Help With Mac Security! MacBookPro Hacked?
in [Mac Systems]
|
From: Jerry Lenstein on 18 Mar 2010 12:15 On Wed, 17 Mar 2010 18:45:01 -0400, Jerry Lenstein wrote: > I have a friend who is convinced that his MacBookPro has been > hacked and is being accessed by "outside sources". Thank you to everyone who replied! I get the gist of it and I agree, the problem is the person sitting at the keyboard. I just wanted to check with the Mac experts before I gently explain this to him. Again thanks ! JL
From: J Dean on 18 Mar 2010 12:49 On 3/17/2010 6:45 PM, Jerry Lenstein wrote: > I have a friend who is convinced that his MacBookPro has been > hacked and is being accessed by "outside sources". > > First off, this person used to run Windows and claimed the same > thing despite several highly knowledgeable people, including > myself, looking over the Windows system, re-installing clean etc > and finding nothing wrong. > > Keep this in mind when reading the stuff below because this is > pretty much the same complaints I got with Windows, as well as > with a Linux LIVE CD. > Keep that in mind. > > I am *not* a Mac person so I am asking for advice here. > This is what this person is telling me. > Please advise because I am pulling my hair out. > FWIW I have been a computer professional for 30+ years and have > never heard anything like this in my entire life, not even with > Windows. > > Connection is broadband BTW. > Router has been swapped to 2 different brands. > MacBook is less than 6 months old and up to date AFAIK. > > Here is what he is telling me and I would like to know, honestly, > what you guys think. > > Keep in mind, I was getting a lot of the same kind of stuff from > this person, not exactly, but similar, with the Windows machine > and the Linux machine. Same machine dual boot. > > I saw nothing wrong. > > The stuff below is from emails. > > If there is a better group for this please point me that way!! > > What do you think? > > > ***************************Here is what I am being told******** > > > Tonights login log starts with: > > Dasboardadvisory.plist (My note: dashboard is a widget thing that > sits > on dock at bottom of desktop) > > Bluetooth (my note: I set all communication things to inactive-- > haven't set up Internet yet) > > CUPS (my note: yes I know this is normal process, but it also has > a > built in http server that can be logged on through port 80 just > like > any other URL. It will also open a port through firewall& listen > for > info. ) > > These 3 things show up in log before I got the sign on screen > (that > shows up later in log). > > After sign on screen in log is: > > Kextload: /System/Library/Extensions/msdosfs.kext loaded > successfully > > Kext files will load into memory as needed. I just logged on and > didn't do anyhing. Especially anything to do with Microsoft dos > which > is what that is. And there also now gets a name in WINS box& had > WORKGROUP put in also. I NEVER set up to share& especialy not > with > windows (hence my remark I said to apple employee when I bought > MacBook ) I know it was not there before. > > > I know abou cups. I have seen what the log said on it when I got > MacBook. It has different stuff in it now. So does my system > profiler. > I thought I copied everything it said when I got mac but I can't > find > it. Network locations on my mac has tons of stuff in it where I > could > swear it was empty before. Stephs old MacBook has that location > empty > (it's using Internet with belkin wireless when I use magic Jack). > > Apple talk keeps starting up. That's a part of airport express > router > to connect printer. And in system profiler network, locations one > thing under Bluetooth says SMB: Workgroup: (& name I had put in) > SMB > is samba. Also under Bluetooth network location are setting that > you > would see under dial up modem (which I don have) like disconnect > on > idle (no), disconnect on logout (no). > > Under network utility section for information about Ethernet and > airport wireless card, my Ethernet shows with Vendor: NVIDIA > Model: > MCP79-1 (& link status: not reported--should say inactive like > airport > as I turned both to inactive). > > Why does my graphics card show as Ethernet card? This same thing > happened on other computers. > > System profiler, network, volumes says /home& /net mounted from > map > auto_home& map-hosts respectively. Both as automounted (when I > turn > computer on)& both autofs as type. > > Yesterday I saw a new quest folder that was just created. Couldn't > access it but it has a size of file on info. It should be zero or > small # cause I had it off and empty. > > I have intego firewall and virus barrier. It also came with a > program > called washing machine that you use to clean out cookies cache and > downloads. I cleaned stuff out the other nite (hadn't been online, > but > didn't do it the last timei was--only safari "clean"). The next > morning there was stuff in there to clean---Internet explorer > cookies > and cache,& firefox too. Wireless is turned off and is always off > unless I'm online--I hadn't been). Cleaned it and it was back the > next > day ( sizes were different so it is not what I deleted just > returning, > these were new). > > I'm also apparently using a tablet with this MacBook as I was with > the > desktops. Even though I don't have one. > > As far as crossing over onto different operating systems& it > can't be > done, I think it can be done. VNC uses the RFB protocol to > remotely > control another computer. > > RFB (Remote Framebuffer Protocol) is a simple protocol for remote > access to graphical user interfaces. Because it works at the > framebuffer level, it is applicable to windowing systems& > applications, including X11, windows& Macintosh. It's also used > in > any derivatives of VNC. > > VNC would be a virtual (software only) version of the network > computer. A VNC connection can be estabished as a LAN connection > if > VPN is utilized as a proxy. > > I had tons of proxy stuff on desktop. > > Don't know if going to apple. I also deleted some stuff. Not that > it > would matter. I was going to reset PRAM& NVRAM as per > instructions on > support.apple. Some things that PRAM contains are apple talk, > virtual > memory, start up disk (I keep getting I'm starting from a network > disk), Ram disk. Disk cache, fonts, printer stuff& port stuff. > > I did try to set up the free printer (when I bought MacBook) last > June > but could only get scan to work. Tried again in February 2010& > same > thing. Uninstalled software both times. I find it odd that this > problem on all computers has connections to printer and me being a > print server. Even when I don't have a printer (2nd desktop I > never > connected one to it, but one was running--spooler). This new free > printer does not have fax, but I turned on MacBook yesterday& I > had a > fax icon on top bar of desktop next to my wireless icon. > > There is also something with time servers consistent with all the > computers. Which I always set to not check time automatically. > > > > > Here is more: > > Settings changing, verizon folder (don't have anything verizon), > strange icons& folders. Again with printer stuff running& fax > (icon > now placed on top bar on desktop I didn't put there). Samba, cups, > I'm > set up as a server. Remote desktop stuff in logs& virtual system. > Says I'm using my Ethernet connection& it now has Nvidia as > vendor. > My Ethernet is set to inactive(disabled). > > Same on oher machines, graphics cards doing screwy connecting, > remote > desk, server, print, fax, loopback, fonts, virtual system. I again > on > this one use IPV6 even though I set that to not use. > > I looked through logs and the earlier ones from when I got it > mention > none of the bullshit I see now. I also apparently have clam xav, > firefox, and Internet explorer. Even though I never saw an icon > for > them& I never had clam xav on this computer. I have net barrier > x5 on > it since I got it. Thefirewall is set up to not allow incoming or > server& I had set denied to files that didn't need to connect > out. > And the virus scan skips over files but as you said it remembers > stuff. But looking at scan logs it says that each file only > scanned > partially. Or it says I stopped it when I didn't. He'll I'm > sitting > here waiting two hours for it to finish but I guess it was only > going > through the motions. > > > **************End of Emails******************* > > Is there a problem here? > > TIA > > Jerry Machine problem probably a bad MB.
From: Doug Anderson on 18 Mar 2010 12:53 Tom Harrington <tph(a)pcisys.no.spam.dammit.net> writes: > In article <ivjsjet3g1to$.1nkn3o1pjplmt.dlg(a)40tude.net>, > Moshe <goldee_loxnbagels(a)gmail.com> wrote: > > > But is there *any way* he could *possibly* be right? > > He seems normal in every other aspect of life. > > Of course it's possible. Someone might have broken into his house, sat > down at his Mac, and replaced evert kernel extension with one that > _appears_ identical but which actually sends all of his personal > information to Afghanistan. That same person might have surgically > implanted a mind-reading chip in your friend's brain so that fixing or > replacing the computer won't help. There may be invisible elephants in > his house monitoring his every move and just waiting for the right > moment to strangle him with their trunks. > > This is the wrong question to ask, because it leads straight into the > kind of paranoia your friend is displaying. You should perhaps suggest he familiarize himself with the principle of Occam's Razor. Whether one knows the name of the principle or not, it is essential to employ some variant of this principle to remain sane, or at least to remain sensible! It is _possible_ that the earth is only 6000 years old and that God planted dinosaur bones in various states of fossilization to test our faith. But is that actually a _reasonable_ explanation for anything? e
From: Jolly Roger on 18 Mar 2010 15:09 In article <hntlj8$p0u$1(a)news.eternal-september.org>, J Dean <jpdeanjr.(a)aol.com> wrote: > Machine problem probably a bad MB. You've got to be kidding me. -- Send responses to the relevant news group rather than email to me. E-mail sent to this address may be devoured by my very hungry SPAM filter. Due to Google's refusal to prevent spammers from posting messages through their servers, I often ignore posts from Google Groups. Use a real news client if you want me to see your posts. JR
From: Steve Hix on 18 Mar 2010 15:21 In article <jollyroger-36CF9F.14090318032010(a)news.individual.net>, Jolly Roger <jollyroger(a)pobox.com> wrote: > In article <hntlj8$p0u$1(a)news.eternal-september.org>, > J Dean <jpdeanjr.(a)aol.com> wrote: > > > Machine problem probably a bad MB. > > You've got to be kidding me. Hey, it's the best he could come up with.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Migration Assistant -- from Leopard to Tiger --- can it be done? Next: iMac manual |