Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Users&Groups Admin Password Changed w/o Unlocking

May 14, 2014 6:12PM PDT

I have been having trouble with account and computer tampering on all levels. Today I discovered that the users & groups password can be changed at any time without unlocking.

As a novice, I am missing something.
Give me the instructions on how and where to look for implanted changes.
How is this possible and how to fix it?

-The guest login is OFF
-I am the only person using the computer/passwords
-The WiFi is off
-There are always spoof and phishing pages for almost every place on the web
-All accounts are stolen or tampered with; email, shops, websites, stores, WordPress, PayPal, etc
-The computer has been wiped clean back to factory a few times
-The hard drive has been changed
-New computers have been bought
-After changes, problems always occur when entering the Gmail address in the address bar &/or going to the Apple App Store. Without knowing much more, this may be where the culprit is getting in every time. Eventually, all email/documents are stolen. I also have concerns that Apple Apps are being downloaded or changed to cause problems when downloaded. If this is true then anytime I re-apply or open an app, I am getting contaminations.
-There could be an alert attached to all my accounts, so that anytime I visit, I am immediately attacked. How to get rid of it.

Discussion is locked

- Collapse -
Answer
Small world.
May 14, 2014 9:45PM PDT

I encountered such on 2 occasions. The first was an user that installed a trojan. Apple's are not immune to users installing such. The next was a person downloading movies and torrents. The first required an OS install since it was the fastest fix and they were in a hurry. The next couldn't be fixed as they would not give up the movie/torrent downloads.

There are probably more reasons out there but you may need a security advisor or consultant to work with you.
Bob

- Collapse -
Where to find security advisor or consultant or forensics?
May 19, 2014 12:10AM PDT

exactly where to find a person knowledgeable enough for Mavericks OS X forensics, extreme tech advise, and/or consultation? They don't appear to be at ordinary computer repair shops/stores, Best Buy, Apple, etc. If you know where to find them, please explain.

- Collapse -
While they do exist
May 19, 2014 12:32AM PDT

The problem is the cost. Folk usually flame out (or on?) when they find out how much such costs. That explains why the most common response is to copy out any files they owners didn't backup then wipe and install the OS again. Then a little chat about torrents and installing software from untrusted sources.

Again, the story is what matters and I know many are unwilling to air the possibly dirty laundry in public. After thousands of such encounters I only wince and hope the client doesn't notice.
Bob

- Collapse -
Please explain your comment
May 19, 2014 1:05AM PDT

Please give details on what you mean by your comment then give helpful information as to how to solve the problem(s) at hand.

Explain the "costs" that you talk about, and any other details needed.

Thank you.

- Collapse -
About costs.
May 19, 2014 1:39AM PDT

Around here the security folk cost companies hundreds per hour. I would be guessing that you wanted security work done here in this forum. Sure but forensics? No. We'll leave that to those that do such work.

Given your new post it almost sounds as if someone is truly invading your computers or there is some basic operation that does something that alarms you.

My best advice is to keep backups current and reload the machine and raise the shields as you have done. If it happens again consider moving to another platform such as Linux where I rarely hear of such troubles.

Be aware that such work is so expensive that many won't believe how expensive it is. A few explode when they can't find folk on forums to do such for them.

In summation, what I advise is backup your files, reload the machine and don't use it except for the necessities.
Bob

- Collapse -
Answer
Clarification and Request
May 19, 2014 1:02AM PDT

#1 - downloads are set for the Apple Store Only. Any variations would be for Apache document products, Google Products, Mozilla, etc. They were downloaded from the main sites only. Since then, all have been erased and denied, except Apple products because of the problems attached to them.

BTW- some of the addresses to major sites change after entering them in the address bar. Google and other product addresses start out as correct but quickly change to a very long address. It is hard to catch all of the spoof pages. I can see where people are going to bad sites on accident. Spoof addresses have been turned in but I have no idea what is being done about them. Poor tech support and customer service causes some of these to be misunderstood and ignored.

#2 - Since there are multiple downloads at the Apple App Store, several takeovers have occurred. Any emails attached to this account, as well as any other accounts for stores, shops, PayPal, Adwords, etc. are attacked and stolen. I am not sure what they are used for, but I would assume the apps are being downloaded and used elsewhere.

#3 - The cleaning, clearing, wiping, hard drive changing, etc. are being done at the Apple Store. It has been identified that the problems occur from going to Google and Apple App products. I believe there is a problem with any email used. So it does not matter how many times the computer is fixed, changed, or a new one is purchased, just going to these products starts the problem all over again. I feel an alert is set up so whenever there is a login the new computer is followed and contaminated.

#4 - Authorities have been notified. Techies have been talked to. No one appears to be knowledgable enough to help.

#5 - Backups have been attempted but every method has been destroyed, reprogrammed, or rendered useless in some way. External hard drives are expensive. After purchasing 2 of them, I found that I only got 2 to 4 months use before they stopped working. Cloud uploads were detoured or the functions for uploading stopped working. DVD's and flash drives froze or had information disappearing from them. Some DVD's/CD's had information, but were checked after successful storage and found to be completely empty. I suspect that they were wiped after putting them back into the machine. The stories go on and on. ETC.

#6 Please answer the question about the iMac Mavericks OS X Preferences Users and Groups password being changed without unlocking. Somehow, all you have to do is to just click the password and change it. This makes it possible for anyone to get in and change anything any time. How is this possible and how to fix it? Also, a login spoof page collects all passwords. How to remove this?

- Collapse -
Answer
Google this.
May 19, 2014 1:52AM PDT

"Shannon Morse shows us how to root her mac in under 10 seconds with a USB Rubber Ducky and a simple script from Patrick Mosca's article."

This means that you can't leave your mac unattended as anyone that wanted to can compromise it in seconds.

While reloading the OS will dust this off, you appear to be asking for more than a discussion. You want REAL SUPPORT and not only that you want FORENSICS.

All that is going to be hard to find and costly. I predict a good consulting firm on this would run in the 6 figures, maybe more.
Bob