Trying2Understand
Level 1 (8 points)
Desktops

Q: Breach Concern

Hello I am concerned that my computer is hacked, after doing multiple restores, recoveries and hard drive wiping, it  always starts off all well and fine but then after connecting to the internet or after a day it begins to do weird things.. examples are my desktop will change back to default when I have set it up to a personal one, iTune messages will begin to pop up saying can't verify identify of server may be something pretending to be it, Xfuse will just randomly appear, apps install themselves, my permissions change and i don't have access to things, things just turn up ... one being Java.

 

Now i have done a little bit of research and I discovered that someone said java.scripts etc is normal but if you have JAVA then their may be an issue. Now i have Java, I never installed it, I never use it and in fact I can not delete it. I have tried everything. Please see pictures. If anyone could help me understand what is happening that would be great and I would much appreciated. I have a solid reason for concerns on being hacked personally by someone I know, the only way I can think of how my computer keeps getting infected is via usb, or my emails, or when I stupidly trusted them and gave them remote access once that they went deep into firmware or something and did not do a half *** job when they planned their attack early this year. I am not computer savvy and I waste too much time on trying to figure it out, I thought I would ask on here.

 

Also I forgot to mention - It was installed or (modified) on the 2nd of August - Now I was in QLD and my computer was turned off and no one had physical access to it at that time ? I guess this can also back up as to why I think that I am hacked.

 

Cheers!

 

Java.png

Screen Shot 2016-09-02 at 1.56.15 AM.pngWont let me remove.png

Screen Shot 2016-09-02 at 1.28.29 AM.png

Posted on Sep 1, 2016 9:42 AM

Close
Trying2Understand

Q: Breach Concern

  • All replies
  • Helpful answers

  • by rkaufmann87,

    rkaufmann87 rkaufmann87 Sep 1, 2016 9:45 AM in response to Trying2Understand
    Level 9 (58,073 points)
    Photos for Mac
    Sep 1, 2016 9:45 AM in response to Trying2Understand

    Your computer likely has not been hacked. However we can look to see if you have some obvious issues by posting an EtreCheck report of your system. Please click the link, download the app and run the report. Once you have the report, please copy and paste it to your reply to this post.

     

    If you would like more info on what EtreCheck is, simply click the link and you will find a description of the app.

  • by ServiceEngineer78,

    ServiceEngineer78 ServiceEngineer78 Sep 1, 2016 9:54 AM in response to Trying2Understand
    Level 1 (115 points)
    iPhone
    Sep 1, 2016 9:54 AM in response to Trying2Understand

    Hi,

     

    I'm not going to pretend like I know what is going on from your screenshots, however, I can tell you, that if you DID in fact have some sort of spyware/malware/virus on your Mac, that doing a restore from time machine would put it right back on there. I would look for Malwarebytes and see if it picks up on anything. You can also give Avast a whirl as it has a free antivirus for the Mac.

     

    Like Rkaufman87 said, etrecheck is a great tool as well

  • by Ferd II,

    Ferd II Ferd II Sep 1, 2016 10:05 AM in response to ServiceEngineer78
    Level 7 (28,109 points)
    Applications
    Sep 1, 2016 10:05 AM in response to ServiceEngineer78

    ServiceEngineer78 wrote:

     

    You can also give Avast a whirl as it has a free antivirus for the Mac.

     

     

    I would advise strongly to avoid Avast. Read: https://discussions.apple.com/search.jspa?q=avast&sort=updatedDesc for further clarification.

    SmallWings.png

  • by rkaufmann87,

    rkaufmann87 rkaufmann87 Sep 1, 2016 10:09 AM in response to ServiceEngineer78
    Level 9 (58,073 points)
    Photos for Mac
    Sep 1, 2016 10:09 AM in response to ServiceEngineer78

    I strongly recommend against installing any antivirus. Avast (as with most OS X AV apps) is worthless and tends to create more problems that it solves for OS X. OS X is extremely secure and there are zero viruses for OS X, there is an extremely small amount of other types of malware however users have to consciously install those. Using a little common sense will make a Mac completely safe. Common sense such as:

     

    • Never download from an untrusted site.
    • If a user gets an e-mail, phone call or pop up advising their computer has been compromised, this is a SCAM. Reading and following the advice in Phony "tech support" / "ransomware" popups and web pages is extremely useful.
    • Do not use a torrent to download any software you didn't pay for.

  • by John Galt,

    John Galt John Galt Sep 1, 2016 10:46 AM in response to Trying2Understand
    Level 8 (48,346 points)
    Mac OS X
    Sep 1, 2016 10:46 AM in response to Trying2Understand

    I believe you have been misled about Java concerns, which have caused you to go in a wrong direction searching for a Java exploit.

     

    As a non-Apple product, Java has been, and always will remain, a potential vector for malware intrusion. When a particular Java vulnerability is discovered, it's up to Oracle to fix it. Until then, Apple will automatically block that version and prevent it from operating. That presupposes you keep OS X up to date using Apple's recommended security settings.

     

    Read How to disable the Java web plug-in in Safari - Apple Support.

     

    If you do not want Java installed on your Mac, uninstall it.

     

    However, Java is not the concern here:

     

    Trying2Understand wrote:

     

    ... when I stupidly trusted them and gave them remote access once that they went deep into firmware or something ...

     

    If you willfully granted someone remote access to your Mac, then that someone had access to it equal to your own, with an equal ability to modify it. There is only one solution: erase the Mac completely and reconfigure it as you would a a new Mac. When you do so, designate different passwords for every service that requires authentication.

     

    There is no point in using "EtreCheck" for this concern, and installing utterly worthless "anti-virus" garbage will only add to your misery. Nether one is capable of identifying additional users of that Mac.

  • by Trying2Understand,

    Trying2Understand Trying2Understand Sep 1, 2016 10:54 AM in response to rkaufmann87
    Level 1 (8 points)
    Desktops
    Sep 1, 2016 10:54 AM in response to rkaufmann87

    EtreCheck version: 3.0.3 (307)

    Report generated 2016-09-02 03:50:44

    Download EtreCheck from https://etrecheck.com

    Runtime 1:53

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

     

    Show signature failures: Enabled

     

    Problem: Other problem

     

    Hardware Information:

        iMac (21.5-inch, Late 2013)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac14,1

        1 2.7 GHz Intel Core i5 CPU: 4-core

        8 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                4 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en1: 802.11 a/b/g/n/ac

     

    Video Information:

        Intel Iris Pro

            iMac 1920 x 1080

     

    System Software:

        OS X El Capitan 10.11.6 (15G31) - Time since boot: about 3 hours

     

    Disk Information:

        APPLE HDD HTS541010A9E662 disk0 : (1 TB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            W-oot (disk0s2) / : 999.35 GB (760.76 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

    USB Information:

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

        Apple Inc. FaceTime HD Camera (Built-in)

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store

     

    Adware:

        ~/Library/LaunchAgents/com.spigot.ApplicationManager.plist

        One adware file found. [Remove]

     

    Kernel Extensions:

            /Applications/AnonVPN.app

        [not loaded]    net.tunnelblick.tun (20111101 (Tunnelblick build 4054) - 2016-08-31) [Support]

     

            /Library/Extensions

        [loaded]    at.obdev.nke.LittleSnitch (3.6.4 - SDK 10.8 - 2016-09-01) [Support]

     

    System Launch Agents:

        [running]    com.apple.Finder.plist (2016-02-19)

        [loaded]    com.apple.FollowUpUI.plist (2016-02-12)

        [loaded]    com.apple.ScreenReaderUIServer.plist (2016-02-17)

        [loaded]    com.apple.VoiceOver.plist (2016-02-17)

        [loaded]    com.apple.java.InstallOnDemand.plist (2015-08-11)

        [loaded]    com.apple.powerchime.plist (2016-02-23)

        [loaded]    com.apple.quicklook.32bit.plist (2016-02-05)

        [running]    com.apple.quicklook.plist (2016-02-05)

        [loaded]    com.apple.quicklook.ui.helper.plist (2016-02-05)

        [not loaded]    6 Apple tasks

        [loaded]    148 Apple tasks

        [running]    75 Apple tasks

     

    System Launch Daemons:

        [not loaded]    org.cups.cups-lpd.plist (2016-03-23) - /usr/libexec/cups/daemon/cups-lpd: Executable not found!

        [not loaded]    45 Apple tasks

        [loaded]    157 Apple tasks

        [running]    88 Apple tasks

     

    Launch Agents:

        [running]    at.obdev.LittleSnitchUIAgent.plist (2016-09-01) [Support] - Invalid signature!

        [not loaded]    com.maintain.LogOut.plist (2016-08-31)

        [not loaded]    com.maintain.PurgeInactiveMemory.plist (2016-08-31) [Support] - Invalid signature!

        [not loaded]    com.maintain.Restart.plist (2016-08-31)

        [not loaded]    com.maintain.ShutDown.plist (2016-08-31)

        [not loaded]    com.maintain.Sleep.plist (2016-08-31)

        [running]    com.maintain.SystemEvents.plist (2016-08-31) - Invalid signature!

     

    Launch Daemons:

        [running]    at.obdev.littlesnitchd.plist (2016-09-01) [Support]

        [loaded]    com.coolmuster.AndroidDataRecoveryHelper.plist (2016-08-30) [Support]

        [loaded]    com.coolmuster.DataRecoveryHelper.plist (2016-08-30) [Support]

        [running]    com.easeus.dataprotectbackup.plist (2016-09-01) [Support] - Invalid signature!

        [not loaded]    com.maintain.CocktailScheduler.plist (2016-08-31)

        [not loaded]    com.maintain.HideSpotlightMenuBarIcon.plist (2016-08-31)

        [loaded]    com.malwarebytes.HelperTool.plist (2016-09-01) [Support]

     

    User Launch Agents:

        [running]    com.spigot.ApplicationManager.plist (2016-09-01) Adware!  [Remove]

            ~/Library/Application Support/Spigot/ApplicationManager

        [running]    com.spotify.webhelper.plist (2016-08-31) [Support]

     

    Internet Plug-ins:

        QuickTime Plugin: 7.7.3 (2016-08-31)

     

    3rd Party Preference Panes:

        None

     

    Time Machine:

        Time Machine not configured!

     

    Top Processes by CPU:

             2%    WindowServer

             2%    kernel_task

             2%    fontd

             0%    com.apple.WebKit.WebContent

             0%    DRWTray

     

    Top Processes by Memory:

        771 MB    kernel_task

        188 MB    mds_stores

        188 MB    mdworker(8)

        139 MB    iTunes

        123 MB    com.apple.WebKit.WebContent

     

    Virtual Memory Information:

        3.05 GB    Free RAM

        4.94 GB    Used RAM (2.36 GB Cached)

        3 MB    Swap Used

     

    Diagnostics Information:

        Sep 2, 2016, 12:29:24 AM    Self test - passed

        Sep 1, 2016, 05:45:14 PM    /Library/Logs/DiagnosticReports/Data Transform_2016-09-01-174514_[redacted].cpu_resource.diag [Details]

            /Applications/Data Transform.app/Contents/MacOS/Data Transform

        Sep 1, 2016, 10:14:27 AM    ~/Library/Logs/DiagnosticReports/File Spy_2016-09-01-101427_[redacted].crash

            com.fiplab.filespy - /Applications/File Spy.app/Contents/MacOS/File Spy

        Sep 1, 2016, 06:19:43 AM    ~/Library/Logs/DiagnosticReports/Data Transform_2016-09-01-061943_[redacted].crash

        Sep 1, 2016, 06:02:18 AM    ~/Library/Logs/DiagnosticReports/File Spy_2016-09-01-060218_[redacted].crash

        Sep 1, 2016, 05:46:13 AM    ~/Library/Logs/DiagnosticReports/VLC_2016-09-01-054613_[redacted].crash

            org.videolan.vlc - /Applications/VLC.app/Contents/MacOS/VLC

        Sep 1, 2016, 04:23:07 AM    ~/Library/Logs/DiagnosticReports/PlistEdit Pro_2016-09-01-042307_[redacted].crash

            com.fatcatsoftware.pledpro - /Applications/PlistEdit Pro.app/Contents/MacOS/PlistEdit Pro

        Sep 1, 2016, 02:45:15 AM    ~/Library/Logs/DiagnosticReports/Malwarebytes Anti-Malware_2016-09-01-024515_[redacted].crash

            com.malwarebytes.antimalware - /Volumes/VOLUME/Malwarebytes Anti-Malware.app/Contents/MacOS/Malwarebytes Anti-Malware

        Aug 31, 2016, 04:48:17 AM    /Library/Logs/DiagnosticReports/HexEdit_2016-08-31-044817_[redacted].hang

            /Applications/HexEdit Release/HexEdit.app/Contents/MacOS/HexEdit

        Aug 31, 2016, 04:44:25 AM    /Library/Logs/DiagnosticReports/Cocktail_2016-08-31-044425_[redacted].hang

            /Applications/Cocktail.app/Contents/MacOS/Cocktail

        Aug 31, 2016, 04:41:20 AM    /Library/Logs/DiagnosticReports/Cocktail_2016-08-31-044120_[redacted].hang

        Aug 31, 2016, 04:27:04 AM    /Library/Logs/DiagnosticReports/Cocktail_2016-08-31-042704_[redacted].hang

        Aug 31, 2016, 04:22:02 AM    /Library/Logs/DiagnosticReports/Cocktail_2016-08-31-042202_[redacted].hang

        Aug 31, 2016, 03:23:38 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032338_[redacted].cras h

            Oak.AliasManager - /Applications/AliasManager.app/Contents/MacOS/AliasManager

        Aug 31, 2016, 03:23:31 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032331_[redacted].cras h

        Aug 31, 2016, 03:23:17 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032317_[redacted].cras h

        Aug 31, 2016, 03:23:15 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032315_[redacted].cras h

        Aug 31, 2016, 03:23:11 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032311_[redacted].cras h

        Aug 31, 2016, 03:23:09 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032309_[redacted].cras h

        Aug 31, 2016, 03:23:03 AM    ~/Library/Logs/DiagnosticReports/AliasManager_2016-08-31-032303_[redacted].cras h

        Aug 31, 2016, 01:58:36 AM    /Library/Logs/DiagnosticReports/Cocktail_2016-08-31-015836_[redacted].hang

            /Volumes/*/Cocktail.app/Contents/MacOS/Cocktail

        Aug 31, 2016, 12:13:49 AM    /Library/Logs/DiagnosticReports/TextWrangler_2016-08-31-001349_[redacted].hang

            /Applications/TextWrangler.app/Contents/MacOS/TextWrangler

        Aug 31, 2016, 12:00:09 AM    /Library/Logs/DiagnosticReports/TextWrangler_2016-08-31-000009_[redacted].hang

        Aug 30, 2016, 11:57:57 PM    /Library/Logs/DiagnosticReports/TextWrangler_2016-08-30-235757_[redacted].cpu_r esource.diag [Details]

  • by rkaufmann87,

    rkaufmann87 rkaufmann87 Sep 1, 2016 2:56 PM in response to John Galt
    Level 9 (58,073 points)
    Photos for Mac
    Sep 1, 2016 2:56 PM in response to John Galt

    Your system isn't too bad however it does have some adware installed which should be removed. Open the report again and go to the Adware section, click the link to remove the adware.

     

    Next, I don't see that you are backing up your computer. This is extremely dangerous as can easily lose all of your data. At the very least you should be using Time Machine to back up your computer. Operating any computer without a backup is shortsighted and potentially catastrophic. You could lose irreplaceable data, actually that isn't a matter if "if" but "when"! If you are not famillar with TM then please carefully look over Use Time Machine to back up or restore your Mac - Apple Support.

     

    After you have backed up your computer, then you should follow the advice John provided. I missed that you gave control of your computer to someone, unless you contact AppleCare, you should NEVER do that!!!! Once you have wiped the computer clean then you can restore your data, and manually install the apps. Make sure you change all passwords stored on the computer, you don't know what you have put at risk!