4 Replies Latest reply: Feb 17, 2013 5:30 PM by Goody7
Goody7 Level 1 Level 1 (0 points)

Is there a way to tell which .plis files in launch agent and daemons folders are trojans or malicious script?

  • 1. Re: Deleting .plist files
    red_menace Level 6 Level 6 (14,610 points)

    Usually the plist file will be named after the bundle identifier of the application, but you can also just look in the file to see what application is being run.

  • 2. Re: Deleting .plist files
    Goody7 Level 1 Level 1 (0 points)

    Do any of these look suspicious to you: 

     

    file://localhost/System/Library/LaunchDaemons/edu.mit.Kerberos.kadmind.plist

    file://localhost/System/Library/LaunchDaemons/edu.mit.Kerberos.krb5kdc.plist

    file://localhost/System/Library/LaunchDaemons/exec.plist

    file://localhost/System/Library/LaunchDaemons/finger.plist

    file://localhost/System/Library/LaunchDaemons/ftp.plist

    file://localhost/System/Library/LaunchDaemons/login.plist

    file://localhost/System/Library/LaunchDaemons/nmbd.plist

    file://localhost/System/Library/LaunchDaemons/ntalk.plist

    file://localhost/System/Library/LaunchDaemons/org.amavis.amavisd_cleanup.plist

    file://localhost/System/Library/LaunchDaemons/org.amavis.amavisd.plist

    file://localhost/System/Library/LaunchDaemons/org.apache.httpd.plist

    file://localhost/System/Library/LaunchDaemons/org.cups.cups-lpd.plist

    file://localhost/System/Library/LaunchDaemons/org.cups.cupsd.plist

    file://localhost/System/Library/LaunchDaemons/org.isc.named.plist

    file://localhost/System/Library/LaunchDaemons/org.net-snmp.snmpd.plist

    file://localhost/System/Library/LaunchDaemons/org.ntp.ntpd.plist

    file://localhost/System/Library/LaunchDaemons/org.postfix.master.plist

    file://localhost/System/Library/LaunchDaemons/org.samba.winbindd.plist

    file://localhost/System/Library/LaunchDaemons/org.x.privileged_startx.plist

    file://localhost/System/Library/LaunchDaemons/shell.plist

    file://localhost/System/Library/LaunchDaemons/smbd.plist

    file://localhost/System/Library/LaunchDaemons/ssh.plist

    file://localhost/System/Library/LaunchDaemons/telnet.plist

    file://localhost/System/Library/LaunchDaemons/tftp.plist

  • 3. Re: Deleting .plist files
    red_menace Level 6 Level 6 (14,610 points)

    Not really, but items in the /System/Library/ folder are part of the system - nothing should be messing with or putting items there.  Anything installed by you should have been installed in the /Library or ~/Library folders.

  • 4. Re: Deleting .plist files
    Goody7 Level 1 Level 1 (0 points)

    Thanks dude!!