Link to home
Start Free TrialLog in
Avatar of Dwight Baer
Dwight BaerFlag for Canada

asked on

Why did the Malwarebytes scan on my MAC take only 2 seconds?

My friend fell victim just now to a scam.  He connected to a website in order to live-stream a hockey game.  Then a pop-up appeared, telling him that his Mac was infected and he should call a certain number, which he did ... Innocently, he allowed these guys to remote in to his Mac and "do a scan".  Then later on he was worried and called me.
I connected to his Mac (using Teamviewer) and installed Malwarebytes, and ran it.  It took only two seconds or so to scan, and reported no threats.
Unconvinced, I went to housecall.trendmicro.com and downloaded their scanner.  It also took only two seconds.
I am not experienced with Macs.  Is it possible that those two products could finish a scan of his system regardless of how much stuff he had on it, in such a short time?
Or is the malware software that I'm sure these guys installed somehow short-circuiting the malware scanning software?
SOLUTION
Avatar of Thomas Zucker-Scharff
Thomas Zucker-Scharff
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dwight Baer

ASKER

My friend has gone to bed for the night and unplugged his computer.  It's only less than 2 years old.

I'll get back to you tomorrow with the exact model of machine, and the OS version.

I had him change all the passwords to his email and bank accounts.  But now I'm wondering if there could be some keystroke-logging software installed that now knows all his new passwords.

Yuck.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Will have him call the police.  Thanks.  I'll leave this open for now and update with further info tomorrow.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Most likely, the scammers copied files from the computer and set up a backdoor to access your friend's mac.

If you were knowledgeable about a Mac's unix internals, I would suggest other things to try on the command line.  It works just like linux/unix and you can run commands to find any rootkits yourself and check.  You'd still need to understand what programs are supposed to run on a Mac so you can see what you needed to find.

If you know the dates, you can also look through the log files with the console.app or via command line to see if there was anything suspicious there as well.  You should do all this via safe mode or single user mode.
Thanks everyone, you/we were very very helpful to a student in a crisis situation.