rodie0989

Q: How can I find virtual machine on OS X Yosemite?

I am certain that my screen is watched and that I possibly have a virtual machine installed on my Mac. I understand the legal implications - I did not give anyone permission to install any software. It is used to cause me trouble.

 

I am interested is to find where the software could be installed and hidden. I searched visible folders and did not see anything obviously suspicious. Where do you suggest that I look? Also what is a good malware scanner?

 

Thank you.

MacBook Air, OS X Yosemite (10.10.5)

Posted on May 1, 2016 4:39 AM

Close

Q: How can I find virtual machine on OS X Yosemite?

  • All replies
  • Helpful answers

  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE May 1, 2016 5:09 AM in response to rodie0989
    Level 9 (52,288 points)
    Mac OS X
    May 1, 2016 5:09 AM in response to rodie0989

    As far as malware scanners are concerned, Malwarebytes Anti-Malware for Mac is the best, but there is no guarantee that using it will be 100% successful.  No application will be.

     

    https://www.malwarebytes.org/antimalware/mac/

     

    What symptoms are you detecting that lead you to the conclusion that your "screen is watched"?

     

    Ciao.

  • by rodie0989,

    rodie0989 rodie0989 May 1, 2016 6:54 AM in response to OGELTHORPE
    Level 1 (8 points)
    Mac OS X
    May 1, 2016 6:54 AM in response to OGELTHORPE

    It is a circumstantial conclusion. My storage distribution is also often off. There is something that messes with my space usage. It happened before that Other took 99% of my space.

     

    I was hoping that someone would be able to tell me where virtual machines normally get installed. Also if one is hidden, where I should be looking for it.

     

    I will try Malwarebytes. Thank you.

  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE May 1, 2016 7:03 AM in response to rodie0989
    Level 9 (52,288 points)
    Mac OS X
    May 1, 2016 7:03 AM in response to rodie0989

    The graphic display that shows the various categories of items on your Mac has a bug in it and often is inaccurate.  It can be usually corrected by reindexing Spotlight:

     

    https://support.apple.com/en-us/HT201716

     

    This will define what OTHER consists of:

     

    https://support.apple.com/en-us/HT202867

     

    This should put your mind as ease.

     

    What you might want to do is download from the Internet OmniDiskSweeper and Grand Perspective (both free) and open them. They will show all of your files and the respective sizes.

     

    https://www.omnigroup.com/more

     

    http://grandperspectiv.sourceforge.net/

     

    Ciao.

  • by rodie0989,

    rodie0989 rodie0989 May 1, 2016 8:01 AM in response to OGELTHORPE
    Level 1 (8 points)
    Mac OS X
    May 1, 2016 8:01 AM in response to OGELTHORPE

    Thank you, this helps. I checked the Other breakdown and the size on my Mac is not justified.

     

    I will have a look at OmniDiskSweeper and Grand Perspective too. What I am looking for is hidden files. Hopefully they are covered.

  • by FatMac>MacPro,

    FatMac>MacPro FatMac>MacPro May 1, 2016 1:12 PM in response to rodie0989
    Level 5 (4,815 points)
    May 1, 2016 1:12 PM in response to rodie0989

    rodie0989 wrote:

     

    ...I was hoping that someone would be able to tell me where virtual machines normally get installed. Also if one is hidden, where I should be looking for it...

    Typically, virtual machine files are stored in the Documents folder, inside a folder called "Virtual Machines," or Parallels, or in the User's folder in a "VirtualBox VMs" directory. The variation makes clear that a virtual machine needs an environment in which to run and Parallels, VirtualBox, or VMware Fusion (which puts its VM's in a "Virtual Machines" folder) typically supply that environment. You might try running Activity Monitor and looking for suspicious active Processes in the CPU tab. Try that with regular booting and booting in Safe Mode (Shift key down at the chime).

     

    However, I don't think it takes a full-fledged Virtual Machine, which can take a lot of space, to do what you are concerned with and OGELTHORPE's recommendation of Malwarebytes should prove more helpful.

  • by BobHarris,

    BobHarris BobHarris May 1, 2016 2:48 PM in response to rodie0989
    Level 6 (19,395 points)
    Mac OS X
    May 1, 2016 2:48 PM in response to rodie0989

    To get OmniDiskSweeper to see "Everything" you need to follow the instructions in the following article:

    <http://www.macobserver.com/tmo/article/how_to_recover_missing_hard_drive_space>


    Boiler Plate Warnings:

     

    If you have a recurring, running out of disk space, problem, then OmniDiskSweeper may help identify where the space is going.  Posting the suspected locations and files will help the forum help you to figure it out.  Remember, we cannot see into your disk, you have to give us information to work with.

     

    DO NOT delete files in your Home Folder -> Library tree as there are things like your iPhone backups, your email messages, your application preferences, etc…  If you think you have found something in your Home Folder -> Library that can be deleted, you should ask first.

     

    DO NOT delete files outside your home folder, as you may end up deleting something essential to Mac OS X, and turn your Mac into an expensive “Door Stop”.

     

    I will point out that you will find some very large files in private -> var -> vm (these are the Mac OS X virtual memory paging files (swapfiles) and where Mac OS X stores the copy of RAM when your Mac is put to sleep).  The swapfile(s) get deleted on reboot, and the sleep image is just going to be created again when you put your Mac to sleep.

     

    If you think you have found something to delete outside your home folder, it would be best to ask first before deleting.  There are many examples of people deleting files outside their home folder, or renaming files, or changing the ownership or file permissions, and then their Mac stops running.  Do not be one of those people.  Ask first.

  • by thomas_r.,

    thomas_r. thomas_r. May 3, 2016 9:28 AM in response to rodie0989
    Level 7 (30,919 points)
    Mac OS X
    May 3, 2016 9:28 AM in response to rodie0989

    rodie0989 wrote:

     

    It is a circumstantial conclusion. My storage distribution is also often off. There is something that messes with my space usage.

     

    That is not an indication that you are infected with any known malware. Also, note that there is absolutely no malware that will install a virtual machine on your computer, nor is there any reason that any malware or hacker would want to do that. A VM is extremely large and resource-hungry, and provides absolutely no benefits to a hacker while being extremely noticeable to the user. Perhaps you're thinking of something like a keylogger or remote access tool?

     

    My guess would be that you have a log file that has grown out of control, or something similar.

     

    I will try Malwarebytes. Thank you.


    Malwarebytes Anti-Malware for Mac will detect any known malware/spyware, as well as legitimate keylogging software (which will be detected as PUPs, or Potentially Unwanted Programs).