1 2 3 4 5 Previous Next 92 Replies Latest reply: Jul 11, 2014 12:47 PM by lebeaupoete Go to original post
  • 30. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    redoironman10 Level 1 Level 1 (0 points)

    I ran the command above and i have no idea what they mean i ran across sba_ListenerAgent.Plist and net nanny which i am aware is on my comp but what exactly is sba_listner?I am posting my results pls help thankyou!

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AudioMixEngine.framework

    BackRow.framework

    EWSMac.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iPhotoAccess.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    SBA_ListenerAgent.plist

    com.adobe.AAM.Updater-1.0.plist

    com.contentwatch.NetNanny.agent.plist

     

    /Library/LaunchDaemons:

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.apple.remotepairtool.plist

    com.cleverfiles.cfbackd.plist

    com.contentwatch.NetNanny.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    NetNanny

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

    com.adobe.SwitchBoard.monitor.plist

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

    MAELS___.TTF

     

    Library/Frameworks:

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    doubleTwistWebPlugin.bundle

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.C0FB4FC2-260B-4B66-9269-B70 199AACDAA.plist

    com.apple.CSConfigDotMacCert-marshad10@me.com-SharedServices.Agent.plist

     

    Library/PreferencePanes:

    Perian.prefPane

     

    Library/QuickTime:

    AC3MovieImport.component

    Perian.component

     

    Library/Services:

    ToastIt.service

    Thes-iMac:~ thecomputer$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, KGShareApp

    Thes-iMac:~ thecomputer$

    Thes-iMac:~ thecomputer$

  • 31. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    neuegirl Level 1 Level 1 (0 points)

    Hi -- Same Problem here, too...

    Can anyone check my process and let me know if I have spyware installed on my imac?

    Thank you.

     


     

    Last login: Sat Sep 29 09:27:03 on ttys001

    Last login: Sun Mar 24 09:27:46 on console

    ool-182fabae:~ Amanda$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    ool-182fabae:~ Amanda$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

     

    ool-182fabae:~ Amanda$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    ool-182fabae:~ Amanda$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

    com.adobe.versioncueCS4

    com.adobe.versioncueCS3

    com.adobe.SwitchBoard

    com.adobe.fpsaud

    ool-182fabae:~ Amanda$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.wacom.wacomtablet

    com.adobe.CS5ServiceManager

    com.adobe.CS4ServiceManager

    com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9

    com.adobe.AAM.Scheduler-1.0

    ool-182fabae:~ Amanda$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    HPDeviceModel.framework

    HPPml.framework

    HPServicesInterface.framework

    HPSmartPrint.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    Disabled Plug-Ins

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    WacomNetscape.plugin

    WacomSafari.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    npContributeMac.bundle

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.CS4ServiceManager.plist

    com.adobe.CS5ServiceManager.plist

    com.wacom.wacomtablet.plist

     

    /Library/LaunchDaemons:

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.adobe.versioncueCS3.plist

    com.adobe.versioncueCS4.plist

    com.apple.remotepairtool.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Growl.prefPane

    HP Scanners.prefPane

    VersionCueCS3.prefPane

    VersionCueCS4.prefPane

    WacomTablet.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    SoundboothScoreCodec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

  • 32. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    eolson1968 Level 1 Level 1 (0 points)

    Can someone please help he too. here is what i got.......

     

    Last login: Sun Mar 24 21:26:14 on ttys000

    unknownd8a25e91a94f:~ ericolson$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    at.obdev.nke.LittleSnitch (3908)

    unknownd8a25e91a94f:~ ericolson$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    com.adobe.fpsaud

    at.obdev.littlesnitchd

    unknownd8a25e91a94f:~ ericolson$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    at.obdev.LittleSnitchUIAgent

    unknownd8a25e91a94f:~ ericolson$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AudioMixEngine.framework

    EWSMac.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Flash Player.plugin

    QuickTime Plugin.plugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

    /Library/Internet Plug-Ins (Disabled):

    Flash Player.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    at.obdev.LittleSnitchUIAgent.plist

     

    /Library/LaunchDaemons:

    at.obdev.littlesnitchd.plist

    com.adobe.fpsaud.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

     

    /Library/QuickTime:

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

     

    Library/Fonts:

     

    Library/Frameworks:

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    Google Earth Web Plug-in.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

     

    Library/PreferencePanes:

    unknownd8a25e91a94f:~ ericolson$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Microsoft Database Daemon, HP Product Research

    unknownd8a25e91a94f:~ ericolson$

  • 33. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    mistawalker Level 1 Level 1 (0 points)

    here is my output,  any keyloggers?

     

     

    Last login: Tue Jun  4 11:34:37 on console

    localhost:~ ryanwalker$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6,

    > sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    -bash: syntax error near unexpected token `apple'

    localhost:~ ryanwalker$

    localhost:~ ryanwalker$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

     

    Password:

    Sorry, try again.

    Password:

    com.sharpcast.xfsmond

    com.oracle.java.Helper-Tool

    com.microsoft.office.licensing.helper

    com.google.keystone.daemon

    com.adobe.fpsaud

    localhost:~ ryanwalker$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.google.Chrome.framework.service_process/Users/ryanwalker/Library/Application _Support/Google/Chrome

    com.fiplab.MemoryCleanHelper

    org.chromium.chromoting

    com.oracle.java.Java-Updater

    com.google.keystone.system.agent

    com.google.GoogleContactSyncAgent

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

    localhost:~ ryanwalker$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

     

    /Library/Extensions:

     

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    MacFUSE.framework

    NyxAudioAnalysis.framework

    OSXFUSE.framework

    PluginManager.framework

    iTunesLibrary.framework

     

     

    /Library/Input Methods:

     

     

    /Library/Internet Plug-Ins:

    AdobeAAMDetect.plugin

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    SlingPlayer.plugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    npgtpo3dautoplugin.plugin

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

     

    /Library/Keyboard Layouts:

     

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.google.keystone.agent.plist

    com.oracle.java.Java-Updater.plist

    org.chromium.chromoting.plist

     

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.google.keystone.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.oracle.java.Helper-Tool.plist

    com.sharpcast.xfsmond.plist

     

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    JavaControlPanel.prefPane

    OSXFUSE.prefPane

    org.chromium.chromoting.prefPane

     

     

    /Library/PrivilegedHelperTools:

    Google Drive Icon Helper

    com.microsoft.office.licensing.helper

    org.chromium.chromoting.json

    org.chromium.chromoting.me2me.sh

    org.chromium.chromoting.me2me_enabled

    org.chromium.chromoting.me2me_host.app

     

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

     

    /Library/ScriptingAdditions:

     

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

     

    /Library/StartupItems:

     

     

    /etc/mach_init.d:

     

     

    /etc/mach_init_per_login_session.d:

     

     

    /etc/mach_init_per_user.d:

     

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

     

    Library/Fonts:

     

     

    Library/Frameworks:

    SamsungKiesFoundation.framework

    SamsungKiesSerialPort.framework

     

     

    Library/Input Methods:

    .localized

     

     

    Library/Internet Plug-Ins:

    Google Earth Web Plug-in.plugin

    Picasa.plugin

     

     

    Library/Keyboard Layouts:

     

     

    Library/LaunchAgents:

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.83D16311-079C-45FD-BD0D-60B C216776F3.plist

    com.google.Chrome.framework.plist

    com.google.GoogleContactSyncAgent.plist

     

     

    Library/PreferencePanes:

    MusicManager.prefPane

    localhost:~ ryanwalker$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Google Drive, Dropbox, LivedriveCore, Music Manager, Google Chrome, LivedriveCore, SugarSync, fuspredownloader

  • 34. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    apple505 Level 1 Level 1 (0 points)

    I ran the steps above....I had previously downloaded kaspersky...so no worries there...these were my results...If someone had downloaded spyware to my mac and then removed it would that show up?

     

    Last login: Sat Jun 15 06:11:03 on console

    kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    com.kaspersky.kext.klif (3.0.0d23)

    com.kaspersky.nke (1.0.1d41)

    com.jft.driver.PdaNetDrv (1.0.64)

    com.kaspersky.kext.kimul.38 (38)

    520-mbp-02:~ cjones$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    Sorry, try again.

    Password:

    com.jft.PdaNetMac

    com.promethean.activhardwareservice

    com.microsoft.office.licensing.helper

    com.kaspersky.kav

    com.adobe.fpsaud

    $ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.promethean.activmgr

    com.kaspersky.kav.gui

    com.zeobit.MacKeeper.Helper

    520-mbp-02:~ cjones$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.promethean.activmgr

    com.kaspersky.kav.gui

    com.zeobit.MacKeeper.Helper

     

    I obviously deleted my name and computer name......So would something that was downloaded and then removed show up here or would all traces be clear...? 

  • 35. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    marina vegas Level 1 Level 1 (0 points)

    Hello - I know this post is old but I rand the scripts you described to the other girl, and I was wondering if you could help me interpret my results, too? Crazy stalker next door really scaring me and he's a TOTAL computer genius!

     

    thanks so much!

  • 36. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    mark00thomas Level 1 Level 1 (0 points)

    Hey Linc,

     

    When you can spare a few min can you look this over for me? I'm going to through a divorce and things seam a bit fishy. There should be one normal keyloggerfor that when I hit the back space key that corasponds to the back arrow in my browser near the end of this post I'll just copy the text out of the app and paste it back here. It doesn't record passwords nor does it send my info to anyone else (I hope!).

     

    I put your steps in bold and the output is in plain text.

     

    Thanks in advanced and please let me know if there is a way I can repay you for the service!

     

    kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    com.oxsemi.driver.OxsemiDeviceType00 (1.28.13)

    at.obdev.nke.LittleSnitch (3932)

    com.asix.driver.ax88179_178a (1.3.0)

    com.LaCie.ScsiType00 (1.2.13)

    com.BT.kext.bpkkext (1.0.0)

    com.displaylink.driver.DisplayLinkDriver (1.7)

    com.parallels.kext.prl_usb_connect (7.0

    com.parallels.kext.prl_hypervisor (7.0

    com.parallels.kext.prl_hid_hook (7.0

    com.parallels.kext.prl_netbridge (7.0

    com.parallels.kext.prl_vnic (7.0

    com.github.osxfuse.filesystems.osxfusefs (2.6.0)

    Black-Book-108:~ Old_blackbook$

     

    Black-Book-108:~ Old_blackbook$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    com.agilebits.onepassword-osx-thumbs

    com.parallels.vm.prl_naptd

    com.syniumsoftware.CleanAppDaemon

    com.parallels.desktop.launchdaemon

    com.microsoft.office.licensing.helper

    com.micromat.TechToolProDaemon

    com.google.keystone.daemon

    com.displaylink.displaylinkmanager

    com.adobe.SwitchBoard

    com.adobe.fpsaud

    com.absolute.rpcnet

    com.absolute.rpcgeo

    at.obdev.littlesnitchd

    Black-Book-108:~ Old_blackbook$

     

     

    Black-Book-108:~ Old_blackbook$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.dayoneapp.dayone-agent

    com.fiplab.clipboardhelper

    com.joeworkman.mac.ClimateHelper

    com.agilebits.onepassword-osx-helper

    com.thursby.pkard.tokendagent

    com.parallels.vm.prl_pcproxy

    com.parallels.DesktopControlAgent

    com.parallels.desktop.client.launch

    com.micromat.TechToolProAgent

    com.lacie.eventsactions.launcher.agent

    com.google.keystone.system.agent

    com.displaylink.useragent

    com.BT.BPK

    com.amazon.sendtokindle.launcher

    at.obdev.LittleSnitchUIAgent

    com.google.Chrome.framework.service_process/Users/Old_blackbook/Library/Applicat ion_Support/Google/Chrome

    com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

    com.adobe.ARM.031ead678131651e32346abaaf859369f569f63bac6112fd126a5660

     

     

    Black-Book-108:~ Old_blackbook$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    EWSMac.framework

    Inventoryx86.framework

    MacFUSE.framework

    NyxAudioAnalysis.framework

    OSXFUSE.framework

    PluginManager.framework

    Sysinfo.framework

    TSLicense.framework

    geo.framework

    iTunesLibrary.framework

    wceprv.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AdobeAAMDetect.plugin

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    DirectorShockwave.plugin

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    WebClient.plugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    npgtpo3dautoplugin.plugin

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    at.obdev.LittleSnitchUIAgent.plist

    com.BT.BPK.plist

    com.adobe.AAM.Updater-1.0.plist

    com.amazon.sendtokindle.launcher.plist

    com.displaylink.useragent-prelogin.plist

    com.displaylink.useragent.plist

    com.google.keystone.agent.plist

    com.lacie.eventsactions.launcher.agent.plist

    com.micromat.TechToolProAgent.plist

    com.parallels.DesktopControlAgent.plist

    com.parallels.desktop.launch.plist

    com.parallels.vm.prl_pcproxy.plist

    com.thursby.pkard.tokendagent.plist

     

    /Library/LaunchDaemons:

    at.obdev.littlesnitchd.plist

    com.absolute.rpcgeo.plist

    com.absolute.rpcnet.plist

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.displaylink.displaylinkmanager.plist

    com.displaylink.usbnivolistener.plist

    com.google.keystone.daemon.plist

    com.micromat.TechToolProDaemon.plist

    com.microsoft.office.licensing.helper.plist

    com.parallels.desktop.launchdaemon.plist

    com.syniumsoftware.CleanAppDaemon.plist

     

    /Library/PreferencePanes:

    CleanApp Logging Service.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    HyperDock.prefpane

    OSXFUSE.prefPane

    TechTool Protection.prefPane

     

    /Library/PrivilegedHelperTools:

    DisplayLink

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    ParallelsQL.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

    BXDockPlugin.osax

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    ParallelsMD.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    PKard

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

    YMsgrCallABPlugin.bundle

    YMsgrMsnABPlugin.bundle

    YMsgrSmsABPlugin.bundle

    YMsgrYimABPlugin.bundle

     

    Library/Fonts:

     

    Library/Frameworks:

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    CitrixOnlineWebDeploymentPlugin.plugin

    Picasa.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.adobe.ARM.031ead678131651e32346abaaf859369f569f63bac6112fd126a5660.plist

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.F940DCE7-790C-4149-8C3E-3CC 8849882C8.plist

    com.apple.FolderActions.enabled.plist

    com.apple.FolderActions.folders.plist

    com.google.Chrome.framework.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    .DS_Store

    SymbolicLinker.service

    Toggle Hidden Files.workflow

    Black-Book-108:~ Old_blackbook$

     

    Black-Book-108:~ Old_blackbook$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Quicksilver, Spark Daemon, Dropbox, HyperDock Helper, Google Chrome, Things Helper, BackTrackBA

  • 37. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    andyBall_uk Level 7 Level 7 (20,320 points)

    If you didn't install  Perfect Keylogger from http://www.blazingtools.com/ - then someone else did.

  • 38. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    samarametri Level 1 Level 1 (0 points)

    Hi can someone tell me if anything is on my comp? the name nathan is my ex he set up my comp. please and thank you!!!!

     

    Last login: Fri Jul 19 01:06:41 on ttys000

    Samaras-MacBook-Pro:~ nathan$

    Last login: Sat Jul 20 12:22:52 on console

    Samaras-MacBook-Pro:~ nathan$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    Samaras-MacBook-Pro:~ nathan$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

     

    Password:

    com.oracle.java.Helper-Tool

    com.microsoft.office.licensing.helper

    com.adobe.SwitchBoard

    com.adobe.fpsaud

    Samaras-MacBook-Pro:~ nathan$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    jp.buffalo.NASPower

    com.oracle.java.Java-Updater

    com.brother.LOGINserver

    com.adobe.CS5ServiceManager

    com.google.keystone.user.agent

    com.facebook.videochat.nathan.updater

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

    com.adobe.AAM.Scheduler-1.0

    Samaras-MacBook-Pro:~ nathan$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

     

    /Library/Extensions:

     

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

     

    /Library/Input Methods:

     

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

     

    /Library/Keyboard Layouts:

     

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.CS5ServiceManager.plist

    com.brother.LOGINserver.plist

    com.oracle.java.Java-Updater.plist

    jp.buffalo.NASPower.plist

    jp.buffalo.NASPower_pla.plist

     

     

    /Library/LaunchDaemons:

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.microsoft.office.licensing.helper.plist

    com.oracle.java.Helper-Tool.plist

     

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Growl.prefPane

    JavaControlPanel.prefPane

     

     

    /Library/PrivilegedHelperTools:

    NasNavigator2.app

    com.microsoft.office.licensing.helper

     

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

     

    /Library/StartupItems:

     

     

    /etc/mach_init.d:

     

     

    /etc/mach_init_per_login_session.d:

     

     

    /etc/mach_init_per_user.d:

     

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

     

    Library/Fonts:

     

     

    Library/Input Methods:

    .localized

     

     

    Library/Internet Plug-Ins:

    CitrixOnlineWebDeploymentPlugin.plugin

    FacebookVideoCalling.bundle

     

     

    Library/Keyboard Layouts:

     

     

    Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.29FF86E4-AC72-4B39-9144-559 952919309.plist

    com.apple.CSConfigDotMacCert-nathan@me.com-SharedServices.Agent.plist

    com.facebook.videochat.nathan.plist

    com.google.keystone.agent.plist

     

     

    Library/PreferencePanes:

    Samaras-MacBook-Pro:~ nathan$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    Microsoft Database Daemon, iTunesHelper, Dropbox

    Samaras-MacBook-Pro:~ nathan$

  • 39. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    stevejobsfan0123 Level 7 Level 7 (32,345 points)

    I'm nowhere near as experienced as Linc Davis as far as interpreting the outputs, but I can tell you one thing for sure:

     

    pittershawn

     

    at.obdev.nke.LittleSnitch (3894)

    com.intego.virusbarrier.kext.realtime (476)

    com.zeobit.kext.Firewall (2.3.1)

    com.intego.virusbarrier.daemon

    com.zeobit.MacKeeper.AntiVirus

    at.obdev.littlesnitchd

    com.zeobit.MacKeeper.Helper

     

    You have A LOT of bloatware installed. Definitely uninstall MacKeeper. I didn't paste all of the appropriate lines above, but... you have a lot of anti-virus, dude! You don't need any! Mac AV is bloatware. Give ClamXav a try if you require anti-virus. You definitely don't need/want multiple anti-virus programs installed. I see that you have VirusBarrier, MacKeeper, Little Snitch, etc.

     

    redoironman10

     

    com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

    Again, MacKeeper needs to go.

     

    eolson1968

     

    at.obdev.nke.LittleSnitch (3908)

    at.obdev.littlesnitchd

    at.obdev.LittleSnitchUIAgent

    at.obdev.littlesnitchd.plist

    Not as bad as MacKeeper, but again, just bloatware.

     

    apple505

     

    com.kaspersky.kext.klif (3.0.0d23)

    com.kaspersky.nke (1.0.1d41)

    com.kaspersky.kav

    com.zeobit.MacKeeper.Helper

     

    Again, not a good idea to have multiple AV programs installed. MacKeeper needs to go, Kaspersky's junk as well.

     

     

    I know the reason you all install such programs is probably because you are terrified of getting keyloggers and use these programs to protect you. However, I think that many AV software vendors simply do not understand the Mac operating system, and think that they can take their code for Windows and slap it into an OS X version. MacKeeper is simply a scam: https://discussions.apple.com/docs/DOC-3691, and others are known for false positives, or not catching actual malware/keyloggers.

     

    There aren't many good AV programs out there, but try ClamXav or Sophos. Again, though, you probably won't see great benefit from such software. Apple has their own technologies integrated into the OS like XProtect and GateKeeper.

     

    Also see: http://reedcorner.net/mmg/

  • 40. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    MadMacs0 Level 4 Level 4 (3,735 points)

    stevejobsfan0123 wrote:

     

    There aren't many good AV programs out there, but try ClamXav or Sophos.

    I know for certain that ClamXav won't detect any keyloggers and I doubt that Sophos will, either. The reason is because almost all A-V software is designed to find malware and by far the majority of spyware applications are commercial or hack software that serve legitimate purposes, requiring physical access to the computer for installation.

     

    The only app that specializes in this area that I'm aware of is MacScan from SecureMac. Unfortunately it has a couple of well know deficiencies. It tends to give false alarms, so you need to be certain that it has correctly identified anything it finds or risk crippling another app or even the OS. It also failed miserably in Thomas Reed's malware testing (see MacScan disappoints), so I would not recommend it be used in that capacity.

  • 41. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    mark00thomas Level 1 Level 1 (0 points)

    Andy, how could you tell that was on my computer? Thanks for the help! That was a b*tch getting off, but I think hope it all is.

     

    Did you see anything else?

  • 42. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    mark00thomas Level 1 Level 1 (0 points)

    Also, when I just downloaded the thing and ran the uninstall it gave this message.

     

    Screen Shot 2013-07-28 at 3.51.23 AM

  • 43. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    MadMacs0 Level 4 Level 4 (3,735 points)

    Your screen shot didn't come through. Use the camera icon to upload the file so it can be seen.

  • 44. Re: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!
    andyBall_uk Level 7 Level 7 (20,320 points)

    >>Andy, how could you tell that was on my computer?

     

    com.BT.kext.bpkkext & similar lines...

    I  don't know wceprv.framework - anyone else does ? (maybe it was part of BPK)

     

    Mark - someone had full access to your computer, enough to install the first, and presumably you've no reason to think that they stopped with BPK... Nothing prevents such a person from installing things with innocent or recognised names, so viewing a list isn't enough when the intent may be malicious.

     

    You should consider this : backup your data twice, then erase & reinstall, selectively importing just your user files, no apps or add-ons; & changing all passwords/security questions/even email addresses associated with accounts where possible.

     

    I'd also suggest starting a new thread of your own for further questions.

1 2 3 4 5 Previous Next