Questions

How do I COMPLETELY remove all spyware and set strongest security settings?

+
0 Votes
Locked

How do I COMPLETELY remove all spyware and set strongest security settings?

PaperNPen
I have always been "old school" and preferred to avoid computers whenever possible; so let me start with apologizing for my lack of knowledge, my stupidity for not ever signing up for a computer course and for the length of the explanation below.

Since last November (possibly farther back on an old PC) I have been stalked/harrassed--and I say stalked because I am aware a normal hacker is smart enough to "get in and out" without me knowing---Except for his identity this person has made every attempt to make his presence known leaving dead-end trails of everything he is doing.

1) I need help removing all Spyware, malware, and viruses from my late 2011 Macbook pro, iPhone, and my daughters toshiba notebook and her All-in-1 Gateway PC.

2) I need to know how to prevent this Stalker from gaining access again and how to set highest security on all devices.

I've tried the following repeated times and none of them have worked.
I have re-set all devices to factory setting numerous times.
I have purchased Norton and MacAudit, web root, along with multiple other "apps". I have enabled all security settings from the devices user guides, microsoft security essentials, and have set strongest firewall settings on mac book pro, toshiba notebook, and gateway pc. The Norton software kept changing settings and bypassing --not scanning-- "trusted" certificates. Then kicked me out stating I didn't have administrative rights.
I have taken devices (all bought Nov 2011) back to Apple and Best Buy numerous times. Best Buy has a 14day return policy and the warranty doesn't cover viruses.
Apple refused to say there was anything wrong--they would just reset the devices and reset my security settings--even when they re-configured my hard drive and the laptop crashed again that same day--they swore Mac's don't get viruses....finally after the 4th time the "genius associate" was nice enough to pass me a note with steps to secure my wifi and he whispered I needed to hire "someone" because I had a "serious" issue---but legally all he could do is reset my computer and say nothing was found wrong--then the manager sent him to the "back" and took over the (re-configuring) --he treated me horribly--and rushed me out of the store.
I originally had Time Warner wifi--and they constantly said I didn't have a problem and all security setting were set properly--they just kept pointing the finger back at Apple. Apple pointed finger at Time Warner.
I hired an IT specialist "house call". This person basically dismissed me ---until he had to fight for control of my laptop (with whoever is stalking me). I could only afford 2hr house call and in that time all that the IT tech was able to find out was that my router was OPEN to the public and he took a log of my laptop and my daughters--but never got back to me with who the person is or how to stop it from continuing--he wanted more money.
I went to the police; after an hour of trying to find out which department they should direct me to they said they didn't have the resources and it would be like chasing a ghost. They instructed me to contact the FBI. The FBI said because my identity hadn't been stolen or a specific threat was not placed on my life--it was out of their jurisdiction and I needed to go back to the police.
I decided to move--hoping it would help--it didn't. Oh..and while I was moving my things from my apartment to the moving truck "someone" broke down my front door and broke the lock (I was only gone 20min). Other than the front door being wide open (when I had locked it) and the Lock completely damaged there was no evidence--and nothing was taken so the police were not able to do anything other than direct me to the FBI again. Of course, FBI directed me right back to police and told me I had to "make" the police do their job---it was a local issue.

Below is a small list of things this person has been doing.

1. He continually "fights me" for control of my computer screen and iPhone screen by re-sizing the screen, by changing keyboard shortcut commands, by restricting my access "you don't have administrative rights"--I'm the only user and some of these folders and or files I was the original creator, then by crashing the laptop/iphone as soon as I am able to regain access...etc.
2. this person went as far to put "his" picture as the owner of one of my email accounts---SO every time I open an email from that account his picture pops up (I doubt its a real pic of him). He repeatedly changes the passwords and recovery info on all of my emails--blocking me from gaining access for weeks at a time)--I've had to close and create new accounts multiple times.
3. I happen to bcc myself on an email (using a new email) and when I selected "show all details" of header--there was TWO emails BCC and I didn't create one of them. This person created a Spring PM account for me --with password and everything---he was able to receive a copy of all of my texts and pictures--shortly after finding out about this email he changed my password to my main Sprint account and had my text messaging removed along with my cellular data--Sprint security said this was above them and I had to go to the Police.
4. I have multiple screen-shots of hidden folders/files some that have dates as far back as 2007?? Again my devices are all brand new from November 2011. --Side note--the hidden files/folders are not the ones that are normally hidden for the protection of the system. I also have multiple screen shots of recent history into apps and folders I had not gone into or modified.
5. He has embedded my ICHAT icons with commands (discovered when I clicked restore to original photo)--I never created a logon for ICHAT and I never tried to use that app---but it was constantly showing up in my recent history.
6. In the history I could see my photos and files dropped into the public folder thru "airdrop?" --even though I put all my settings as private and DO NOT SHARE...
7. He crashed and remotely removed my Lion software (or is it a hard drive?) from my new Mac laptop 4 different times. Despite setting all security settings Apple instructed me to do...he has been able to bypass AND change those settings---oh, and prevent me from changing it back.
8. I continually have to disable the setting for FaceTime and photo booth but keep seeing both apps in my history and files from them being "dropped" into the public folder.

This person has invaded my privacy, harassed me, stolen my pictures, my info--all through my mac laptop and my iPhone --- I gave up and quit using both devices for awhile hoping this person would get bored and leave me alone---he got worse-- when he couldn't access me through my devices...he went after my daughters toshiba notebook and all in one gateway PC.

I was a quality manager during the day and I Bartend at night so you can imagine the amount of people I come in contact with on a daily basis. I have no idea who is doing this or why; I just want him to leave me and my daughters alone. I've learned a lot on my own (online) since this has started but I am still a beginner and just need a credible Step by Step guide on what to do and how to completely remove this person out of all of my devices and keep him out. I do not have the funds to hire another IT Tech or buy new computers. One thing I am doing is....looking into IT classes--Ignorance is definitely NOT BLISS.

I want to thank you for just taking time out of your day to read this HOT mess and I appreciate any help or advice you can give me.
  • +
    0 Votes
    SmartAceW0LF

    "Unfortunately he wasn't as proficient with Mac as he previously stated to me and MAC "experts" swear it's impossible for me to have any virus or spyware."

    impossible to have any spyware or viruses on a Mac? Well, in all honesty, I believe a statement like that simply lends more evidence in defining the difference between genius and stupidity. Genius has its limitations.

    My friend it would appear that you are on the fast track in educating yourself about these things. Stay cool. Limit any direct conversation with this individual. Yet maintain vigilance in gleaning all you can about him. As rayman99 said, "It isnt Rocket Science" and indeed that is true. I wish you luck in a quick resolution.

    Chances are, you are giving this guy far too much credit for skills or education. That is easy to do in the elementary stages of anything one deigns to learn. Keep us posted with your efforts. Commentary on your experiences is where the real meat is.

    +
    0 Votes
    jayj200

    good luck!

    +
    0 Votes
    SmartAceW0LF

    so this is the sum total of wit or technical skill you could muster for your first words within this community having nearly four years of involvement with TR?
    Not holding my breath for the next bit of profound enlightenment you care to illuminate us with.

    +
    1 Votes
    pcrx_greg

    The strongest security is only as good as its weakest link. I once told a client that his daughter's PC was infected because she never met a download that she didn't like. His response was that he bought the computer for her and she could do anything with it that whe wanted. Needless to say I quit trying to clean all the crap off her PC. I digress. All of the advice above is great and you need to write down all the suggestions and go through them making a list of the things you will try. As far as Apple computers are concerned, yes they do get virus infections. I read an article today, saying that there is a virus setting up a botnet on Macs. The virus experts estimate%www.techrepublic.com,000 Macs currently infected. Of the ****, almost half are in North America. Apple would like everybody to think that they are immune but their arrogance will only attract the virus authors to target them even more. Here is a link to one of the many articles on the Mac infection: http://arstechnica.com/apple/news/2012/04/new-analysis-backs-half-million-mac-infection-estimate.ars

    +
    0 Votes
    ABCU

    I am very sorry that you and your daughter are going through this.
    I have signed up just to answer your questions (as best that I can)
    I know exactly what your going through as I am dealing with a very similar situation right now.

    "How do I COMPLETELY remove all spyware and set strongest security settings?"

    It really is up to you how seriously you take this whole affair. The combination of strategies that you could use to make yourself as secure as possible would likely be to much for one person to manage so a compromise needs to be reached. Unfortunately there's not certain security software that you can buy then set/forget and just expect to be secure.

    b Security consists of multiple defensive layers combined with constant vigilance especially when your a target. /b

    The methods I will go through although seemingly thorough are by no means exhaustive so you will need to exercise your judgement as to whether the below steps are a ???step to far??? or not enough.

    My first advice to you is to (as much as possible) try and relax as whoever this is wants you to be in disarray not only to hurt you and your daughter, but in order to disrupt your ability to respond.
    Please bear in mind that the psychological effects of a situation like this if prolonged can be horrific and last long after the danger has passed (C-PTSD, BPD etc) so dealing with it now and in the best way possible is imperative especially as a minor is involved and not to mention that it could also escalate. I am not saying these things to scare you but to try and make you aware of where a situation like this can very easily go so that you can be properly motivated to do whats necessary as it's a natural human reaction to go into denial to some degree, which also lessens the effectiveness of your responses.
    Be ready mentally and physically to do ANYTHING as this guy by the sounds of it is not playing, so neither should you, so if you haven't already arm yourself and make sure that both you and you daughter are proficient in its use.

    Secondly keep a (paper) diary of events along with photos, video etc. Keep all of this in a fire resistant/proof safe which is secured to a wall or floor preferably in your basement.
    Once you build a cumulative argument regarding the threat this guy poses to your family you can then drag the police (lazy, inbred C*^~s that they tend to be) kicking and screaming into the situation, till then keep your gun close to hand.

    In short "get your mind right" by any means as you have a lot to do (unless you want to not use the web....like ever again) to get yourself in a position not only where this situation will become manageable but also where you will have a chance of getting whoever this is, depending on his skill of course.

    This is going to be a long post and an even longer process for you to implement which as far as I can tel is going to consist of 5 stages:

    1. Physical security - All other security is derived from this.

    2. Preparation - Auditing the various OS versions, software, drivers, firmware, website usernames and passwords as well as identifying the data you want to backup in order to securely rebuild your various systems.

    3. Implementation - Rebuilding your systems in a physically secure environment using trusted software sources as well as securing (changing then using a good password manager) your various emails and passwords for your online services.

    4. Vigilance & Maintenance - Install and configure Antivirus, Antimalware, Firewall software, Encryption for both your network and HDD's along with a Monitoring solution. Although these measures are by no means a bullet proof vest they will form part of a strategy designed to frustrate this guys attempts to harass you whilst giving you a sense of control which is of course what this guy trying to take away in order to intimidate you.

    5. Contingency Planning - Creating a simple system to return your virtual world to the secure state that you will have created using the first 4 steps when something goes wrong.

    OK that's enough for now as I have to go out and you've more than enough to digest for now.
    Also does anyone know if I'm ok to give this guy my Skype details here?

    +
    1 Votes
    PaperNPen

    I want to thank everyone for taking time to respond and offer advice. I began auditing all of my devices and of course my macbook pro now has the never ending spinning wheel. I was not using the administrator account and did not delete anything. I was just starting an observe and record approach..then poof my laptop has yet again crashed. My Iphone is not responding well either...it took me most the evening to just sign on to this site. So I just wanted to give an update. I will continue to sign on when I can...at this point Im at the genius bar mercy...again..At least this time Im armed with some credible information to hopefully put an end to this.

    +
    0 Votes
    draco vulgaris

    The consumer level routers that you are probably dealing with should reject ANY packets that
    are not responses to requests by devices on your local network! If your router doesn't work that way, try to get one that does. My home network works in just that way. I've never had a problem with it.

    If you are using any sort of wireless connection, consider replacing it with wire! Wireless can
    be "heard" a hundred feet away or more. It may be encrypted but the encryption is NOT unbreakable!

    +
    0 Votes
    Interstellar Towel

    I'm not an expert by any means, but I was wondering whether you have remote management or remote login enabled on your Mac? If so, you'll want to disable both right away, before you reconnect it to your network, whether wired or wireless. By the way, wired connections, as mentioned above, are capable of being hacked, but they're still much more secure than wireless, IMO. And it is likely that your stalker is taking paths of least resistance -- particularly since you mentioned that at one point your router had no security at all. After your systems are confirmed clean, you might consider (as suggested above) using ONLY a wired network in your home for the time being.

    +
    1 Votes
    PaperNPen

    Please know I have exhaustedly rwmoved all sharing and all remote access to my devices--repeatedly. Everytime I sign off then sign back in..all my sertings have been changed..This person was so bold to fight me for my screen and he continually kept checking the box That I kept unchecking...until Im no longer even given the option to change the setting because its either grayed out or says I do not have permission to access...After I followed everyones advice here...my plan was to definetly get rid of wireless---on top of setting a regular audit and security plan fir all devices---now everything is on hold for the moment because this person has crashed my laptop...one of my daughters phones...and it looks like my Iphone is next on that list. Will update everyone after I bring my devices to Apple tomorrow. Again thank you so much.

    +
    1 Votes
    kamaruzaman

    May I know how you rebuild the crash Iphone/MAC?.
    I am not a MAC user so I dont know how to rebuild a crashed MAC.
    Maybe the recovery media/cd/usb/harddisk have been infected by viruses/trojan or scripts.
    May be the backup files also being infected.

    If you have any backup image try to avoid to use them while rebuilding the system

    Try to get a fresh system and new Router.

    Good luck,
    Kzaman

    +
    1 Votes
    rpollard

    This guy is persistent. Never heard of such.

    I'm no expert but the advice you have been given seems sound.

    The things I would do:

    1. Get rid of the router and get a router that has superior security.
    2. ONLY use wired as wireless is much less secure.
    3. Take the PCs back to a minimum installation and don't put any of your personal files on it until you get this guy/gal locked out for good as you will spend an inordinate amount of time restoring every time you redo your system. And, it may remove infected files. After you're satisfied they have been locked out I would move a folder in at a time, maybe a folder a day until I was satisfied they are gone for good.
    4. Get a packet sniffer and learn how to use it. They probably make a version of WireShark for the Mac. This may give you a clue as to what is going on. It may require an expert in the end but it sounds like this guy is using a commonly used tool to gain access to screen sharing/control capabilities. The Mac is running Darwin in the background and X with all it's components may even be installed which may give them the capability of controlling your system.
    5. De-install all applications down to just the bare minimum. Things like web browsing is the only thing I would have on there. I would limit my visits and definitely log where I go and when. Space out the visits to each different location to see if you can find out which one he may be using, if any. I would even go as far as getting an imager that would burn an image of the OS after I de-installed all unnecessary apps, that I could use to reset the Mac every time something goes wrong. Research every process that is running and make sure you absolutely have to have it in order for the system to run.
    6. Write down all processes that run after the initial installation and then monitor the processes to find out when that changes and what has been added. Research anything that gets added. Do this before connecting to the Internet. Then, after connecting to the Internet, continue monitoring to find the added processes.
    7. I would not install Malware and Antivirus products since they have been useless so far. I would only do this once the problem has been resolved. Doesn't sound like he's using a known Malware/Antivirus signature that is being recognized anyway. Like I said MINIMAL, bare bones installation.
    8. As another poster pointed out, when you set up the wireless connection use MAC filtering on the router so that it filters out anything that doesn't involve your MAC address on your Mac. Sounds a bit confusing but the MAC address is assigned by the manufacturer and is unique to each computer built. I would set up the wireless connection only after I ran pest free on the wired connection.
    9. Do not use the wireless connection on your iPhone. Turn off wireless and use 3G only until you get this resolved. And, don't let your daughter connect to your local network at all either with her PC or phone. turn off networking on her system until this is resolved. He/she may be using the PC as a back door.
    10. If you still want to employ a Mac expert, you already know the things to ask at this point but I will re-iterate:
    1. First question to the candidate is, do you believe Macs can get viruses/malware/root kits, etc.
    2. Secondly, have you any experience removing any viruses/malware, etc. on a Mac.
    3. Do you have any experience securing wireless routers.
    4. Do you have any Unix experience
    5. Do you have any experience with packet sniffers.
    6. Outline to me what your basic approach to security is.
    7. Do you have any experience with non-technical security breaches (social, etc.)
    8. Are you willing to work on a per problem basis and only get paid if you're successful after a cool down period like a week or a month (at your discretion). If they know what they're doing and are very confident they may not only agree to that but may even help you out just for the challenge rather than the money.
    I may have missed something in this list but you should get the idea.

    This list is not in the correct order but you shouldn't have any trouble figuring out the order. If you need any more advice I'll get the email as I have selected the Email me any responses checkbox. Like I said, I'm not a security expert but I might be able to contribute a small portion to the ultimate solution with everyone else here.

    +
    1 Votes
    jpnagle59

    I can understand your problem, and it sounds like a huge one! I would like to send you a private message, but I can not do so unless you choose to follow me. You can click my TR name, jpnagle59, at the bottom of the post and it will take you to my little old page, click the 'Follow Button' and that will allow us to have a private message. You can always 'Un-Follow' me after that. Just want to discuss some items with you...respectfully, jpnagle59.

    +
    0 Votes
    SmartAceW0LF

    I too had the same desire. That said, choose a person and stick with them. Too many chefs spoil the broth.

    +
    0 Votes
    jpnagle59

    ...agreed...it is comforting to know that there are good people here who DO want to help...

    +
    0 Votes
    fnoy

    Someone is messing up your life - of course. If you have reset all passwords and carried out all forms of security changes, then the answer must lie elsewhere.
    One thing at a time. Just secure one computer - yours. It is important that YOU control everything. Sorry to say this, but keep your daughter out.
    See what happens.
    Come on back and we will go from there.

  • +
    0 Votes
    SmartAceW0LF

    "Unfortunately he wasn't as proficient with Mac as he previously stated to me and MAC "experts" swear it's impossible for me to have any virus or spyware."

    impossible to have any spyware or viruses on a Mac? Well, in all honesty, I believe a statement like that simply lends more evidence in defining the difference between genius and stupidity. Genius has its limitations.

    My friend it would appear that you are on the fast track in educating yourself about these things. Stay cool. Limit any direct conversation with this individual. Yet maintain vigilance in gleaning all you can about him. As rayman99 said, "It isnt Rocket Science" and indeed that is true. I wish you luck in a quick resolution.

    Chances are, you are giving this guy far too much credit for skills or education. That is easy to do in the elementary stages of anything one deigns to learn. Keep us posted with your efforts. Commentary on your experiences is where the real meat is.

    +
    0 Votes
    jayj200

    good luck!

    +
    0 Votes
    SmartAceW0LF

    so this is the sum total of wit or technical skill you could muster for your first words within this community having nearly four years of involvement with TR?
    Not holding my breath for the next bit of profound enlightenment you care to illuminate us with.

    +
    1 Votes
    pcrx_greg

    The strongest security is only as good as its weakest link. I once told a client that his daughter's PC was infected because she never met a download that she didn't like. His response was that he bought the computer for her and she could do anything with it that whe wanted. Needless to say I quit trying to clean all the crap off her PC. I digress. All of the advice above is great and you need to write down all the suggestions and go through them making a list of the things you will try. As far as Apple computers are concerned, yes they do get virus infections. I read an article today, saying that there is a virus setting up a botnet on Macs. The virus experts estimate%www.techrepublic.com,000 Macs currently infected. Of the ****, almost half are in North America. Apple would like everybody to think that they are immune but their arrogance will only attract the virus authors to target them even more. Here is a link to one of the many articles on the Mac infection: http://arstechnica.com/apple/news/2012/04/new-analysis-backs-half-million-mac-infection-estimate.ars

    +
    0 Votes
    ABCU

    I am very sorry that you and your daughter are going through this.
    I have signed up just to answer your questions (as best that I can)
    I know exactly what your going through as I am dealing with a very similar situation right now.

    "How do I COMPLETELY remove all spyware and set strongest security settings?"

    It really is up to you how seriously you take this whole affair. The combination of strategies that you could use to make yourself as secure as possible would likely be to much for one person to manage so a compromise needs to be reached. Unfortunately there's not certain security software that you can buy then set/forget and just expect to be secure.

    b Security consists of multiple defensive layers combined with constant vigilance especially when your a target. /b

    The methods I will go through although seemingly thorough are by no means exhaustive so you will need to exercise your judgement as to whether the below steps are a ???step to far??? or not enough.

    My first advice to you is to (as much as possible) try and relax as whoever this is wants you to be in disarray not only to hurt you and your daughter, but in order to disrupt your ability to respond.
    Please bear in mind that the psychological effects of a situation like this if prolonged can be horrific and last long after the danger has passed (C-PTSD, BPD etc) so dealing with it now and in the best way possible is imperative especially as a minor is involved and not to mention that it could also escalate. I am not saying these things to scare you but to try and make you aware of where a situation like this can very easily go so that you can be properly motivated to do whats necessary as it's a natural human reaction to go into denial to some degree, which also lessens the effectiveness of your responses.
    Be ready mentally and physically to do ANYTHING as this guy by the sounds of it is not playing, so neither should you, so if you haven't already arm yourself and make sure that both you and you daughter are proficient in its use.

    Secondly keep a (paper) diary of events along with photos, video etc. Keep all of this in a fire resistant/proof safe which is secured to a wall or floor preferably in your basement.
    Once you build a cumulative argument regarding the threat this guy poses to your family you can then drag the police (lazy, inbred C*^~s that they tend to be) kicking and screaming into the situation, till then keep your gun close to hand.

    In short "get your mind right" by any means as you have a lot to do (unless you want to not use the web....like ever again) to get yourself in a position not only where this situation will become manageable but also where you will have a chance of getting whoever this is, depending on his skill of course.

    This is going to be a long post and an even longer process for you to implement which as far as I can tel is going to consist of 5 stages:

    1. Physical security - All other security is derived from this.

    2. Preparation - Auditing the various OS versions, software, drivers, firmware, website usernames and passwords as well as identifying the data you want to backup in order to securely rebuild your various systems.

    3. Implementation - Rebuilding your systems in a physically secure environment using trusted software sources as well as securing (changing then using a good password manager) your various emails and passwords for your online services.

    4. Vigilance & Maintenance - Install and configure Antivirus, Antimalware, Firewall software, Encryption for both your network and HDD's along with a Monitoring solution. Although these measures are by no means a bullet proof vest they will form part of a strategy designed to frustrate this guys attempts to harass you whilst giving you a sense of control which is of course what this guy trying to take away in order to intimidate you.

    5. Contingency Planning - Creating a simple system to return your virtual world to the secure state that you will have created using the first 4 steps when something goes wrong.

    OK that's enough for now as I have to go out and you've more than enough to digest for now.
    Also does anyone know if I'm ok to give this guy my Skype details here?

    +
    1 Votes
    PaperNPen

    I want to thank everyone for taking time to respond and offer advice. I began auditing all of my devices and of course my macbook pro now has the never ending spinning wheel. I was not using the administrator account and did not delete anything. I was just starting an observe and record approach..then poof my laptop has yet again crashed. My Iphone is not responding well either...it took me most the evening to just sign on to this site. So I just wanted to give an update. I will continue to sign on when I can...at this point Im at the genius bar mercy...again..At least this time Im armed with some credible information to hopefully put an end to this.

    +
    0 Votes
    draco vulgaris

    The consumer level routers that you are probably dealing with should reject ANY packets that
    are not responses to requests by devices on your local network! If your router doesn't work that way, try to get one that does. My home network works in just that way. I've never had a problem with it.

    If you are using any sort of wireless connection, consider replacing it with wire! Wireless can
    be "heard" a hundred feet away or more. It may be encrypted but the encryption is NOT unbreakable!

    +
    0 Votes
    Interstellar Towel

    I'm not an expert by any means, but I was wondering whether you have remote management or remote login enabled on your Mac? If so, you'll want to disable both right away, before you reconnect it to your network, whether wired or wireless. By the way, wired connections, as mentioned above, are capable of being hacked, but they're still much more secure than wireless, IMO. And it is likely that your stalker is taking paths of least resistance -- particularly since you mentioned that at one point your router had no security at all. After your systems are confirmed clean, you might consider (as suggested above) using ONLY a wired network in your home for the time being.

    +
    1 Votes
    PaperNPen

    Please know I have exhaustedly rwmoved all sharing and all remote access to my devices--repeatedly. Everytime I sign off then sign back in..all my sertings have been changed..This person was so bold to fight me for my screen and he continually kept checking the box That I kept unchecking...until Im no longer even given the option to change the setting because its either grayed out or says I do not have permission to access...After I followed everyones advice here...my plan was to definetly get rid of wireless---on top of setting a regular audit and security plan fir all devices---now everything is on hold for the moment because this person has crashed my laptop...one of my daughters phones...and it looks like my Iphone is next on that list. Will update everyone after I bring my devices to Apple tomorrow. Again thank you so much.

    +
    1 Votes
    kamaruzaman

    May I know how you rebuild the crash Iphone/MAC?.
    I am not a MAC user so I dont know how to rebuild a crashed MAC.
    Maybe the recovery media/cd/usb/harddisk have been infected by viruses/trojan or scripts.
    May be the backup files also being infected.

    If you have any backup image try to avoid to use them while rebuilding the system

    Try to get a fresh system and new Router.

    Good luck,
    Kzaman

    +
    1 Votes
    rpollard

    This guy is persistent. Never heard of such.

    I'm no expert but the advice you have been given seems sound.

    The things I would do:

    1. Get rid of the router and get a router that has superior security.
    2. ONLY use wired as wireless is much less secure.
    3. Take the PCs back to a minimum installation and don't put any of your personal files on it until you get this guy/gal locked out for good as you will spend an inordinate amount of time restoring every time you redo your system. And, it may remove infected files. After you're satisfied they have been locked out I would move a folder in at a time, maybe a folder a day until I was satisfied they are gone for good.
    4. Get a packet sniffer and learn how to use it. They probably make a version of WireShark for the Mac. This may give you a clue as to what is going on. It may require an expert in the end but it sounds like this guy is using a commonly used tool to gain access to screen sharing/control capabilities. The Mac is running Darwin in the background and X with all it's components may even be installed which may give them the capability of controlling your system.
    5. De-install all applications down to just the bare minimum. Things like web browsing is the only thing I would have on there. I would limit my visits and definitely log where I go and when. Space out the visits to each different location to see if you can find out which one he may be using, if any. I would even go as far as getting an imager that would burn an image of the OS after I de-installed all unnecessary apps, that I could use to reset the Mac every time something goes wrong. Research every process that is running and make sure you absolutely have to have it in order for the system to run.
    6. Write down all processes that run after the initial installation and then monitor the processes to find out when that changes and what has been added. Research anything that gets added. Do this before connecting to the Internet. Then, after connecting to the Internet, continue monitoring to find the added processes.
    7. I would not install Malware and Antivirus products since they have been useless so far. I would only do this once the problem has been resolved. Doesn't sound like he's using a known Malware/Antivirus signature that is being recognized anyway. Like I said MINIMAL, bare bones installation.
    8. As another poster pointed out, when you set up the wireless connection use MAC filtering on the router so that it filters out anything that doesn't involve your MAC address on your Mac. Sounds a bit confusing but the MAC address is assigned by the manufacturer and is unique to each computer built. I would set up the wireless connection only after I ran pest free on the wired connection.
    9. Do not use the wireless connection on your iPhone. Turn off wireless and use 3G only until you get this resolved. And, don't let your daughter connect to your local network at all either with her PC or phone. turn off networking on her system until this is resolved. He/she may be using the PC as a back door.
    10. If you still want to employ a Mac expert, you already know the things to ask at this point but I will re-iterate:
    1. First question to the candidate is, do you believe Macs can get viruses/malware/root kits, etc.
    2. Secondly, have you any experience removing any viruses/malware, etc. on a Mac.
    3. Do you have any experience securing wireless routers.
    4. Do you have any Unix experience
    5. Do you have any experience with packet sniffers.
    6. Outline to me what your basic approach to security is.
    7. Do you have any experience with non-technical security breaches (social, etc.)
    8. Are you willing to work on a per problem basis and only get paid if you're successful after a cool down period like a week or a month (at your discretion). If they know what they're doing and are very confident they may not only agree to that but may even help you out just for the challenge rather than the money.
    I may have missed something in this list but you should get the idea.

    This list is not in the correct order but you shouldn't have any trouble figuring out the order. If you need any more advice I'll get the email as I have selected the Email me any responses checkbox. Like I said, I'm not a security expert but I might be able to contribute a small portion to the ultimate solution with everyone else here.

    +
    1 Votes
    jpnagle59

    I can understand your problem, and it sounds like a huge one! I would like to send you a private message, but I can not do so unless you choose to follow me. You can click my TR name, jpnagle59, at the bottom of the post and it will take you to my little old page, click the 'Follow Button' and that will allow us to have a private message. You can always 'Un-Follow' me after that. Just want to discuss some items with you...respectfully, jpnagle59.

    +
    0 Votes
    SmartAceW0LF

    I too had the same desire. That said, choose a person and stick with them. Too many chefs spoil the broth.

    +
    0 Votes
    jpnagle59

    ...agreed...it is comforting to know that there are good people here who DO want to help...

    +
    0 Votes
    fnoy

    Someone is messing up your life - of course. If you have reset all passwords and carried out all forms of security changes, then the answer must lie elsewhere.
    One thing at a time. Just secure one computer - yours. It is important that YOU control everything. Sorry to say this, but keep your daughter out.
    See what happens.
    Come on back and we will go from there.