advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Post Scam Cleanup for my Mother's iMac
Posted by: Schpark
Date: August 18, 2018 09:40AM
I was on vacation and my mother got a message on her screen saying she was hacked and to call a certain number. She decided not to bother me and called the number, spent 1.5 hours on the phone with "Apple" to fix the problem, and paid them $100 on a credit card. I am just back from vacation now and need to decide how to proceed.

Once she told me the story I shut the computer down while I figure out what to do. She is not an administrator so they did not have administrator privileges. I am not clear yet if the person on the phone just told her to do stuff to "fix" it or if they actually remote controlled the computer. If they did have control of the computer what could have they done without admin privilege?

What is the minimum you would do in this case? At the other extreme it may provide an excuse to put an SSD in it since it is using the original 500GB HD that came with it in 2011.



"Without death, life would lose much of its meaning. My goal is to live in such a manner that I alter world in some fundamental way before I'm gone. As I get older and watch my son grow I realize I've already achieved my goal." - Ztirffritz
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: space-time
Date: August 18, 2018 09:48AM
Something similar happened to my friends except they realized the scam while the remote guy was looking at System preferences and making stupid comments that Firewall was OFF (and when my friend asked if it should be ON, the remote guy said to leave it OFF). Then he looked around at files and so on without a clear plan. During this time apparently 3000 files were downloading, but they did NOT finish downloading since many of those were found to be incomplete downloads. My friend realized this is a scam and hanged up. The hacker call him back.

Anyway long story short I scanned the computer with Malware bytes and did not find anything suspicious, then I cleaned up the download folder, change passwords and told my friends to NEVER EVER do this again.

I got heavy critics here last week that I did not nuke and pave, and these guys were right, so I plan to tell them to bring the computer here next time and leave here a week so I can nuke and pave.



In your case, since he was connected for so long, I would definitely nuke and pave (and yes, go SSD). Also cancel that CC and even try to dispute the charge.
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: max
Date: August 18, 2018 10:07AM
Nuke a pave...
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: STL
Date: August 18, 2018 10:10AM
Notify credit card company and request a new account number and card.
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: Schpark
Date: August 18, 2018 10:36AM
Followup question. Will restoring from the time machine backup be compromised since the drive was connected while the scammer had access? Should I just restore from a date prior to the hacking?



"Without death, life would lose much of its meaning. My goal is to live in such a manner that I alter world in some fundamental way before I'm gone. As I get older and watch my son grow I realize I've already achieved my goal." - Ztirffritz
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: space-time
Date: August 18, 2018 11:50AM
good question. There are hackers out there that encrypt your backup derives (this happened to our HOA management company last year). But it does not sounds like this is the case here. Depending on how sophisticated they were, I guess even the older backups could be infected.

That being said, I doubt this is the case. Do you see any evidence the machine is infected at this time? did you run Malware bytes, did you find anything? if nothing was found, I would guess the chance there is an infection on the time machine is small. But to make sure, yes, I would restore from an older backup.

now I am not an expert by any stretch on this type of issues and I got a lot of backslash last week that I did not nuke and pave my friends' machines. I plan to do that as soon as I can get my hands on the machine for a few days. Just a few hours between grilling, beers and hanging out is not enough time to backup (2x), nuke, pave and restore all their accounts.
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: testcase
Date: August 18, 2018 12:04PM
After Malwarebytes, I'd run Etrecheck and see what that finds.
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: hal
Date: August 18, 2018 03:32PM
If you reboot to the restore partition, you can run terminal and change the password for any account on that machine without any password. She would have had to type 'resetpassword' of 'passwordreset' - I can never remember which. If this wasn't done, then I can't imagine there is anything on the computer to be concerned with, but I'm not expert.

Go to Apple menu > recent items and see if there are any apps or connections to servers to be concerned with.

I would be more worried about the credit card account and ID theft than anything on the computer.
Options:  Reply • Quote
Re: Post Scam Cleanup for my Mother's iMac
Posted by: Schpark
Date: August 19, 2018 11:07AM
I think I talked her into just replacing the old hard drive since I already have the tools and have already replaced the drive in my iMac so i know what I am getting into. I will try to convince her to get an SSD.

Thanks for all the responses. I downloaded Malwarebytes and put it on a flash drive and will run it on her iMac while it is disconnected from wifi to see if it finds anything.



"Without death, life would lose much of its meaning. My goal is to live in such a manner that I alter world in some fundamental way before I'm gone. As I get older and watch my son grow I realize I've already achieved my goal." - Ztirffritz
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 198
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020