTION" TO HELP OTHERS. THANKS!
  ALTERNATIVE SKYPE DOWNLOAD LINKS | HOW TO RECORD SKYPE VIDEO CALLS | HOW TO HANDLE SUSPICIOS CALLS AND MESSAGES
  SEE MORE TIPS, TRICKS, TUTORIALS AND UPDATES in
  | skypefordummies.blogspot.com | 

• We got hacked and don't know what to do but we want our money back

  Hello,we got hacked and don't know what to do please help us.but we want our money back

  What got hacked?
  Money back from what?
  You have provided no information at all about your issue, other than "we got hacked".
  This is very, very vague.

• Account got hacked (hacker changed Email)

  Okay well about 2 months ago my hotmail account got hacked
  and basically the person hacked my apple email (using my remote location to first lock my ipod touch but i got rid of it but then i noticed
  2-3months after i have lots of trouble getting my email account back that my account for apple email was changed basically its got app's i bought on it and my bank card on it i dont think he can buy anything without my 3 digit thing for my bank card but is there any way to get it back? =[ i got logs in my email saying about it got changed blabla =[

  Try editing your account to change the email address. The following provides information on how to do various things with you ID.
  Frequently Asked Questions About Apple ID
  You can also contact iTunes:
  Apple - Support - iTunes - Contact Us

• Got hacked.. how do i get back my account!?

  My Ipad is asking me my old iCloud password since the latest update and i just can't log in with my password i perfectly KNOW is the right one so i clearly got hacked. Next thing is when i try to reset my password it just wont send it to my email account (i tried like 21905 times) i never receive the email. On top of that when i try to reset with my security question i't wont even let me answer it because my birthday date is not the right one .. yeah i use to forget my birthday date sometime.. rofl.. So.. how the **** can i get back my account so i can delete it and use my ipad back? Is there any way i can send an email to apple by the way? or do i really have to talk with their customer service?

  If you have a current ID that was created by revising this old ID (rather than creating it from scratch), do the following:
  Make sure you are signed into iMessage and FaceTime with your current ID.  If they are signed into the old ID, go to Settings>Messages>Send & Receive and Settings>FaceTime, tap the ID, sign out, then sign back in with your current ID.
  Then temporarily recreate the old ID by going to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  (You should not have to verify the old email account so it doesn’t matter if you no longer have access to it.)  Now go to Settings>iCloud, turn off Find My iDevice and enter your current password when prompted (even though it prompts you for the password for your old ID).  Then save any photo stream photos that you wish to keep to your camera roll (unless using iCloud Photo Library).  When finished goThen go to Settings>iCloud, tap Sign Out (or Delete Account if you are not running iOS 8) and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address back to the way it was.  Now you can go to Settings>iCloud and sign back in with your current iCloud ID and password (your data will download back to your device).