• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Was RemoveSymantecMacFiles run by someone hacking our computer

We noticed that the RemoveSymantecMacFiles.command script was open in a terminal window on our Mac.  Is it possible that this was run from an autoupdate process, or was our computer hacked by someone trying to uninstall Norton manually.

Thanks

Replies

Kudos0

Re: Was RemoveSymantecMacFiles run by someone hacking our computer

We noticed that the RemoveSymantecMacFiles.command script was open in a terminal window on our Mac.  Is it possible that this was run from an autoupdate process, or was our computer hacked by someone trying to uninstall Norton manually.

Thanks

Kudos0

Re: Was RemoveSymantecMacFiles run by someone hacking our computer

Unless you had launched RemoveSymantecMacFiles yourself at some point, or the Symantec Uninstaller, it does seem a little suspicious.  I don't recall any cases where a Symantec update would run it, only an uninstall (and then, only if normal uninstall processes failed).

Is it possible you had run it some time ago, and the automatic re-opening of windows on reboot was just showed the old window?  Has your NAV or NIS installation been removed?

Kudos0

Re: Was RemoveSymantecMacFiles run by someone hacking our computer

It is unlikely the window was left open as I don't think we tried to uninstall NIS.  We are also seeing the Antivirus Autoprotection switches turned off (at other times quickly turning from red to green on the switches) when entering the options window.  Since we are dealing with identity theft this is very worrying.

Kudos0

Re: Was RemoveSymantecMacFiles run by someone hacking our computer

In addition, Antivirus is turned off after every reboot.  This happened even after a removal and re-install of NIS

Kudos0

Re: Was RemoveSymantecMacFiles run by someone hacking our computer

Which version of NAV are you using?  The problem of it being disabled on reboot sounds like an issue that I believe was addressed a couple revisions ago.

One thing that may be somewhat reassuring is that the removal tool does require an admin password to run.

This thread is closed from further comment. Please visit the forum to start a new thread.