Apple Users
Related: About this forumso, i picked up some malware. something called 'p'
it is fiddling w my info on websites. 2 laptops, both have it.
it's been a nightmare, actually. it has even sent payments that i made and email i sent into outer space.
i took both of them to my local mac specialist, and they couldnt find it.
i found this quora thread, where some guy insists it doesnt/can exist.
https://www.quora.com/On-my-Mac-it-reports-a-malware-file-called-p-that-was-made-and-opened-a-few-moments-ago-It-does-this-very-commonly-What-can-I-do-to-stop-this
but it's right there in my activity monitor.
the mac guys reinstalled my os, but it just started back up. it starts w a dialog box that says- apple wants to make changes, enter your password.
now, i am not that stupid, but it takes 3 tries to cancel it.
after that, i found myself resetting passwords left and right. it even hosed up the admin password.
i'm using my pad now, but sites i accessed from the laptop are hosed for me.
so far no evidence that my info has been used, but what i think it is doing is using my cpu. when this thing comes up, it pegs.
it even messed up applications. i was using itunes on it, not on the web, but it went squirrelly on me. try to switch from what is playing, and it just wont.
it even hacked my indesign. it hijacked the control key.
scared the crap out of my when it happened. figured i was being spied on.
thoughts?
C_U_L8R
(45,693 posts)It's both free and paid. And works cross platform.
mopinko
(71,813 posts)this is no ordinary crap.
mopinko
(71,813 posts)no contact info. i'm not going to use them if they cant tell me they know what this is.
it would require me getting on the web to download, and i doubt either of these machines will let me download it. i have had issues trying to download other stuff.
C_U_L8R
(45,693 posts)Tetrachloride
(8,448 posts)1. First, make backups. Keychains especially. Take some screenshots or camera shots.
2. Next, call your bank. Change your credit and debit cards.
3. Call AppleCare and ask them about "p".
4. Offer to send a screenshot.
5. They may ask you to enable Screen Sharing. Agree to this. This will require your password. They will analyze your computer using "your" mouse and keyboard from their system.
--- note: only do this with an AppleCare person.
6. Then it gets trickier. Making sure your internet accounts where you spend money are safe.
7. Whatever you do, do not get MacKeeper or CleanMyMac.
8. Javascript in your browser and emails is a powerful thing. This is part of how major websites work. Its often part of attacks. A browser with built-in protection such as Epic (see epic. browser. dot com ) or third party extensions for Safari or Chrom or Firefox will help. On Safari on my iPhone, I keep Javascript off in general. its a balance. Either keep Javascript off -- or take action using extensions.
9. Consider asking your mac specialist to install a HOSTS file, if you don't know how. Its easy and alleviates some risk, not to mention advertisers. (they are easy to remove also. )
----------
The main things are -- BACKUPS and TALK TO YOUR BANK. then go from there.
mopinko
(71,813 posts)so, i'm looking for specific info on this particular thing.
thanks tho.
Tetrachloride
(8,448 posts)There's an authorized Apple dealer a mile from me. Two weeks ago, I went to that store to ask a question. They had to call the main office to get an answer. Later on, I found out how bad the answer was.
You may need to provide your Mac serial number in this AppleCare call. See the ABOUT THIS MAC in top left.
Tetrachloride
(8,448 posts)Or post here, and I will find a way.
soothsayer
(38,601 posts)mopinko
(71,813 posts)it came up, it's in the activity monitor. i shut it down, so hopefully they will be able to fix it this time.
i'm just trying to find out more about it in the meantime.
LiberalArkie
(16,504 posts)It is more that likely associated with your current username.
mopinko
(71,813 posts)like, my bank is under my social, etc.
those i cant change.
LiberalArkie
(16,504 posts)or in you user folder.. Entirely different places. I personally think it is in your safari cache,
Tetrachloride
(8,448 posts)(Once upon a time, I was pretty good at this stuff. At the time, nobody needed what I knew.)
Auggie
(31,801 posts)Auggie
(31,801 posts)mopinko
(71,813 posts)trouble is, i search for p and i cant find it.
i even sampled it and searched lines of the code and couldnt find it.
not surprised you cant trash it, tho. this is some slippery shit.
CloudWatcher
(1,923 posts)With the finder interface? Or with a 'sudo find' command in terminal? It could be in a directory that isn't indexed by the usual speedy search engines.
It could also be overwriting the command name. Not sure what macOS does these days, but it used to be that you could stuff a string into argv[0] and have it appear as you wanted in the output of 'ps' (or activity monitor).
mopinko
(71,813 posts)not sure if i want to monkey w it. but for future reference, thank you.
mopinko
(71,813 posts)i'll get it into the repair guys and see if they can figure it out.
from what i have read, apple doesnt believe this is a thing.
i have to talk to them AGAIN at my bank, tho. it is the one place where resetting my info isnt working. i get in, then next time i try, i cant.
obviously this thing is in their system too.