Re: 14 antivirus apps found to have security problems.

Hi Calvin ,

Do you guys have a product that you think would disinfect an already very infected mac? Ive managed to stump 3 very highly acclaimed mac specialists here in LA , their suggestions were unable to rid my system of my attacker, ( we believe they have law enforcement capabilities, but illegal use) the last engineer finally seemed to find the root of the problem but not the solution. I'm told I have spoofing certificates , which I've definitely found,exploits of the DaVinci root kit which is heavily encrypted in my EFI sector ? Malicious tracking cookies, and a lot of coding, seems all my apps are working against me including my antivirus program kaspersky. If you think you have something that may resolve this or better yet , help figure out where it came from ( because it's completely turned my life upside down) I'd be very interested in knowing about it. I believe I know who's behind it, I have a lot of IP Address's pointing to one company , but need little more than that. No law enforcement agency will help ;/ even with a lot of proof, they just don't see this every dAy and don't know what to do with it I suppose. FBI just thinks I'm talking about some little Trojan I cAn get rid off with most virus removers . Won't heAr me out.
Thanks for yr time ,
Lookin for my life back !
Michelle
Rusli
«13

Comments

  • RusliRusli Posts: 991 Path Finder

    Hi Michelle,

     

    You can try F-Secure Antivirus for Mac for a Free Trial of 30 days only.

     

    But you need to remove the other antivirus on your mac.

     

    http://www.f-secure.com/en/web/home_global/anti-virus-for-mac#trial

     

    If both your Windows and Mac are infected. You need one antivirus for Mac and one antivirus for Windows.

     

    For Antivirus for Windows try trial of 30 days...

     

    http://www.f-secure.com/en/web/home_global/anti-virus#trial

     

    Please see my previous post

     

    http://community.f-secure.com/t5/Home-Security/Crisis-MORCUT-Mac-OSX-Malware/td-p/15056

     

    Other links:-

     

    http://securelist.com/blog/research/64215/adobe-flash-player-0-day-and-hackingteams-remote-control-system/

     

    http://news.drweb.com/?i=2604&lng=en

     

     

     

    Unfortunately Dr Web for Light Antivirus for mac now is not a free version.

     

    You have to make a purchase via Apple Apps Store.

     

    https://itunes.apple.com/us/app/dr.web-light/id471859438?mt=12

     

    I recommend you check this site for known mac malwares...

     

    http://www.thesafemac.com/

     

    There are free ones which you can try ....

     

    http://www.avira.com/en/download/product/avira-free-antivirus-for-mac

     

    http://www.clamxav.com/

     

    Known spyware for mac. (Not malware but spywares)

     

    http://macscan.securemac.com/spyware-list/

     

    Known Mac Adware ....

     

    http://www.thesafemac.com/arg/

  • RusliRusli Posts: 991 Path Finder

    Michelle,

     

    If you happen to get the latest Crisis Malware, then you can try Intego Virusbarrier.

     

    http://www.intego.com/antivirus-internet-security-x8#/virusbarrier-x8

     

    See the link here:-

     

    http://www.intego.com/mac-security-blog/new-osx-crisis-variant-invokes-pope-francis/

     New OSX/Crisis Variant Invokes Pope Francis Posted on January 20th, 2014 by Arnaud Abbati A new sample of OSX/Crisis, the too popular Da Vinci rootkit from Hacking Team, reached our Malware Lab during the weekend. We currently do not have information about the origin of the file on VirusTotal, named “Frantisek,” but it is an Eastern European first name meaning Francis. Could it be related to Pope Francis? Like the previous variants, OSX/Crisis.C is delivered through a dropper that installs silently, without requiring a password, and works on Mac OS X 10.5, 10.6, and 10.7. However, Hacking Team has updated some of the dropper code and the backdoor configuration file format. The dropper executes an unusual segment: __INITSTUB. The original entry point EIP points to this code segment before reaching the almost empty _main function of the program. For this reason, an incautious researcher using a debugger could get infected without even noticing it. While it uses a different way to resolve system symbols, it crashes on OS X Mountain Lion or OS X Mavericks (segmentation fault). This might be a 64-bit bug in the malware. Following is a screenshot of the resolved symbols hash of the dropper in IDA: OSX/Crisis.C - screenshot of the resolved symbols hash of the dropper in IDA When the dropper runs successfully, it hides the following files in the user’s home directory (in the Library/Preferences folder), inside a fake application bundle called OvzD7xFr.app: 1 backdoor: 8oTHYMCj.XIl (32-bit) 1 configuration file: ok20utla.3-B 2 kernel extentions: Lft2iRjk.7qa (32-bit) and 3ZPYmgGV.TOA (64-bit) 1 scripting addition: EDr5dvW8.p_w (FAT) 1 XPC service: GARteYof._Fk (FAT) 1 TIFF image, a System Preferences icon, ripped of Linkinus preferences panel: q45tyh Then it executes the backdoor and finishes the installation by creating a LaunchAgent file, com.apple.mdworker.plist. Similar to OSX/Crisis.B, this binary is obfuscated using MPress packer. It doesn’t run on OS X 10.9 as it is linked against the Apple System Profiler private framework, SPSupport, which is now 64-bit only; an “Image not found” exception is raised, and then it crashes. Furthermore, on a supported target, the backdoor simply uninstalls its files and quits. This could be related to a corrupted configuration file (the sample one starts with NULL bytes). Other than a few new tricks, features implemented by the backdoor component are similar to previous variants: it patches the Activity Monitor application to hide itself, takes screenshots, captures audio and video, gathers user locations, connects to WiFi hotspots, syncs collected data with a Command and Control (C&C) server, and tricks the user using social engineering to gain System Administrator privileges and drop its rootkit. At the time of this writing, the overhaul detection rate on VirusTotal is very low. Intego VirusBarrier with up-to-date malware definitions protects Mac users against this malware, detected as OSX/Crisis.C. This entry was posted in Malware and tagged crisis, hacking team, Mac, osx, OSX/Crisis.C, rcs. Bookmark the permalink.

     

    OSX/Crisis.C - screenshot of the resolved symbols hash of the dropper in IDA

     

  • BitsBits Posts: 19
    Thank you so much for your reply , now I know you get a ton of people a day that aren't that, for a lack if a better word, properly versed in all the many types if malicious goings on out there , and I'm not saying I'm an expert by ANY means. However I've hired some if the best, knowledgable in this specific field, people to take a look at what is going on, ( very reluctantly, and for quite a price) they finally did. They were actually excited ! Due to it being something , like I said before , new they had not encountered nor heard of in the community. Apparently this thing installs before the operating system and highly disguises itself and is heavily encrypted. I can't uninstall adobe, nor any of my other security or regular apps, and I'm talking about removing them using terminal scripting not just drag to trash . It acts / appears like if it's gone, but in fact nothing changes. Im telling you, These people ( the hackers ) have more control/ permissions on my counter than I do as the administrator. They definitly have root access, but it appears as I do. I turned on my computer today and in ONE Second where I did nothing but turn it on and open console, there were over 100 console outputs ,as if I was very active on my machine in that 1 SECOND ! I saw a lot of " try to remove observer from null key path" I have pictures of everything. Some Warnings, network changes , ( mind you I was connected to the Ethernet the entire time, it's all I'll use now ) the MAC address En1 output it says in my console does not match that of the one in my system pref. while on Ethernet . I've never enabled bluetooth infact I deleted it, never signed into iCloud , never turned on 'find my mac, haven't even entered my new Apple ID into this machine since wiping it and reinstalling OSX. I've gotten a new hard drive, 2 new routers and a modem . Had 4 different specialist /engineers diagnose it, using some fancy program to totally wipe everything from my system. Still it continues. If I can attach some screen shoots from today I'm going to try, again this was when I turned on the machine and nothing else other than open console .
    I am willing to pay for a program no problem , as long as you think it will work, I m very sceptical it will, because very reputable people have told me this is not a common malware/ spyware thing that can be removed with a program , I'm told I will need the means and technology of something / someone bigger like law enforcment to help , problem is, I believe it's law enforcment that's doing this;( , just Basically I feel hopeless, I can't even go to adobe help because my computer won't allow me to the site. Is this not something your company might be interested in looking into? I can send you my logs .. Apple had me make a copy of all of them but then said all they could do was wipe the system which I've done and didn't work . ;(
    It really is a case if a very rich man ( who own s a company I used to work for and am in 2 law suites with ) abusing his power to violate and break ,MANY LAWS, because no one is going to stop him. He's giving an order to have a company illegaly monitor me. I need a judge to court order this company to show me the warrant their supposed to have in order to do this , then explain why they've broken ALL if their own company rules on how and what they can monitor . Their trying to scare me quite due to knowledge I have, And ya know what. Sad but it's true. There going to get away with a 200,000 lawsuit and illegaly firing me, and security fraud , tax evasion, just to name a few because no one will listen to me. All the evidence is right there .
    Sorry had to vent there... Phew!!!!! If your still reading I'm amazed!
    Point is I'll try anything, i dont want to give up , the last specialist that did the semi forensics gave me a little disc drive to give to whoever might help, with all the info on it.
    I know your company is interested in new strains and sorts of attacks , would they be interested maybe in looking at this? Everyone that's looked at it can't figure it or, seems to be a mishmash of many things . And still going.
    Do you have customer support I might call to walk me through the installation of the product you recommend incase I have trouble , and assure it doesn't get corrupt like kaspersky did?
    Again I can't explain how much in appreciate your time. I hope you may find this somewhat interesting .
    Michelle

    Ok couldn't attach photo but one line said something about :
    Kav_agent:
    Object [221]: class KLThreatToString is in both /Library/ApplicationSupport/Kaspersky/Lab/Kav/Applications/Kaspersky Anti-Virus
    Agent.app/contents/MacOS/Kav_agent. one of the two will be used . Which one us undefined.

    As.well as :
    Confugd: network changed: V4( en0+ 192.168.0.106) DNS+Proxy

    I didn't change it do anything and was on Ethernet with everything else not only turned off but
  • BitsBits Posts: 19
    Ok I know you know ALOT more than I, but that all is EXACTLY what has happened ! except I have maverick s 10.9.3 I swear , you just nailed it with that last article you posted , it is exactly what is happening but I have even more .
  • BitsBits Posts: 19
    Is there any way I can email you some screen shots? I definitely have logs on my console and files re: Launchserviced ( maybe normal , I don't know ) but it refers to application "system preferences" isn't in fPermittedfrontapps...... Blah blah so isn't permitting .

    Com.apple.applekit.xpc.documenPopoverViewService: Assertion failed: 13E28: liblaunch.dylib + 25164 [ A50A0C7B-3216-3984-8AE0-B503BAF1DADA]: 0x25

    Then same com.applekit......
    Something about a " Bogus Event received by listener connection.

    Does this mean anything to you ?
    If you think your products can take care if this I will buy ANYTHING, only thing is , sorta wanted the info if I ever am able to use it to prosecute the company I believe did it. ( I'm in a lawsuit with their sister company ) they are a monitoring company for law enforcment and are supposed to have a warrant to be monitoring me not even in the way they are . This is just illegal for anyone ! But that's why they have the technology . I have IP 's logging into my email ,everyday ,tracing back to their home office . Can't be coincidence .
    Anyway, unique situation, not quite sure what to do, and no agency or govt' will help. Sorta unbelievable .
    Thanks for any more advice. !!
  • RusliRusli Posts: 991 Path Finder

    Okay ...

     

    I have to let you know that I did not work for F-Secure. But I can try my best to help you.

     

    You are using Mac OS X 10.9.3. Mavericks.

     

    May I know what Apple computer are you using? iMac, Mac mini, Macbook Air, Macbook Pro???

     

    I come to know that you are currently using Kaspersky.

     

    Did you call Kaspersky tech support for help??? Have you check the Kaspersky support web page??? Like the link below??? Because right now you are on F-Secure forum not Kaspersky....

     

    http://support.kaspersky.com/kismac

     

    Have done a full scan on your Kaspersky Antivirus for Mac???

     

    Since you are in the F-Secure forum did you send the infected Davinci file via F-Secure for Analysis....

     

    http://www.f-secure.com/en/web/labs_global/submit-samples/sas

     

    Click on submit sample to send the infected file over to F-Secure for analysis.

     

    You have to create an account and register in order for you to send the virus infected file to F-Secure for analysis.

     

    If you intend to install F-Secure Antivirus for Mac trial version free for 30 days only.

     

    You need to uninstall Kaspersky Antivirus..

     

    Because you can only use 1 antivirus if you need to run F-secure antivirus for Mac.

     

    You can go to F-Secure chat online. (Provided you are using F-Secure antivirus for Mac)

     

    http://www.f-secure.com/en/web/home_global/support/contact/chat

     

    F-Secure is located in Finland.

     

     

     

     

  • RusliRusli Posts: 991 Path Finder

    The best option, is you recorded it via Video on your camera phone or a Video cam.

     

    If you are innocent.

     

    At least you have proof to back you up.

     

    This is a malware, there is nothing to alarm...

     

     

  • RusliRusli Posts: 991 Path Finder

    Alternatively,

     

    Have you try another antivirus to detect???

     

    Like Intego??? For Instance...

     

    Does the article below fit the discription what you have seen on your Mac???

     

    http://www.intego.com/mac-security-blog/new-osx-crisis-variant-invokes-pope-francis/

     

    Because Virus comes with many variants...

     

    You can download the Intego Virusbarrier trial version free for a period of time.

     

    You can go to this link

     

    http://www.intego.com/mac-protection-bundle-x8#/virusbarrier-x8

     

    click on free trial button

     

    enter your email

     

    and wait for intego reply

     

    and download the software from the link given email reply from Intego

     

    and install intego virus barrier

     

    once you have done that

     

    do a "Full Scan"

     

    see if it can detect the malware and remove or delete them.

     

     

     

     

  • BitsBits Posts: 19
    Oh my god thank you sooo much I'm doing this tomorrow .I don't have a PC, this is all happening on my MacBook Pro . I called kaspersky.... Not much help. They couldn't quit wrap their heAd around it.
  • RusliRusli Posts: 991 Path Finder

    Before you get the mac computer, first of all did you make a Mac OS X maverick recovery USB thumb drive???

     

    Because if you didn't have that, there is no way, you can format your Mac computer and reinstall your OS X.

     

    Make sure all the Apps that you purchase comes from apple apps store.

     

    Make sure you back up your data, photos, files to an external USB or Thunderbolt

    hard disk...

     

    Make sure you have a Apple ID and register to Apple.

     

    Did you purchase the Apple Warranty, Apple Care???

     

    You can only use 3 years on a new Mac computer if you buy Apple Care.

     

    Otherwise, you may have an old Mac Computer model.

     

    If you have Apple Care and if it still under warranty you can send your Mac for repair.

     

     

    http://support.apple.com/kb/DL1433

     

    http://support.apple.com/kb/HT4848

     

    You can make a Apple MAC OS X Mavericks USB thumb drive here at this link:-

     

    http://support.apple.com/kb/HT5856

     

    or

     

    http://arstechnica.com/apple/2013/10/how-to-make-your-own-bootable-os-x-10-9-mavericks-usb-install-drive/

     

     

    http://www.macworld.com/article/2151706/create-a-bootable-mavericks-install-drive-for-newer-macs.html

     

    You need at least 8 or 16 GB thumb drive inorder for you to make a USB Recovery image.

     

    http://www.macworld.com/article/2056543/installing-mavericks-our-complete-guide.html

     

    Remember once you formatted that hard disk, all the data in the Mac will be gone.

     

    You need to back up your important data to an external harddisk like...

     

    http://www.seagate.com/sg/en/products/mac-storage/mac-portable-drives/

     

    But first of all you need to detect the virus first before you proceed any ot these methods as I mentioned above.

     

    Did you have a legit copy of Microsoft Office being install on your Mac???

     

    http://www.microsoft.com/mac

     

    Did you buy and have a DVD copy of it???

     

     

     

  • BitsBits Posts: 19
    I do the full scan and it seems as though it bypassed all the virus' s and such. Like they manipulated the program or something. Every site I go to I get the , certificate for ...... Google.com can not be identified and may be presenting itself to be google when it's not ( or something along those lines) FROM kaspersky, but then if I hit cancel to not accept 2 seconds later I get a pop up from kaspersky saying " server 192.150.96.10 returned invalid certificate .... " certificate name " and then accepts it . If I do nothing it eventually does same thing and accepts too. When I'm on what looks like a safe site. Green writing saying https: google .com but I click the icon to the left it says , server can not be identified , and if I look at cert. info in the details for organization and date auth: and exp: and such it's all blank !
    So kaspersky acts like it's working but somehow has been manipulated . As it seems all my apps. I've found apps I never installed , there's an app in my apps called macs MacBook Pro apps . And in there are all my apps again and then some . Two sets. I also have like 4 library's and I'm only user. There's a User folder and a hidden Usr folder. With a LOT of folders attached.
    I am the admin but I DEFINITELY Dont have admin priveledges all the time , when I go to the permissions if a folder there are user names that aren't in my system preferences with more permissions than I.
    I'll for sure get on the F Secure train tomorrow !
    Thanks soooo much
  • RusliRusli Posts: 991 Path Finder

    If you intend to call F-Secure support there is  a hotline number which you can call base on your country location.

     

    http://www.f-secure.com/en/web/home_global/support/contact/call-f-secure-support

     

    Call F-Secure support
    Country Language Service hours*) Phone number
    United KingdomEnglishMon-Fri 9-18*)0870 0130 794
    United States and CanadaEnglishMon-Fri 9-18*)866-295-2725
    Asia/Pacific (Malaysia)EnglishMon-Fri 9-18*)+60 3 7712 4605
    AustraliaEnglishMon-Fri 9-18*)1300 195 516
    BelgiumFrench and DutchMon-Fri 9-18**)02 256 66 60
    DenmarkDanishMon-Fri 8-17**)70 20 41 51
    FinlandFinnish and EnglishMon-Fri 8-18**)09 8862 5050
    FranceFrenchMon-Fri 9-18**)01 73 03 65 43
    GermanyGermanMon-Fri 9-19**)069 669 831 31
    Hong KongCantonese, EnglishMon-Fri 9-18**)3071 4907
    ItalyItalianMon-Fri 9-18**)0248280003
    NetherlandsDutchMon-Fri 9-18**)020 5040608
    NorwayNorwegianMon-Fri 8-17**)22 419 890
    PolandPolishMon-Fri 9-18**)22 356 1946
    SwedenSwedishMon-Fri 8-17**)08 507 440 11
    SwitzerlandGerman, French and ItalianMon-Fri 9-18**)084 220 40 80
        
    All other countriesEnglishMon-Fri 8-18 EET**)+358 9 8862 5050

    *) Service hours are shown in local time and are subject to change.

    **) Closed on public holidays.

  • BitsBits Posts: 19
    Thats the thing ! We ve already reformatted and reinstalled my operating system! Got a new hard drive, new IP address , router , modem Everything. I had backblaze online backup , and get this. The only way to instal an encrypted passcode to yr backup is from your very computer..... Well swear on everything I hold dear , I never installed anything but username and regular password( encrypted is extra feature) well we went to access the backup and low and behold, it has an encrypted passcode on it and no one can access it now.
    I've had the operating system reinstalled twice. Im telling you this is some insane stuff. Again, the people I've been working with know what their doing , and haven't been successful yet.
    M
  • RusliRusli Posts: 991 Path Finder

    Are you sure you got the correct ip address...

     

    Because base on the info that I have I trace it and it comes from Australia.

     

    http://www.iptrackeronline.com/index.php?ip_address=192.150.96.10

     

    You didn't come from Australia did you???

     

    (Please do not tell where are you from in the forum)

  • RusliRusli Posts: 991 Path Finder

    Did you do a quick format or zero out.

     

    Have you zero out your harddisk.

     

    The only think I can think off now, if your macbook pro is still under warranty, you can go to Apple Support Center and have it replace.

     

    Because the newer Macbook Pro comes with SSD pci-e card.

     

    Like the one here...

     

    https://www.ifixit.com/Guide/MacBook+Pro+15-Inch+Retina+Display+Late+2013+SSD+Replacement/23431

     

    The SSD is very very expensive to replace.

     

     

    The older macbook pro the non retina ones have normal harddisk...

     

    https://www.ifixit.com/Guide/MacBook+Pro+15-Inch+Unibody+Mid+2012+Hard+Drive+Replacement/10761

     

  • RusliRusli Posts: 991 Path Finder

    if you back up with an infected Mac, of course the virus is still intact.

     

    You must remember how does it happen, what did you do.

     

    You cannot simply assume ...

     

    You have to remember.

     

    Well at least you have this forum to back you up if you are innocent.

     

    http://www.youtube.com/watch?v=i8cTGGu07B8

     

     

    Don't forget to click on the Kudos button if the issues have been solve.

     

     

  • RusliRusli Posts: 991 Path Finder

    Mac OS X recovery for a new hard disk installation here ....

     

    http://support.apple.com/kb/ht4718

  • RusliRusli Posts: 991 Path Finder

    Michelle,

     

    To zero out the hard disk go to link here....

     

    http://support.apple.com/kb/HT1820

     

     

  • RusliRusli Posts: 991 Path Finder

    Michelle,

     

    First you said it is a Davinci Mac OS X malware virus.

     

    Now you said someone is monitoring you. Who is monitoring you???

     

    Did you happen to get infected by a Government Virus???

     

     

     

    You use Intego for Antivirus and do a Full Scan on your Macbook Pro , iPhone and iPad.

     

    If you think someone is monitoring you, someone must have access to your computer.

     

    And know your password. Someone must have remote login to your mac via root and also do a remote desktop. VNC and screen sharing.

     

    make sure your system preference sharing option is turn off and make sure your firewall is turn on and block all incoming.

     

    Change your password, do not use the same password as before.

     

    Check your account names see if there is more than one user in your User account.

     

    Make sure root account is not turn on.

     

    Do not use a simple password to guess.

     

    Muted your sound level on your macbook pro and cover the Web cam with a paper and sticky tape. Or a plaster.

     

    Change all your router admin password.

     

    Do a video recording on your hand held video camera.

     

    And record everything proof that you have.

     

    And informed to the Police, if you think your life is at stake!

     

     

     

  • BitsBits Posts: 19
    Sorry , I feel asleep . No I'm no where near Australia:/. And yes , this is what im trying to tell you, read my other post I put up. I'm almost positive I'm infected with a government virus!! . You see, I used to work for this company and I did all their bookkeeping, as well as Administrative work for the CEO and president . and a lot more, well while I worked there I acquired ALOT of documents ( most I didn't even realize what they were) on my computer, very confidential documents that I now know are extremely valuable to the CEO and all investors as they are the proof to many many illegal going ons and could do serious damage to them and the company . Well one of the owners happens to be one of the wealthiest men according to forbes magazine and he owns a HUGE media technology company . Well when all this started happening, I noticed so many successful log in's to all my email accts. in the history page . So I started writing them down and taking photographs, I would change my password from a safe computer, and seriously 1 minute later have a successful loggin again from somewhere weird , like Turkey. The logins seemed almost programmed as the times were like 3:08 am the 3:09 am then 3:10 am and on and on for 10 more , when I had disabled all my mail accts from phone and computer so it wasn't me for sure. Well I started noticing EVERY single IP address had one thing in common , they traced back to CELLCO.. In the first few I actually had some from New Jersey giving the local address of where the home office to this CELLCO is. I looked them up and they turned out to be a monitoring company for law enforcement! So I freaked!! Why is law enforcement monitoring me??? I read on, they have certain laws they must abide by, all if which they had broken with me. They had removed all my documents , locked my hard drive , port forwarded my mail, accessed deleted videos, etc. they were supposed to have a warrant to be doing this. How and why ???? So I searched more , after a while I found it , the rich guy who owns part the company I'm suing also is affiliated with Cellco . Can't be coincidence. He's abusing his power and authority to silence me.
    Trust me , again I'm working with very smart guys, we've changed EVERYTHING passwords, IP address, hard drive, I've talked to apple security numerous times, they just suggest to wipe it, but that doesn't do it. few times. Even bought a new router 2 tunes to get new IP address, definitely did a total wipe of the system. ( guy who did it still can't believe nor understand how they got back in) the one engineer found information of the DaVinci root kit in the Exploit that is encrypted disguising itself after installation in the EFI sector . I'm told it installs before the operating system, that's why wiping did nothing. I definitly have spoofed certificates which indicate ac" man in the middle " attack where data is intercepted while in transit not needing physical use if computer. All this requires a lot more than just some regular hacker could access.
    So I've been to the police, with all my info, plenty of proof , I paid quit a lot to have a professional do some forensics on my computer because no one believed me. He brought in a second party for verification.
    Still police will do nothing, they tell me call FBI, FBI seriously told me to " unplug my computer " when I said it was a wireless laptop they said " then turn it off" and hung up . Way to go FBI! I've written and called be nervous times to my congressman who he himself helped pass a bill against this very thing yet will do nothing. I'm telling you, I'm losing my mind over here because everyday it gets worse, I can see the access from in hiding folders and what I've found, some people would be sooooo interested in because in telling you this is something very different. But no one will help, I don't know where to go, which is why I posted to F-Secure. Maybe they want to see how they are getting in to my computer and help me prosecute and stop this madness . This is the stuff you read about in the news ( yes I've called them too) how do those people get noticed ? When f-secure does their studies of new infected virus' appearing , how does one report it to them ? Because no one has seen this before that I've met it talked to, and im in a very big city .
    So there you have it. All those things you suggested, I've already done , but they somehow switch everything back. If I turn off microphone in sYs pref. I'll find out it's been enabled without me doing it or knowing automatically on google, now when I open Opera Coast, there's a second window that opens with every new crab I go to, like it's mirroring the page . They definitly gave root access, and a program that notifies them if when I change a password , they've manipulated all my apps through the strings , even the graphics so things will look normal and like their running properly when it should give me a different message. Example : microphone on google appeared to be not recording , I saw a flash real quick said " say ok google " so I said OK GOOGLE out loud. Then a little icon in upper right address bar with an X through it popped up, I clicked it and it said " your microphone is now turned off and no longer recording " or something to that effect. Then said something about " but your website settings are different, to change them click here " so I did, took me to adobe website settings, where I'm SUPPOSED TO be Able to access my website camera and mic a global and various settings, except I had no authority to do anything . I have to call adobe Monday , I tried uninstalling adobe flash and couldn't, found a bunch of adobe hidden files and files tucked so deep I'd never known to look.
    It's relentless , I've done everything and everyday is a fight.
    I'll watch the videos you sent. Thank you so much for listening
    M
  • RusliRusli Posts: 991 Path Finder

    Oh dear,

     

    What a mess you been thru...

     

    If you are a clerk or an admin, these people are gaining informations to your company.

     

    I'm sure you are not the only one that they are after.

     

    They are after your company, boss, and even your colleagues.

     

    Someone must have the habit of doing something nasty or bad.

     

    If a person who wanted to do bad things to you or your company, he will find a victim or victims that is the weakest link.

     

     

    For sure, they are after the information on a computer who is the secretary of the boss.

     

    Sounds like your company is under so called covert survillence. (Under Survillence)

     

    Did you give any details of your personal hand phone to any of your clients.

     

    Did you give any details of your personal home address.

     

    What you need to do is to stop using your handphone, your phone to your office and informed your boss about it.

     

    Did your boss knows that your company is Under Survillence?

     

    Did your boss knows that cellco is doing all this things.

     

    You will never know that one of your client might be root cause of the problem.

     

    Did you make any form of enemy???

     

    I advice that you don't use your cell phone. Because this people can do a trace on your whereabouts and location.

     

    Regardless what handphone or cell phone you use. The telco can do a trace on you and

    your whereabouts and location.

     

    Okay, if you pick up the phone on your office, did you hear any clicking sound???

     

    Like click click click click....

     

    Then most likely your office is being electronic bug.

     

    If they hire a private investigator, and use a telco company to do tracing.

     

    Then I suspected that the company that you are working is under survillence.

     

    First of all, remove your battery of your cell phone once you get home. Do not turn on your cell phone. 

     

    Most likely this people already know your cell phone number. (What i mean is phone tapping)

     

    They can do many things which you did not know behind your back.

     

    They can do information gathering on you and your company.

     

    These always been the case that the Secretary of the company have been target and victimised.

     

    Did you know anything about "Industrial Espionage"????

     

    Did you watch the news about cell phone tapping???

     

    See this video. (Make sure you see this video)

     

    http://www.youtube.com/watch?v=tMJ3FzTnUU4

     

    http://www.youtube.com/watch?v=LJZDlGEc3sQ

     

    http://www.youtube.com/watch?v=IvhaeolCiPQ

     

    Did you know anything about counter survillence?

     

    Watch this videos.

     

    http://www.youtube.com/watch?v=NouUgDU26Pg

     

    Did you watch Discovery Channel - by Aton Edwards Track me if you can???

     

    Here is Aton Edwards wiki

     

    http://en.wikipedia.org/wiki/Aton_Edwards

     

    Make sure you see this video (Is a must!)

     

    http://www.youtube.com/watch?v=nlc9-v143tg

     

    http://www.youtube.com/watch?v=517anEnMcJ4

     

    http://www.youtube.com/watch?v=_AF3s2N6Rvo

     

    http://www.youtube.com/watch?v=mqJze_GR0Jg

     

    http://www.youtube.com/watch?v=Y8gjYFuktzI

     

    http://www.youtube.com/watch?v=b3d_acImQxg

     

    Video on counter survillence

     

    http://www.youtube.com/watch?v=4NPyC_MYZM0&list=PLhDWoJKqQthio4hrB2NJ7KckDHzuTExwg

     

    Bug sweep.

     

    http://www.youtube.com/watch?v=b7Sh4kr9460

     

    http://www.youtube.com/watch?v=iaeROrAVmLs

     

    Electronic Harrassment

     

    http://www.youtube.com/watch?v=Lh0jXrH95TE

     

    http://www.youtube.com/watch?v=UnPg_GqD_2o

     

    Did you heard about NSA Prism?

     

    http://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29

     

    https://en.wikipedia.org/wiki/NSA_ANT_catalog

     

    See F-Secure Mikko Hypponen videos and David Hasselfholf (aka Knight Rider)

     

    http://www.youtube.com/watch?v=lHj7jgQpnBM

     

    http://www.youtube.com/watch?v=EMIsuZsfEVg

     

    Did you watch David Hasselfholf (don't hassel the hoff, just kidding) with Mikko Hypponen?

     

    Find hidden camera in your home or office.

     

    http://www.youtube.com/watch?v=38Qqw2dYq_c

     

    About Cell Phone tracking.

     

    http://www.youtube.com/watch?v=xCCRnswwGac

     

    To get your life back, make sure you see all the videos here. It's very important for you to know.

     

    Did anyone follow you or you are being followed.

     

    Did you notice around you that you being watch?

     

    Outside your office, in your office, outside your home.

  • BitsBits Posts: 19
    No no, I don't work for the company anymore! It's ME that's the secretary with all the important information !! I was fired in September 2013, the hacking / virus , I'm told, began December. It's my personal computer that this is on ! It's my apartment that is under survelaince it's ME they are trying to get information about. You see, when I worked for old company they did many federal illegal things, not on purpose, but I left with all the documents in my hard drive , and they forgot to have me sign a confidentiality agreement. They fired me for a reason not aloud to fire someone , so I'm taking them to court for wrongful termination and sexual harrasment ( CEO sexually harassed me) one of the owners of that company ( the one I used to work for ) Affiliates with Cellco to my knowledge . So it's my info company afraid I'll use what I know to get then in trouble, thats why they erased all my documents , all my mail , locked up my hard drive , have total control of my computer. They are trying to scare me so I won't talk. Or if I do, they'll know about it and who knows what will happen then. All I know for fact is SOMEONE somehow got exploits of what looks like the davinci virus and then more on my computer through a man in the middle attack using spoofed certificates and this takes a certain level of expertise. I'm an innocent person that found herself in an unlucky position and to my disbelief , no law enforcment agency is willing to do anything . Either because when they look into it, it shows I actually have a warrant out for some made up crime or they just don't see this type of thing and don't know what to do with it.
  • RusliRusli Posts: 991 Path Finder

    First of all,

     

    I suspected that your backup files must have been infected by viruses and malware as well.

     

    What I suspecting, is that someone must have email attachment that are infected with Davinci Virus.

     

    Or someone in your office must have surf to the infected site that have Davinci virus or malware.

     

    So, what you need to do is, do a full scan in your office with a program called Malwarebytes.

     

    You can download a free copy and install in your Windows computer.

     

    Download the free version of malwarebytes and do a full scan on all computer in your office and home.

     

    Go to this link.

     

    http://www.malwarebytes.org/mwb-download/

     

    See if Malwarebytes detects any viruses, trojans and malwares.

     

    Once detected delete them.

     

    Then you need to download the AVIRA rescue disk ISO. To do a full scan on all Windows PCs.

     

    Go this site.

     

    Download and burn the Avira Rescue Disc to to a CD-R blank CD.

     

    http://www.avira.com/en/download/product/avira-rescue-system

     

    Do a full scan.

     

    Take note. Avira always update their Rescue CD. Look the date stamp. Keep this software real handy.

     

    Boot the up the CD, make sure you are online, do a virus updates and do a FULL SCAN on all of your computers in your office and home.

     

    Also do a full scan on infected Windows PC with F-Secure Online scan.

     

    http://www.f-secure.com/en/web/home_global/online-scanner

     

    Make sure all of your office and home computers are FULL SCAN.

     

    Even your boss laptops, computer need to do a FULL SCAN.

     

    It takes many hours to complete.

     

    But it worth every effort to do it.

     

    Make sure all.

     

    Even your boss home computer need to be scan.

     

    Do this on off days.

     

    Come on the office and do everything.

     

    Make sure you notify the problem and let everyone in the office knows about this.

     

    Do not bring infected files to your home or office.

     

    Do not bring any personal photographs to your office if your office is under survillence.

     

    Just to prevent any other people can lead to their bait and being victimised.

     

    Remove them.

     

    And even in your personal website, in your computer.

     

     

     

     

  • BitsBits Posts: 19
    But yes , I'm pretty sure my phone is compromised too, and they definitly know where I live. I wouldn't doubt if my apartment was bugged . All I can do is let them listen , I'm not doing anything wrong after all. I can't fight a fight I can't win , I've tried everything , I will move soon and be very private about it.
  • RusliRusli Posts: 991 Path Finder

    Change your cell phone and home number, and address. Be on your toes every where you move in or out of the house.

     

    Look around.

     

    If you drive a car, or go to usual places, check to see if someone is following you.

     

    Remember their faces, tattoos, clothes, shoes, watch, pen etc.

     

    Video him or her if you think these people are following you.

     

    And call the police.

     

    Change your computer if you think, your computer is render useless.

     

    Always go to the crowded place.

     

  • RusliRusli Posts: 991 Path Finder

    Okay next,

     

    Do not copy your backup files to your clean computer.

     

    Because I suspected that your backup files must have been infected by viruses and malware.

     

    Be it Windows or Mac.

     

    Make sure you follow my steps.

     

     

  • RusliRusli Posts: 991 Path Finder

    Next once you have done the virus full scanning on your windows computers.

     

    What you need to do now is to focus on your Macbook Pro.

     

    Firstly,

     

    Do not connect your Macbook pro to a  Wifi or Home Internet network.

     

    What you need to do now, is to check whether your Root User Account have been use and compromise.

     

    Go to this link and change the root password and disable root account.

     

    http://support.apple.com/kb/PH14281

     

    Check to see if your Active Directory on your Mac OS X is enable. And you need to disable the active directory.

     

    http://support.apple.com/kb/PH9295

     

    Disable all your System Preferences Sharing. All of them. Untick them.

     

    http://support.apple.com/kb/HT2490

     

    Go to system prefences, sharing and untick all of them.

     

    Disable your Parental Control.

     

    Make sure your Mac firewall is turn on and block all incoming

     

    http://nakedsecurity.sophos.com/2014/03/21/apple-users-try-these-five-tips-for-better-mac-security/

     

    Follow this steps.

     

    http://nakedsecurity.sophos.com/2011/01/25/top-tips-for-os-x-security-part-1/

     

    http://nakedsecurity.sophos.com/2011/02/02/top-tips-for-mac-os-x-security-part-2/

     

    http://nakedsecurity.sophos.com/2011/02/21/top-tips-for-mac-os-x-security-part-3/

     

    Next,

     

    Download Intego antivirus trial as what i said earlier.

     

    Go to this link

     

    http://www.intego.com/antivirus-internet-security-x8

     

    click on trial button

     

    key in your email address.

     

    And wait for Intego reply.

     

    Once you received the Intego email,

     

    Download the software to the link given.

     

    And install Intego Antivirus.

     

    Do a virus update.

     

    And make sure you do a FULL SCAN on your Mac.

     

    You can also do a scan for virus on your iPhones, iPad with Intego antivirus.

     

    See if it can detect any malware, spyware etc.

     

    Make sure you go TheSafeMac to get yourself up to date about Mac Malware.

     

    http://www.thesafemac.com/

     

    Know the malware and spywares and Adware for Mac infected computers.

     

    For detection on mac spyware download macscan to see if your mac is infected with spywares.

     

    Download the trial version.

     

    http://macscan.securemac.com/

     

    Then once the malware been detected, you can send the sample file to F-Secure for analysis.

     

    Then if you want to do a format on your harddisk, see the previous post that i send you.

     

    But before you format your harddisk.

     

    Make sure you have your Apple Mac OS X maverick USB Recovery (usb stick). 8 or 16 GB thumb drive.

     

    http://support.apple.com/kb/PH13871

     

    http://support.apple.com/kb/HT4848

     

    http://support.apple.com/kb/ht4718

     

    http://appducate.com/2013/11/mavericks-install-usb-simple-terminal-command/

     

    http://arstechnica.com/apple/2013/10/how-to-make-your-own-bootable-os-x-10-9-mavericks-usb-install-drive/

     

     

     

    Follow the steps of doing an Apple OS X recovery on my previous post.

     

    And do a zero out on your hard disk.

     

    http://support.apple.com/kb/HT1820

     

     

    Configure your computer on the step that I given you in the post.

     

    Change your root account password, and disable them.

     

    Disable Active Directory.

     

    Install a copy of antivirus program.

     

    Disable all of sharing System preferences.

     

    Do not enable Remote Login, Remote Desktop, Internet Sharing, File sharing, Screen Sharing etc.

     

    Disable them all.

     

    Make sure you have a administration account and password.

     

    Do not use admin account and password all the time.

     

    Create another user, with standard account and use that all the time.

     

    Disable your guest account.

     

    http://www.youtube.com/watch?v=jUfuP54D98o

     

     DO NOT copy back your infected backup files to your Macbook Pro.

     

    The virus is still exists.

     

    And it can infect both your Windows and Mac.

     

    If you have a Apple boot camp.

     

    which means you have two Operating System on your Macbook pro.

     

    One Mac OS X and windows.

     

    Go to Windows on your macbook Pro and download Malwarebytes and do a full scan.

     

    Update your antivirus software and do a full scan again.

     

    Do not install Skype or video chat program on your PC or Mac.

     

    Do not use Internet Explorer or Apple Safari browser.

     

    Use firefox or Google chrome.

     

    Do not install JAVA on your Mac and Windows.

     

    Make sure your Adobe flash is keep up to date.

     

    Go to this site to check whether you have the latest adobe flash.

     

    http://www.adobe.com/software/flash/about/

     

    Disable your adobe flash when not in use.

     

    Disable your bluetooth. Both on your PC, Mac and Phones!

     

    Disable your Apple Airport.

     

     

     

     

     

     

  • RusliRusli Posts: 991 Path Finder

    You make a journal,

     

    write on the date, time, and what is happening to you.

     

    Do a video recording.

     

    What you see on your computer.

     

    Make a police report!

  • RusliRusli Posts: 991 Path Finder

    Did you know CERT?

     

    Computer Emergency Response Team???

     

    Did you know about US Cert Homeland Security.

     

    Go to this site about your computer security.

     

    Hope this will help you.

     

    http://www.us-cert.gov/ncas/tips/

     

    See this video

     

    http://www.youtube.com/watch?v=UIIY9AQSqbY

     

    Hope this will help you out and get your life back again.

     

    And stay out of trouble outside.

This discussion has been closed.