I'm being hacked
Earlier this evening, I was on a site when the video I was watching (not touching the computer, btw) disappeared and a toolbar with, among other things, Twitter and Facebook, appeared. I tried to use my cursor but it quickly became obvious that someone else was controlling it when it went to iCal and started to poke around there. I turned off the computer instantly.
My son, who knows pcs (but not Macs) suggested I try to disable ipv6 and then look into how to secure a Mac.
I turned on my computer a few minutes later (logged into a different identity) and searched for how to turn off ipv6 but lost control of the cursor again and Garageband started loading. I turned off the computer again and left it off until now (about 3 hours later).
This time I followed the instructions re ipv6 (in Systems Preference/Network/ICP/IP where the drop down box is greyed out and can't be used.
I guess my hacker has gone to bed because he's not back, yet, but probably will be soon. My son says he is probably just a kid fooling around but he is a serious problem to me and it could get worse.
So what do I do, now?
\
My son, who knows pcs (but not Macs) suggested I try to disable ipv6 and then look into how to secure a Mac.
I turned on my computer a few minutes later (logged into a different identity) and searched for how to turn off ipv6 but lost control of the cursor again and Garageband started loading. I turned off the computer again and left it off until now (about 3 hours later).
This time I followed the instructions re ipv6 (in Systems Preference/Network/ICP/IP where the drop down box is greyed out and can't be used.
I guess my hacker has gone to bed because he's not back, yet, but probably will be soon. My son says he is probably just a kid fooling around but he is a serious problem to me and it could get worse.
So what do I do, now?
\
Comments
I guess my hacker has gone to bed because he's not back, yet, but probably will be soon. My son says he is probably just a kid fooling around but he is a serious problem to me and it could get worse.
You're sure it's not your son to blame or one of his friends? That kind of activity usually comes from a remote desktop server running on your computer and would usually need higher privileges to be installed and run. The likelihood of someone installing it via a remote exploit and then targeting you is slim to none. It's far more likely someone who has access to your machine installed it or a piece of software was installed that had a Trojan program attached to it. If you have OS 10.4 or 10.5, you may be susceptible to this exploit:
http://macscan.securemac.com/securit...horse/#more-43
http://www.intego.com/news/ism0802.asp
You can try running this scanner to see if you have any known malware installed:
http://www.clamxav.com/
It could have been setup manually too:
http://support.apple.com/kb/HT2370#
You don't have to turn off the computer to stop another user controlling it, just the network connection. If you are on wifi, just turn off Airport. If you have an ethernet cable, unplug it.
Given that applications seem to be loading at random and in other accounts, is there a chance that someone else's bluetooth keyboard or mouse has paired with your machine and is only randomly coming into range with it?
I'll try the links you suggest.
A few days ago, I bought a Magic Jack Plus and could not install it so a tech person from Magic Jack did a remote install. If I try to use the MJ+ on my computer, it cuts my Internet connection (which comes back, eventually, about 2 or 3 hours later). So I plugged it into the router. The Internet connection to my computer still cuts off while I'm dialing and talking but returns immediately as soon as I hang up.
My son wonders if the remote install may have left behind a ping.
Anyway, I've been turning off Airport when not using the Internet and no sign of the hacker for a couple of days.
A few days ago, I bought a Magic Jack Plus and could not install it so a tech person from Magic Jack did a remote install. If I try to use the MJ+ on my computer, it cuts my Internet connection (which comes back, eventually, about 2 or 3 hours later). So I plugged it into the router. The Internet connection to my computer still cuts off while I'm dialing and talking but returns immediately as soon as I hang up.
My son wonders if the remote install may have left behind a ping.
How did they perform the remote install? If they asked you to turn on your desktop sharing (in system preferences > sharing > desktop sharing), you can disable that.
Magic Jack seems to have gotten some bad reviews concerning spyware/privacy but you never know with online reviews:
https://discussions.apple.com/thread...art=0&tstart=0
They do track what phone numbers you call to give you targeted advertising:
http://magicjack.com/tos/#10
I'd say it's probably best to keep it away from your computer - going straight into the router would be the safer option.
I do have the MJ+ plugged into the router because when it is plugged into my computer my interet connection disappears for hours. I tried to talk to a couple of MJ technicians about the problem but they didn't have a clue. This is inconvenient as I bought the MJ+ primarily to use on my computer while traveling and now can't do that.
I had no problems at all with MJ but forgot to renew on time so it expired and apparently can't be revived.
Anyway, the hacker seems to have lost interest and the trojan is now gone. The Clamxav won't complete a scan (never did) and said: "Don't Panic! read the faqs" which I did and found nothing relevent.
Lol, it's really all too much.
My husband (on a Windows pc) and I (on my macbook) both noticed the icon on a recent vacation in Mexico. He is still ignoring it but I got tired of it jumping around and clicked on it.
Won't do that again!
Yes, I'm a danger to myself and others.
Hi. Any advice on which av software to get?
You generally won't need it and it slows down your computer if you have automated tasks. Usually AV software ranges in quality between poor and terrible so there's really not a lot to choose from.
AV companies are always suspect because they make money from the existence of viruses and malware. Without a problem, they can't sell you a solution and it's always been suspected that these companies have a hand in creating the malware to begin with.
ClamXAV gets a good rating so I would stick to it:
http://www.macupdate.com/app/mac/15850/clamxav
but you don't need to have it running regularly. It can just sit there until you suspect there's something up with your machine. You can get a version off the App Store, which might behave a bit better on your machine.
I tried my MacKeeper program again and it updated so I'll try that for awhile. Can always try Clamxav again if MacKeeper doesn't do the job.
Thanks for all the help. I have an iTunes problem that I'll post about on this forum. I wonder if it's connected to my trojan since it happened at the same time.