neuegirl

Q: Detect spyware and determine who is spying on my imac

I might be paranoid -- but need to know at this point if someone very close to me has installed spyware on my mac. I keep finding forums that say to back up files and just restart your system and wipe everything clean, change passwords, etc. But this won't work for me for a couple of reasons: 1) I really need to know if there is someone close to me who has installed this on my computer and would like to find the IP address that the information is headed to. and 2) the person in question still has access to my computer and almost all of my passwords.

 

Please can we not get into why I think this person is spying, etc. and if anyone knows anyway for me to detect spyware and determine where information is being sent that would be the most helpful.

 

Would greatly appreciate any help here as I am paranoid about even looking up these kinds of things of my home computer (which i am doing now) and my iphone. (which I also need help with determining if it has spyware on it).

 

Thanks very much for any help.

iMac, Mac OS X (10.7.5)

Posted on Mar 24, 2013 5:22 AM

Close

Q: Detect spyware and determine who is spying on my imac

  • All replies
  • Helpful answers

first Previous Page 5 of 5
  • by andrierov,

    andrierov andrierov Apr 30, 2016 5:24 AM in response to Linc Davis
    Level 1 (4 points)
    Apr 30, 2016 5:24 AM in response to Linc Davis

    Hi Davis,

     

    I followed your instruction and this is the results:

     

    Andrie:~ andrierov$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    com.rim.driver.BlackBerryUSBDriverInt (0.0.97)

    com.hzsystems.terminus.driver (4)

    Andrie:~ andrierov$

    Andrie:~ andrierov$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    com.rim.tunmgr

    com.macpaw.CleanMyMac3.Agent

    com.rim.BBDaemon

    com.adobe.ARMDC.Communicator

    com.microsoft.office.licensing.helper

    com.adobe.SwitchBoard

    com.adobe.fpsaud

    com.adobe.ARMDC.SMJobBlessHelper

    Andrie:~ andrierov$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.yourcompany.ejectUdisk

    com.rim.blackberrylink.BlackBerry-Link-Helper-Agent

    com.rim.BBLaunchAgent

    com.omnigroup.OmniCrashCatcher.i1

    com.bittorrent.uTorrent

    com.paragon.ntfs.trial

    com.canon.MFManager

    com.valvesoftware.steamclean

    com.rim.RimAlbumArtDaemon

    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d

    com.rim.PeerManager

    com.paragon.ntfs.upd

    com.google.keystone.user.agent

    com.spigot.ApplicationManager

    Andrie:~ andrierov$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    EOS Utility, Flickr Uploadr, CleanMyMac 3 Menu

    Andrie:~ andrierov$

  • by MadMacs0,

    MadMacs0 MadMacs0 Apr 30, 2016 5:37 AM in response to andrierov
    Level 5 (4,791 points)
    Apr 30, 2016 5:37 AM in response to andrierov

    Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.


    You will always be better off posting a new topic without posting any diagnostics until requested.


    That's just the way this forum works best.


    I do see that you have been infected with Spigot Adware. You need to get rid of CleanMyMac3 before it does any more damage to your system and uTorrent will only get you in more trouble.

  • by thdedeaux,

    thdedeaux thdedeaux May 31, 2016 2:00 PM in response to Linc Davis
    Level 1 (4 points)
    May 31, 2016 2:00 PM in response to Linc Davis

    i did everything you said for that person to do what am I looking for that would tell me someones been looking?

  • by hightree3,

    hightree3 hightree3 Aug 12, 2016 1:11 AM in response to Linc Davis
    Level 1 (4 points)
    Aug 12, 2016 1:11 AM in response to Linc Davis

    I wanted to thank you before I start. I hope this eases my paranoia. I tried your suggestion and this is what I got:

     

    Last login: Thu Aug 11 18:15:04 on console

    Mac-Users-MacBook-Pro:AppleVNCServer.bundle theresarusnak$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    Mac-Users-MacBook-Pro:AppleVNCServer.bundle theresarusnak$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

    Sorry, try again.

    Password:

    com.microsoft.office.licensing.helper

    com.adobe.fpsaud

    Mac-Users-MacBook-Pro:AppleVNCServer.bundle theresarusnak$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.microsoft.autoupdate.fba.66912

    com.getdropbox.dropbox.76512

    com.google.keystone.user.agent

    Mac-Users-MacBook-Pro:AppleVNCServer.bundle theresarusnak$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

    ACS6x.kext

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

    hp_io_enabler_compound.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AudioMixEngine.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Default Browser.plugin

    Disabled Plug-Ins

    Flash Player.plugin

    Quartz Composer.webplugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.microsoft.office.licensing.helper.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleAVCIntraCodec.component

    AppleHDVCodec.component

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    AppleMXFImport.component

    AppleProResCodec.component

    DVCPROHDCodec.component

    FCP Uncompressed 422.component

    IMXCodec.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

    Mac-Users-MacBook-Pro:AppleVNCServer.bundle theresarusnak$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Dropbox

    Mac-Users-MacBook-Pro:AppleVNCServer.bundle theresarusnak$

  • by MadMacs0,

    MadMacs0 MadMacs0 Aug 12, 2016 1:24 AM in response to hightree3
    Level 5 (4,791 points)
    Aug 12, 2016 1:24 AM in response to hightree3

    I guess you missed my earlier comment.

     

    Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.

     

    You will always be better off posting a new topic, fully explaining whatever issues you are experiencing without jumping to conclusions about what might be causing them and without posting any diagnostics until requested.

     

    That's just the way this forum works best.

  • by hightree3,

    hightree3 hightree3 Aug 12, 2016 11:49 AM in response to MadMacs0
    Level 1 (4 points)
    Aug 12, 2016 11:49 AM in response to MadMacs0

    Thank you. It was my first post in a setting like this and didn't even

    think to look at the date. I appreciate the pointer.

     

    On Aug 12, 2016 3:24 AM, "Apple Support Communities Updates" <

  • by hightree3,

    hightree3 hightree3 Aug 12, 2016 11:52 AM in response to neuegirl
    Level 1 (4 points)
    Aug 12, 2016 11:52 AM in response to neuegirl

    Thank you. It was my first post in a setting like this and didn't even think to look at the date. I appreciate the pointer.

  • by Pinkalmond,

    Pinkalmond Pinkalmond Sep 8, 2016 6:36 AM in response to ssls6
    Level 1 (4 points)
    Sep 8, 2016 6:36 AM in response to ssls6

    Hi Linc!

    Thanks so much for this info! I've followed the steps but I don't know what "post output" means, so i obviously haven't done that! Please advise? I would really appreciate your help! Is "Activity Monitor" a tracking app? If so, how do I remove it?   Also, since I've done that, I can't relaunch Finder?!!

  • by Meg St._Clair,

    Meg St._Clair Meg St._Clair Sep 8, 2016 6:49 AM in response to Pinkalmond
    Level 9 (58,860 points)
    iPhone
    Sep 8, 2016 6:49 AM in response to Pinkalmond

    Pinkalmond wrote:

     

    Hi Linc!

    Thanks so much for this info! I've followed the steps but I don't know what "post output" means, so i obviously haven't done that! Please advise? I would really appreciate your help! Is "Activity Monitor" a tracking app? If so, how do I remove it?  Also, since I've done that, I can't relaunch Finder?!!

    From MadMacs0's comment above:

     

    Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.

     

    You will always be better off posting a new topic, fully explaining whatever issues you are experiencing without jumping to conclusions about what might be causing them and without posting any diagnostics until requested.

     

    That's just the way this forum works best.

first Previous Page 5 of 5