How To Clean Mac After Remote Access Hack

19-05-2021
 |  [RAND-100] - Comments

Oct 02, 2016  Boot to the Recovery Volume (command - R on a restart or hold down the option/alt key during a restart and select Recovery Volume). Run Disk Utility Verify/Repair and Repair Permissions until you get no errors. Reformat the drive using Disk Utility/Erase Mac OS Extended (Journaled), then click the Option button and select GUID. Then re-install the OS.

Windows To Mac Remote Access

I know there are some remote access tools that do not require admin authentication on the host side. The host user only needs to open the app and they can have their machine accessed by whoever is on the other side with the login information they read back to them over the phone. In a situation like this no administrative information is passed along, or needed. This would keep the scammer from higher system functions but they could pillage the documents, etc.

In the case of the Keychain they could copy the login.keychain to another system; what would prevent them from getting the data from that file because that would be critical if it's readable on another system?

How do I get rid of someone who has control over my remote desktop?! Its killing me – I am literally watching stuff being erased! HELP!

How To Clean Mac Free

Windows

How To Clean Mac Desktop

How

I’m on an Acer 7550 Aspire Laptop running Windows 7 Home Premium.

  1. if you are in the network with other user then any one can remotely access your computer. to prevent this situation provide password to your account or remove your pc from network.

  2. You need to close any open ports on your computer.

  3. I had the same thing happen. After tryin all the fixes mentioned, I called my internet provider. Not only did he change my IP address but he also secured my net works in 2 ways and worked endlessly to reset the comuter and make sure it was virus free? In conclusion he had me chang all my pastwords, he mcontactd DELL explaining the problems. Custom servivn was exemplary and so far so good with the computer!

  4. First off let me thank you for taking the time to help me with my dilemma. I purchased this Laptop from a local independent retailer a couple months ago as a second owner. It was in perfect shape and much better than the piece of junk HP dv2000 that finally died on me. (By the way DO NOT buy an HP product) not to get off track here but did you know that in 2009 HP built a whole series (The dv Series of Laptops) that where a mid range purchase $900.00 to $1200.00 new, that they where aware had faulty Nvidia graphics chips! Anyway so I bought this laptop used for $400.00 and it's a quality build. 17' screen 4Gig of Ram 2 AMD Athalon X2 Processors running at 2.1gigs and a 500GB hard drive (I thought Pretty good deal right?) So about 2-3 weeks later I notice my passwords are changing. Now Im sure like alot of people who are a little security paranoid I change my passwords often and use large strings of Alpha/Numeric and Symbolic characters. I figured I had just typed them in wrong or written them down wrong and would just change them either back to what I thought they where or created new ones. Now let me be clear, Im 43 years old and although no where near an expert I have been working on these systems for 25 years plus but in a fairly limited capacity. I own a Commercial Art and Advertising company and for most of that span I have only mostly focused on software, hardware and applications and builds related to my vocation and industry! IT and security has been limited to home networks and creative passwords! So when, shall we say, these small glitches I started having became more and more frequent I decided to do some research. I wont take much time walking you through that but lets sum it up by saying I have discovered that the prior owner still has control of my Root and remained Owner/Creator on this machine and has installed a variety of ports and fraudulent certificates as well as literally hundreds of registry modification allowing him to access this machine remotely. My only solution was to re-format and re-install. Virus scans, which I had run many times and used several would not have made a bit of difference in my case. This has been a tremendous education for me and although satisfied that I have fixed the issue with the help of people more knowledgeable than myself (Thank You, Thank you Thank you!) and not having to spend what Im sure would have amounted to hundreds of additional dollars out of my pocket I am disillusioned by the so call expertise of my local computer merchant who should have seen this and repaired it before reselling it to me. I wont be using him again! So that's the story of 'The Ghost In The Machine' and how I eventually, after hours and hours (Something like 70 hours all told) of speculation, second guessing, self doubt and im sure what my wife would describe as senseless paranoia (She truely thought I was seeing Gremlins on the airplane wings!!!) my issue was resolved.

    • glad that you fixed your problem, formatting and reinstalling windows is surgery precision and 100% working solution:)

      added security if you wish try Zemana Antilogger
      http://www.zemana.com/

      Don’t Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools
      //www.makeuseof.com/tag/dont-fall-victim-to-keyloggers-use-these-important-anti-keylogger-tools/

    • Sorry but you are the one to blame. You bought a used PC of unknown origin. You figured you were going to save money because the O/S and applications were already installed. The very first thing you should have done, after bringing home a USED PC, was to change all the passwords if you wanted to continue using the installed software. If you were going to install your own software, which ultimately you had to do anyway, you should have asked the dealer to reformat the hard drive or you should have done it yourself to prevent exactly what happened.

      As soon you turned on the PC, even before connecting to the Internet, you should have checked all the settings. You would have seen that Remote Access was turned and you could have turned it OFF. Then, before installing any of your files, you should have used the PC for a couple of days just to test it out. Only after you were perfectly satisfied with how the PC worked, should you have copied your files to it and started using it for your purposes. You did not take even the most rudimentary precautions and you got burned.

      Unless you gave explicit instructions to the computer dealer on what he was to do with this PC, there is no way you can lay the blame on the dealer. He sold you a computer and he probably figured that you knew what you were getting and what to do with it. Remember, when it comes to second hand anything, it is Buyer Beware.

  5. Out of curiosity, did you allow them to take control in the first place? Is this someone that you know?

  6. 6.If you are using Windows firewall, Windows will automatically configure the firewall to allow Remote Desktop Connections but if you are using a third party firewall, you should allow RDP traffic to be passed from the firewall.
    [Broken Link Removed]

  7. To begin with, you need to disconnect from the internet - turn off any WiFi connections, and unplug any physical - Ethernet - connections. You may need access to another computer to access the below links.

    Turn off Remote Connection Sharing - here is a link:
    https://www.sevenforums.com/system-security/29503-how-turn-off-all-remote-access-apps-services.html

    Run a FULL system Malware check with a free tool like this:
    https://www.malwarebytes.org/lp/malware_lp/

    Setup a free Firewall to block your PC - this is one option, ZoneAlarm - look for the free version:
    https://www.zonealarm.com/

    Get yourself a software VPN to block any 'Man In the Middle' attacks - CyberGhost is free:
    https://www.cyberghostvpn.com/

    Get yourself a Password Manager, and change ALL your passwords to secure, uncrackable, ones. LastPass is the best:
    https://lastpass.com/

    Since you have obviously been hacked, past the steps above you will need someone with a knowledge of IT. You should properly configure your router, and completely wipe your hard drive by formating it with zeros using DOD level shredding, then reinstall Windows. That said, the above should knock anyone out, and the combination of LastPass, using CyberGhost or a similar VPN on any WiFI connection, and never using the same password more than once, will give you a very good jump on being secure.

  8. First is to disconnect your laptop from the network, turn off Wifi and unplug any network cable attached. This should stop anyone from continuing to access your laptop through Remote Desktop. If you are connecting through mobile broadband, disconnect from there too.

    Next, disable Remote Desktop as listed out by Jim Chambers above.

    Reset all the password of the user accounts on your laptop:
    1) Click Start
    2) Click Control Panel
    3) Click User Accounts
    4) Click 'Change your password' and reset your user password
    5) Click 'Manage another account'
    6) Repeat step 4 for each account in the list

    Lastly, any idea why your laptop is being connected through Remote Desktop? I'm assuming the connection is unauthorized.
    Did you give out your windows login to anyone?
    Or did you recently install any software?
    You might want to run an antivirus scan/malware scan on your laptop.

  9. disable or uninstall any app for remote viewing like teamviewer, vnc viewer, etc. also check your windows remote viewing settings and disable it.

  10. First step would be to take your computer off the internet - unplug it or turn off the wifi manually, but get it off. Then proceed to uncheck the allow remote assistance to the computer.

  11. How about unplugging the network instead of watching it happen? At least that would have been my first thought...

    Use some Anti Virus Rescue (live) CD to make sure it's not some trojan giving access.

    Then with network still unplugged or disconnected go into the 'Add and remove Software' menu within Control Panel and delete any VNC or TeamViewer application.

    Finally under 'Control Panel > System and Security > System' click the advanced system configuration, select the Remote tab and select to not allow any Remote desktop connection.

    That should get rid of most the remote desktop options.

  12. The fastest way is to disconnect your modem from the computer. After that, you can use Jim's steps to disable the functionality in Windows. If the remote control is via some other sofware (LogMeIn, TeamViewer, etc) you will need to uninstall them or disable remote control functionality in them although they generally will prompt you when someone else wants to take control and in TeamViewer at least, it will provide a small box in the lower right corner that allows you to disconnect the other user.

  13. Click Start button
    Right click Computer
    Select Properties
    Select Advanced system settings
    Select Remote Tab
    uncheck Allow remote assistance to this computer
    Reboot