Macbook Air got hacked....

[SwervinPersian]

So i used to own a macbook air which i ended up giving to my mother, she's been using it for a while but now she ran into some issues. First she installed Macbook Keeper (this AV software which I googled years ago when I first got the Air, but never installed it after reading these AV software's cause more problems) which started something weird. Not only did it cause her more problems, but she ended up getting a phone call (home phone) from this Indian dude claiming he's some tech support. She did not fall for it and pretty much told the guy to F off. Keep in mind this is somebody who never shares their info around on sites, and has been enforcing me to do the same. Now alongside the disturbing fact that somebody could have hacked her phone number from her laptop and tried to sell her some bs software, she cannot use her laptop properly now. According to her, it keeps 'hanging', and that something keeps popping on the side (flowers?) and she just cannot do her work. I have not seen this myself, but I have uninstalled Macbook Keeper from her laptop but this 'hanging' issue is still due. 

I wanted to do a fresh Mac start (so backup her files and install Yosemite again), but I wanted to ask this forum if they got any better ideas? Also any of you can make an educated guess what is going on here, hack...no hack?

[GDRRiley]

fresh install. 

[LtStaffel]

A tech support scam could easily just be phishing, not necessarily linked to the MacBook's issues.

 

It's hard to tell what is wrong with the device itself from what you've said. If you could share screenshots of the "flowers" and maybe give a bit more information as to what she was doing when it "hangs", whether it is random or program related, those things would help a diagnosis.

 

I know MacBook's can get hot, no clue if that's related in any way, plus your Mom sounds smart enough to know if it's overheating or not.

 

Maybe check for open ports, if it's hacked then it's almost definitely got an open port for the attacker to connect back on. The port could easily be 80 or 443 and therefore unidentifiable, but it's good to check.

[SwervinPersian]

2 minutes ago, LtStaffel said:

Maybe check for open ports, if it's hacked then it's almost definitely got an open port for the attacker to connect back on. The port could easily be 80 or 443 and therefore unidentifiable, but it's good to check

What do you mean with this? Where can one check this?

[LtStaffel]

6 minutes ago, SwervinPersian said:

What do you mean with this? Where can one check this?

Try the two commands suggested here. Look for ports besides 80 and 443. Look where it says "localhost:NUMBER", the number is a port. You can see what ports are doing what. Look for suspiscious ones. Before looking up how to close a port though, just Google the specific port and make sure it's not something legitimate, there are a lot of legitimate ports to have open.

 

Ports are...

They're like the gates for the internet on your machine and servers.

80 is HTTP and 443 is HTTPS, so when you request a web page on a server over HTTP, your computer sends a request out of port 80 and expects a reply to port 80. It's for organization of the traffic. If an attacker hacked the machine and wanted to connect back to it for remote control, then the program is going to listen on a port for incoming commands. There are a bunch of ports that could be open on the laptop legitimately, and IF it's hacked and IF the hacker is smart, he'd use a port that's already open and allowed. But if he's a "script kiddie" and used something off the internet, then it's probably using port 31337 or 1337 (ELITE and LEET respectively).

 

Your firewall manages ports.

 

(NOTE ::: I seriously doubt the device is hacked, but this is the only real way to check besides an AV that I know of.)

[samiscool51]

25 minutes ago, LtStaffel said:

A tech support scam could easily just be phishing, not necessarily linked to the MacBook's issues.

still, there aren't many viruses for OSX due to how it's opereating system handles permissions for applications and partitions

there are some that can do what he's describing and more, recently a security hole was found in the operating system that allows applications to access it's internal workings without being detected

i don't think the air runs the latest version of OSX so it might be unprotected

anyways the wipe the opereating system, any accounts connected or accessed via it should have the password changed

[LtStaffel]

24 minutes ago, samiscool51 said:

still, there aren't many viruses for OSX due to how it's opereating system handles permissions for applications and partitions

There aren't "many" only by comparison to Windows and other applications. There are plenty of vulnerabilities in anything.