neuegirl

Q: Detect spyware and determine who is spying on my imac

I might be paranoid -- but need to know at this point if someone very close to me has installed spyware on my mac. I keep finding forums that say to back up files and just restart your system and wipe everything clean, change passwords, etc. But this won't work for me for a couple of reasons: 1) I really need to know if there is someone close to me who has installed this on my computer and would like to find the IP address that the information is headed to. and 2) the person in question still has access to my computer and almost all of my passwords.

 

Please can we not get into why I think this person is spying, etc. and if anyone knows anyway for me to detect spyware and determine where information is being sent that would be the most helpful.

 

Would greatly appreciate any help here as I am paranoid about even looking up these kinds of things of my home computer (which i am doing now) and my iphone. (which I also need help with determining if it has spyware on it).

 

Thanks very much for any help.

iMac, Mac OS X (10.7.5)

Posted on Mar 24, 2013 5:22 AM

Close

Q: Detect spyware and determine who is spying on my imac

  • All replies
  • Helpful answers

Previous Page 2 of 5 last Next
  • by michaelsip4,

    michaelsip4 michaelsip4 Mar 26, 2013 4:48 PM in response to neuegirl
    Level 2 (304 points)
    Mar 26, 2013 4:48 PM in response to neuegirl

    see link - verticle lines accross mac    https://discussions.apple.com/thread/1580232?start=540&tstart=0

    sounds like hardware/graphics  here is a page to apple hardware test

       these are just to be used as thoughts or information http://support.apple.com/kb/index?page=search&q=%22Apple%20Hardware%20Test%22

  • by jpmyrland,

    jpmyrland jpmyrland Jun 24, 2013 11:07 PM in response to Linc Davis
    Level 1 (0 points)
    Jun 24, 2013 11:07 PM in response to Linc Davis

    Do you mind taking a look at my report out? My wife clicked on a link in an email the other day. Her sister said she received the same email and the person hacked their banking information. I ran ClamXav and found 3 corrupt files I deleted. Ran again with no results. Any feedback would be aprpeciated.

     

     

    Last login: Wed May  1 19:06:26 on console

    Jeremy-Myrlands-iMac-4:~ calicocali$

    Jeremy-Myrlands-iMac-4:~ calicocali$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    Jeremy-Myrlands-iMac-4:~ calicocali$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

     

    Password:

    com.agilebits.onepassword-osx-thumbs

    com.microsoft.office.licensing.helper

    com.google.keystone.daemon

    com.adobe.fpsaud

    Jeremy-Myrlands-iMac-4:~ calicocali$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.spotify.webhelper

    com.agilebits.onepassword-osx-helper

    com.google.keystone.system.agent

    ws.agile.1PasswordAgent

    Jeremy-Myrlands-iMac-4:~ calicocali$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

     

    /Library/Extensions:

     

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    TSLicense.framework

    iTunesLibrary.framework

     

     

    /Library/Input Methods:

     

     

    /Library/Internet Plug-Ins:

    .DS_Store

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    GarminGpsControl.plugin

    JavaAppletPlugin.plugin

    OfficeLiveBrowserPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    huludesktop.webplugin

    iPhotoPhotocast.plugin

    npgtpo3dautoplugin.plugin

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

     

    /Library/Keyboard Layouts:

     

     

    /Library/LaunchAgents:

    com.google.keystone.agent.plist

     

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.google.keystone.daemon.plist

    com.microsoft.office.licensing.helper.plist

     

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

     

     

    /Library/PrivilegedHelperTools:

    Google Drive Icon Helper

    com.microsoft.office.licensing.helper

     

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

     

     

    /Library/ScriptingAdditions:

     

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

     

    /Library/StartupItems:

     

     

    /etc/mach_init.d:

     

     

    /etc/mach_init_per_login_session.d:

     

     

    /etc/mach_init_per_user.d:

     

     

    Library/Address Book Plug-Ins:

     

     

    Library/Fonts:

     

     

    Library/Input Methods:

    .localized

     

     

    Library/Internet Plug-Ins:

    WebEx.plugin

    WebEx64.plugin

     

     

    Library/Keyboard Layouts:

     

     

    Library/LaunchAgents:

    com.apple.AddressBook.ScheduledSync.ABExchangeSource.90593927-3EC2-48D1-A106-F4E 56D578C71.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.9BF0ACAA-5C49-4F7F-B93B-8B8 EADC7DEC1.plist

    com.apple.CSConfigDotMacCert-jeremymyrland@me.com-SharedServices.Agent.plist

    com.apple.FolderActions.enabled.plist

    com.apple.FolderActions.folders.plist

    com.apple.MobileMeSyncClientAgent.plist

    com.apple.SafariBookmarksSyncer.plist

    com.spotify.webhelper.plist

    ws.agile.1PasswordAgent.plist

     

     

    Library/PreferencePanes:

    MusicManager.prefPane

     

     

    Library/ScriptingAdditions:

    Jeremy-Myrlands-iMac-4:~ calicocali$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    Music Manager, iTunesHelper, Solar Service, BetterSnapTool, Google Drive, Nike+ Connect Helper, Dropbox, Spotify

    Jeremy-Myrlands-iMac-4:~ calicocali$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

  • by MadMacs0,

    MadMacs0 MadMacs0 Jun 25, 2013 1:05 AM in response to jpmyrland
    Level 5 (4,791 points)
    Jun 25, 2013 1:05 AM in response to jpmyrland

    jpmyrland wrote:

     

    My wife clicked on a link in an email the other day. Her sister said she received the same email and the person hacked their banking information.

    There is no way that simply clicking on a link could have caused anything to have happened to your computer. If your syster-in-law was hacked it's almost certainly because she went to a phishing site and entered privacy information about her banking account or she is on a Windows computer.

    I ran ClamXav and found 3 corrupt files I deleted.

    It might help to know what it found. The information will be still be contained in the scan logs, but again that e-mail could not have been responsible for anything more than a phishing expedition.

  • by flaviod,

    flaviod flaviod Dec 19, 2013 8:58 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 19, 2013 8:58 AM in response to Linc Davis

    Hi Linc Davis,

    I have the same problem: I have the doubt that some spy software, keystroke logger or similar sw are spying and sending outside infos about what I am doing. I am using Little Snitch in demo mode for few hours and I can't see nothing strange apparently. Is it possible that an hidden process creates a file (for example with keystroke history) and then send it occasionally?

    I run test you suggested to neuegirl. Below the output.

    I can't see anything strange, but I would like to have your opinion.

    Thanks in advance for any answer.

    Flavio.

     

    Step 1. --------------------------------------------------------------------------

     

    Alcyone:~ flavio$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    at.obdev.nke.LittleSnitch (4052)

    net.kromtech.kext.Firewall (2.3.5)

    Alcyone:~ flavio$

     

    Step 2. --------------------------------------------------------------------------

     

    Alcyone:~ flavio$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    org.macosforge.xquartz.privileged_startx

    com.zeobit.MacKeeper.AntiVirus

    com.prosofteng.DriveGenius.locum

    com.oracle.java.Helper-Tool

    com.google.keystone.daemon

    com.DesignScience.DSMTTool

    com.bombich.ccc

    com.adobe.fpsaud

    at.obdev.littlesnitchd

    Alcyone:~ flavio$

     

     

    Step 3. --------------------------------------------------------------------------

     

    Alcyone:~ flavio$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    org.macosforge.xquartz.startx

    com.oracle.java.Java-Updater

    com.google.keystone.system.agent

    com.divx.update.agent

    com.divx.dms.agent

    at.obdev.LittleSnitchUIAgent

    com.zeobit.MacKeeper.Helper

    com.spotify.webhelper

    com.goacemjobhmmbdlbbfjgifjcojdfnjfm.updater

    com.bombich.ccc-user-agent

    Alcyone:~ flavio$

     

    Step 4. --------------------------------------------------------------------------

     

    Alcyone:~ flavio$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AudioMixEngine.framework

    DivX Toolkit.framework

    DivXInstallerUtilities.framework

    EWSMac-GC.framework

    EWSMac.framework

    HPSmartPrint.framework

    MT6Lib.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    DivX Web Player.plugin

    Flash Player.plugin

    Google Earth Web Plug-in.plugin

    JavaAppletPlugin.plugin

    OVSHelper.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    Unity Web Player.plugin

    Unused

    flashplayer.xpt

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    at.obdev.LittleSnitchUIAgent.plist

    com.divx.dms.agent.plist

    com.divx.update.agent.plist

    com.google.keystone.agent.plist

    com.oracle.java.Java-Updater.plist

    org.macosforge.xquartz.startx.plist

     

    /Library/LaunchDaemons:

    at.obdev.littlesnitchd.plist

    com.DesignScience.DSMTTool.plist

    com.adobe.fpsaud.plist

    com.bombich.ccc.plist

    com.bombich.ccc.scheduledtask.A8351FBA-00BF-468E-9959-20AFDF3EC4A1.plist

    com.bombich.ccc.scheduledtask.E8FDE534-D11D-4827-A68E-701208718310.plist

    com.google.keystone.daemon.plist

    com.oracle.java.Helper-Tool.plist

    com.prosofteng.DriveGenius.locum.plist

    com.zeobit.MacKeeper.AntiVirus.plist

    org.macosforge.xquartz.privileged_startx.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    JavaControlPanel.prefPane

    TeXDistPrefPane.prefPane

     

    /Library/PrivilegedHelperTools:

    com.DesignScience.DSMTTool

    com.bombich.ccc

    com.prosofteng.DriveGenius.locum

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    DivX Decoder.component

    DivX Encoder.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    .DS_Store

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

     

    Library/Frameworks:

    EWSMac-GC.framework

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Accounts:

    V1

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.265A6276-4657-4D24-937D-311 B0228424D.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.DC9371FB-05F7-4E97-9F71-EB0 DE234BEF9.plist

    com.apple.CSConfigDotMacCert-xxxxxxxxxx@yy.com-SharedServices.Agent.plist

    com.apple.SafariBookmarksSyncer.plist

    com.bombich.ccc-user-agent.plist

    com.goacemjobhmmbdlbbfjgifjcojdfnjfm.updater.plist

    com.spotify.webhelper.plist

    com.zeobit.MacKeeper.Helper.plist

     

    Library/PreferencePanes:

     

    Library/QuickLook:

    QuickLookiWatermark.qlgenerator

     

    Library/Services:

    Toggle Hidden Files.workflow

    Alcyone:~ flavio$

     

    Step 5. --------------------------------------------------------------------------

     

    Alcyone:~ flavio$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Knox, HP Product Research, HPEventHandler, HP Scheduler

    Alcyone:~ flavio$

  • by pickyme,

    pickyme pickyme Feb 6, 2014 12:38 AM in response to Linc Davis
    Level 1 (0 points)
    Feb 6, 2014 12:38 AM in response to Linc Davis

    can you please tell me if you see any problems Linc Davis. thanks

     

    Last login: Sat Feb  1 18:53:33 on console

    mys-MacBook-Pro:~ mymac$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    org.virtualbox.kext.VBoxDrv (4.3.6)

    com.avatron.AVExVideo (1.4.2)

    tc.tctechnologies.driver.PaeFireStudio (3.5.6

    org.virtualbox.kext.VBoxUSB (4.3.6)

    org.virtualbox.kext.VBoxNetFlt (4.3.6)

    org.virtualbox.kext.VBoxNetAdp (4.3.6)

    com.avatron.AVExFramebuffer (1.4.2)

    com.vmware.kext.vmx86 (3.1.3)

    com.vmware.kext.vmci (3.1.3)

    com.vmware.kext.vmioplug (3.1.3)

    com.vmware.kext.vmnet (3.1.3)

    mys-MacBook-Pro:~ mymac$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    tc.tctechnologies.daemon.PaeFireStudio

    com.WesternDigital.WDSmartWareD

    com.wdc.WDDMservice

    com.vmware.launchd.vmware

    com.microsoft.office.licensing.helper

    com.google.keystone.daemon

    com.adobe.fpsaud

    mys-MacBook-Pro:~ mymac$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.sierrawireless.SwitchTool

    com.hp.messagecenter.launcher

    com.hp.devicemonitor

    com.google.keystone.system.agent

    com.nero.HSMMonitor

    com.nchsoftware.expresszip.schedule.LikeSurvey

    mys-MacBook-Pro:~ mymac$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

     

    /Library/Extensions:

     

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    ArcCon.framework

    ArcSocketLib.framework

    AudioMixEngine.framework

    BaseFunction.framework

    Cocoa2Carbon.framework

    DivX Toolkit.framework

    HPSmartPrint.framework

    MagAppFramework.framework

    MagCore.framework

    MagImgTlsCtrl.framework

    MagPCMac.framework

    Maglib5.framework

    MediaClub.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    TSLicense.framework

    TaskDLL.framework

    WesternDigital

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

     

    /Library/Input Methods:

     

     

    /Library/Intego:

     

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    DivXBrowserPlugin.plugin

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    Google Earth Web Plug-in.plugin

    JavaAppletPlugin.plugin

    OVSHelper.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    iPhotoPhotocast.plugin

    npgtpo3dautoplugin.plugin

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

     

    /Library/Keyboard Layouts:

     

     

    /Library/LaunchAgents:

    com.google.keystone.agent.plist

    com.hp.devicemonitor.plist

    com.hp.messagecenter.launcher.plist

    com.sierrawireless.SwitchTool.plist

    com.teamviewer.teamviewer.plist

    com.teamviewer.teamviewer_desktop.plist

     

     

    /Library/LaunchDaemons:

    com.WesternDigital.WDSmartWareD.plist

    com.adobe.fpsaud.plist

    com.apple.remotepairtool.plist

    com.google.keystone.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.teamviewer.teamviewer_service.plist

    com.vmware.launchd.vmware.plist

    com.wdc.WDDMservice.plist

    org.virtualbox.startup.plist

    tc.tctechnologies.PaeFireStudio.plist

     

     

    /Library/PreferencePanes:

    Air Display Preferences.prefPane

    DivX.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    Growl.prefPane

    Perian.prefPane

     

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

     

    /Library/QuickLook:

    VMware Fusion QuickLook.qlgenerator

    iWork.qlgenerator

     

     

    /Library/QuickTime:

    AC3MovieImport.component

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    CanonMJPEGAVI.component

    CanonMJPEGAVIDec.component

    CanonText.component

    DivX Decoder.component

    DivX Encoder.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

    Perian.component

     

     

    /Library/ScriptingAdditions:

     

     

    /Library/Services:

     

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iWork.mdimporter

     

     

    /Library/StartupItems:

     

     

    /etc/mach_init.d:

     

     

    /etc/mach_init_per_login_session.d:

     

     

    /etc/mach_init_per_user.d:

     

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

    YMsgrCallABPlugin.bundle

    YMsgrMsnABPlugin.bundle

    YMsgrSmsABPlugin.bundle

    YMsgrYimABPlugin.bundle

     

     

    Library/Fonts:

    Arizonia-Regular.ttf

    CANDY___.otf

    CURJTRIAL.otf

    CURJTRIAL.ttf

    Concbv2.ttf

    ErsatzQuality.ttf

    Hemmet_Personal_Use_Only.ttf

    Masterics_Personal_Use.ttf

    PhoenixScriptFLF.ttf

    Phraell_Demo.ttf

    SANTO___.TTF

    SF Americana Dreams Bold.ttf

    SF Americana Dreams Extended Bold.ttf

    SF Americana Dreams Extended.ttf

    SF Americana Dreams SC Bold.ttf

    SF Americana Dreams SC Upright Bold.ttf

    SF Americana Dreams SC Upright.ttf

    SF Americana Dreams SC.ttf

    SF Americana Dreams Upright Bold.ttf

    SF Americana Dreams Upright.ttf

    SF Americana Dreams.ttf

    **** Happens trial__.otf

    Signerica_Fat.ttf

    Signerica_Medium.ttf

    Signerica_Thin.ttf

    Sunday&Monday.ttf

    Trufla Words.ttf

    Ventography_Personal_Use_Only.ttf

    WEDDI___.otf

    concav2.ttf

    concv2.ttf

    concv2b.ttf

    concv2c.ttf

    concv2e.ttf

    concv2l.ttf

    concv2s.ttf

     

     

    Library/Input Methods:

    .localized

     

     

    Library/Internet Plug-Ins:

    doubleTwistWebPlugin.bundle

     

     

    Library/Keyboard Layouts:

     

     

    Library/LaunchAgents:

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.1142212D-7ACA-4802-8A0E-F8C CD9ACDE2C.plist

    com.nchsoftware.expresszip.schedule.LikeSurvey.plist

    com.nero.HSMMonitor.plist

    org.virtualbox.vboxwebsrv.plist

     

     

    Library/PreferencePanes:

    .isoftreg

    uSeesoft

    mys-MacBook-Pro:~ mymac$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, AirDisplayStatusItem, ScreenCapture, SpeechSynthesisServer, Canon IJ Network Scanner Selector EX, Dropbox, Genieo, Android File Transfer Agent, StatusMenu, Launch Nikon Message Center 2

    mys-MacBook-Pro:~ mymac$

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 6, 2014 3:40 AM in response to pickyme
    Level 5 (4,791 points)
    Feb 6, 2014 3:40 AM in response to pickyme

    pickyme wrote:

     

    can you please tell me if you see any problems Linc Davis.

    Not sure what kind of problems you are having, but Linc hasn't been back in the last nine months, nor responded to either of the two previous users posting ahead of you, so your best bet is always to post a new topic and describe your setup and problems in detail. That will attract many more folks with answers than will stumble across what you posted.

  • by matthewfromhaddon heights,

    matthewfromhaddon heights matthewfromhaddon heights Apr 26, 2014 8:25 AM in response to Linc Davis
    Level 1 (0 points)
    Apr 26, 2014 8:25 AM in response to Linc Davis

    I have the same problem and could use your help. Is there a way to get in touch or bring my computer to you?

    Thanks

  • by WZZZ,

    WZZZ WZZZ Apr 26, 2014 8:44 AM in response to matthewfromhaddon heights
    Level 6 (13,112 points)
    Mac OS X
    Apr 26, 2014 8:44 AM in response to matthewfromhaddon heights

    You should start your own thread for this. Much better chances of getting help that way.

  • by matthewfromhaddon heights,

    matthewfromhaddon heights matthewfromhaddon heights Apr 26, 2014 8:49 AM in response to Linc Davis
    Level 1 (0 points)
    Apr 26, 2014 8:49 AM in response to Linc Davis

    Hello Linc,

     

    This time it asked for my password and I got:

     

    Last login: Sat Apr 26 11:45:48 on ttys000

    Olivias-MacBook-Air:~ MD$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    at.obdev.nke.LittleSnitch (4050)

    Olivias-MacBook-Air:~ MD$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    com.oracle.java.Helper-Tool

    com.microsoft.office.licensing.helper

    com.google.keystone.daemon

    com.adobe.fpsaud

    at.obdev.littlesnitchd

    Olivias-MacBook-Air:~ MD$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.microsoft.autoupdate.fba.42800

    com.microsoft.Office365Service.30128

    com.microsoft.Word.27840

    com.bodymedia.BodyMedia-SYNC.35760

    com.linebreak.CloudAppMacOSX.48784

    com.oracle.java.Java-Updater

    com.google.keystone.system.agent

    at.obdev.LittleSnitchUIAgent

    com.genieo.completer.update

    com.genieo.completer.download

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

    Olivias-MacBook-Air:~ MD$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    LittleSnitch.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    EWSMac.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    AmazonMP3DownloaderPlugin101750.plugin

    Default Browser.plugin

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    Unity Web Player.plugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    at.obdev.LittleSnitchUIAgent.plist

    com.google.keystone.agent.plist

    com.oracle.java.Java-Updater.plist

     

    /Library/LaunchDaemons:

    at.obdev.littlesnitchd.plist

    com.adobe.fpsaud.plist

    com.google.keystone.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.oracle.java.Helper-Tool.plist

     

    /Library/PreferencePanes:

    BodyMedia SYNC.prefPane

    Flash Player.prefPane

    JavaControlPanel.prefPane

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

    YMsgrCallABPlugin.bundle

    YMsgrMsnABPlugin.bundle

    YMsgrSmsABPlugin.bundle

    YMsgrYimABPlugin.bundle

     

    Library/Fonts:

     

    Library/Frameworks:

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Accounts:

    V1

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.apple.CSConfigDotMacCert-phyllisann.dioguardi@me.com-SharedServices.Agent.plist

    com.genieo.completer.download.plist

    com.genieo.completer.update.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    .localized

    Olivias-MacBook-Air:~ MD$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Yahoo! Messenger, Dropbox, Cloud, AdobeResourceSynchronizer, BodyMedia SYNC, TuneupMyMac

    Olivias-MacBook-Air:~ MD$

  • by andyBall_uk,

    andyBall_uk andyBall_uk Apr 26, 2014 9:10 AM in response to matthewfromhaddon heights
    Level 7 (20,495 points)
    Apr 26, 2014 9:10 AM in response to matthewfromhaddon heights

    You've no commercial keylogging software showing; but could probably do without the esellerate (EWS) framework and the genieo adware.

  • by matthewfromhaddon heights,

    matthewfromhaddon heights matthewfromhaddon heights Apr 26, 2014 9:40 AM in response to andyBall_uk
    Level 1 (0 points)
    Apr 26, 2014 9:40 AM in response to andyBall_uk

    Thank you so much. Would things such as Webwatcher or SpectorPro show up by name in that diagnostic suggested by Linc Davis? How does one determine it?

     

    Thanks again AndyBall_UK

  • by morning sun,

    morning sun morning sun Jun 27, 2014 3:03 PM in response to Linc Davis
    Level 1 (0 points)
    Jun 27, 2014 3:03 PM in response to Linc Davis

    Linc and anyone who might have a suggestion,

     

    I know that someone took control of my MacBook Pro webcam and recorded video of me without my knowing it a few months back. Now I believe I have had a keylogger exposing my privacy so I'm revamping my entire security set up...

     

    I ran the virus scan in MacKeeper, AVG AntiVirus (which claims to detect spy ware) and finally MacScan. None of these detected anything except tracking cookies (MacScan).

     

    Could these people have taken over my MacBook Pro's webcam while I was logged into a website through some kind of malware that was designed to run from the website and not off my hard drive?

     

    I'm not so comfortable running the terminal scripts that were posted I've just been burned so many times at this point... Any suggestions would be greatly appreciated...

  • by MadMacs0,

    MadMacs0 MadMacs0 Jun 27, 2014 3:14 PM in response to morning sun
    Level 5 (4,791 points)
    Jun 27, 2014 3:14 PM in response to morning sun

    morning sun wrote:

     

    Could these people have taken over my MacBook Pro's webcam while I was logged into a website through some kind of malware that was designed to run from the website and not off my hard drive?

    If you had Java (not JavaScript) enabled while on the web site, something like that would be possible, but currently unknown.

    I'm not so comfortable running the terminal scripts that were posted I've just been burned so many times at this point... Any suggestions would be greatly appreciated...

    Then nobody here can provide any additional help since we have no idea what is now installed on your computer. Even if we could it would be no substitute for an examination by a forensically trained police analyst which is probably who you should be talking to if a crime has been committed here.

     

    Additionally, if you reconsider running the Terminal commands start a new thread if you want the fastest, most efficient help here in the forum. Linc and most others here don't often respond to "me too" requests.

  • by Klaus1,

    Klaus1 Klaus1 Jun 27, 2014 4:21 PM in response to morning sun
    Level 8 (48,821 points)
    Jun 27, 2014 4:21 PM in response to morning sun

    morning sun wrote:

     

    I ran the virus scan in MacKeeper, AVG AntiVirus (which claims to detect spy ware) and finally MacScan. None of these detected anything except tracking cookies (MacScan).

     

    Do not install MacKeeper (and how to uninstall it if you have):

    https://discussions.apple.com/docs/DOC-6221

     

    (Please note that references to the original developers, Zeobit, also now refer to Kromtech Alliance Corp, who acquired MacKeeper and PCKeeper from ZeoBit LLC in early 2013.)

     

    Also uninstall AVG AntiVirus. Virtually all third party anti virus applications do more harm to your system than not having them. and many give false positives.

     

    You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.

     

    https://discussions.apple.com/docs/DOC-2435

     

    More useful information can also be found here:

     

    http://www.thesafemac.com/mmg/

  • by morning sun,

    morning sun morning sun Jun 28, 2014 1:23 PM in response to Klaus1
    Level 1 (0 points)
    Jun 28, 2014 1:23 PM in response to Klaus1

    Ok Here are the results from Terminal. Thank you Klaus, Linc and All for your help. I've also posted a new thread with these results here:

     

     

    Step 1

     

    1. com.microsoft.driver.MicrosoftMouse (8.2)
    2. com.microsoft.driver.MicrosoftMouseUSB (8.2)
    3. com.avg.Antivirus.OnAccess.kext (14.0)

     

     

    Step 2

     

    1. com.zeobit.MacKeeper.plugin.AntiTheft.daemon
    2. com.raynersw.nshctldo
    3. com.microsoft.office.licensing.helper
    4. com.avg.Antivirus
    5. com.avg.Antivirus.infosd
    6. com.adobe.SwitchBoard
    7. com.adobe.fpsaud

     

     

    Step 3

     

    1. com.zeobit.MacKeeper.plugin.AntiTheft.daemon
    2. com.raynersw.nshctldo
    3. com.microsoft.office.licensing.helper
    4. com.avg.Antivirus
    5. com.avg.Antivirus.infosd
    6. com.adobe.SwitchBoard
    7. com.adobe.fpsaud

    new-host:~ MacBookPro$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    1. com.extensis.FMCore
    2. com.avg.Antivirus
    3. com.adobe.CS5ServiceManager
    4. com.adobe.CS4ServiceManager
    5. com.adobe.AdobeCreativeCloud
    6. com.zeobit.MacKeeper.Helper
    7. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae
    8. com.adobe.AAM.Scheduler-1.0

     

     

    Step 4

     

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    1. AEProfiling.framework
    2. AERegistration.framework

    Adobe AIR.framework

    1. AudioMixEngine.framework
    2. EWSMac.framework
    3. ExtensisPlugins.framework
    4. NyxAudioAnalysis.framework
    5. PluginManager.framework
    6. TSLicense.framework
    7. iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    1. AdobeAAMDetect.plugin
    2. AdobeExManDetect.plugin
    3. AdobePDFViewer.plugin
    4. AdobePDFViewerNPAPI.plugin

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    1. JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    1. SharePointBrowserPlugin.plugin
    2. SharePointWebKitPlugin.webplugin
    3. Silverlight.plugin
    4. SurveillanceClient.plugin
    5. flashplayer.xpt
    6. iPhotoPhotocast.plugin
    7. npContributeMac.bundle
    8. nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    1. com.adobe.AAM.Updater-1.0.plist
    2. com.adobe.AdobeCreativeCloud.plist
    3. com.adobe.CS4ServiceManager.plist
    4. com.adobe.CS5ServiceManager.plist
    5. com.avg.Antivirus.gui.plist
    6. com.extensis.FMCore.plist

     

    /Library/LaunchDaemons:

    1. com.adobe.SwitchBoard.plist
    2. com.adobe.fpsaud.plist
    3. com.avg.Antivirus.infosd.plist
    4. com.avg.Antivirus.services.plist
    5. com.microsoft.office.licensing.helper.plist
    6. com.raynersw.nshctldo.plist
    7. com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    Microsoft Mouse.prefPane

     

    /Library/PrivilegedHelperTools:

    1. com.microsoft.office.licensing.helper
    2. com.raynersw.nshctldo

     

    /Library/QuickLook:

    1. GBQLGenerator.qlgenerator
    2. iBooksAuthor.qlgenerator
    3. iWork.qlgenerator

     

    /Library/QuickTime:

    1. AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

    1. SoundboothScoreCodec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    1. GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    1. iBooksAuthor.mdimporter
    2. iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

    1. com.adobe.SwitchBoard.monitor.plist

     

    Library/Extensis:

    Suitcase Fusion

    1. com.extensis.FMCore-LaunchInfo.conf

     

    Library/Fonts:

     

    Library/Frameworks:

    1. EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    1. EMusic.plugin

    RealPlayer Plugin.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    1. com.adobe.AAM.Updater-1.0.plist
    2. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
    3. com.zeobit.MacKeeper.Helper.plist

     

    Library/PreferencePanes:

     

     

    Step 5

     

    iTunesHelper

Previous Page 2 of 5 last Next