Mac hacked, infected, or something? Please help.

Question

Mac hacked, infected, or something? Please help.

Worried my computer has been hacked or tampered with.

Experiencing lots of random bugs and system slowdown as well as internet browsing.

Etrecheck report highlighted these issues

Heavy I/O usage - Your system is under heavy I/O use. This will reduce your performance.

32-bit Apps - This machine has 32-bits apps will not work after macOS 10.14 “Mojave”.

Limited drive access - More information may be available with Full Drive Access.

Lots of weird things happening with my drives too

Launch agents and Launch daemons look iffy.

I have heaps of duplicate processes in Activity Monitor and duplicate apps apparently too.

Never installed this either:

2019-06-03 AdBlock (1.19.1)

2019-06-03 Raindrop.io for Safari (2.2.1)

2019-06-03 PiPifier (1.2.4)

2019-06-03 Todoist (7.1.3)

2019-06-14 Google Drive File Stream

2019-06-18 Raindrop.io (2.2.2)

2019-06-25 MRTConfigData (1.42)

2019-06-25 Gatekeeper Configuration Data (170)

And then this??

Diagnostics Information (past 7 days):

Directory /Library/Logs/DiagnosticReports is not accessible.

Enable Full Drive Access to see more information.

Super grateful for any help.

1st EtreCheck Report

ETRECHECK REPORT

MacBook Pro 15”, macOS 10.14

Posted on Jun 26, 2019 12:26 AM

Reply

Answer 1

Best reply

rcosta887

Level 4

3,598 points

Jun 26, 2019 12:32 AM in response to Cedricfromspace

You can boot into Safe Boot mode by holding SHIFT for 30 seconds when you first power on.

Once you are in Safe Boot mode go to www.malwarebytes.com and download the free trial of that program, install it to the Applications folder and run it and launch a scan. Remove everything it finds.

Hopefully this will take care of any issues with other programs / adware that may be messing up your machine.

Reply

Answer 2

Jul 3, 2019 10:59 PM in response to Cedricfromspace

Jul 4 15:29:59 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent): Unknown key for integer: _DirtyJetsamMemoryLimit

Jul 4 15:30:38 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent): Unknown key for integer: _DirtyJetsamMemoryLimit

Jul 4 15:31:15 Cedrics-MacBook-Pro xpcproxy[10285]: libcoreservices: _dirhelper_userdir: 529: bootstrap_look_up returned (ipc/send) invalid destination port

Jul 4 15:33:07 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.WebKit.Networking.828E2646-8CD1-4498-8939-F9DEDD25F60E[10283]): Service exited with abnormal code: 1

Jul 4 15:33:07 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.WebKit.Networking.E63CE14C-7C51-4B85-B8B4-88F7AEF82852[10281]): Service exited with abnormal code: 1

Jul 4 15:33:07 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.WebKit.Networking.4C45EA89-4BB4-4E6C-BF00-A4CFF466EFAA[10271]): Service did not exit 5 seconds after SIGTERM. Sending SIGKILL.

Jul 4 15:33:27 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.CloudDocs.MobileDocumentsFileProvider[10220]): Extension remained dirty for too long after trying to exit. Killing.

Jul 4 15:37:58 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.quicklook[10293]): Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook

Jul 4 15:37:59 Cedrics-MacBook-Pro login[10297]: USER_PROCESS: 10297 ttys000

Jul 4 15:37:59 Cedrics-MacBook-Pro syslogd[39]: ASL Sender Statistics

Jul 4 15:39:37 Cedrics-MacBook-Pro com.apple.xpc.launchd[1] (com.apple.imfoundation.IMRemoteURLConnectionAgent): Unknown key for integer: _DirtyJetsamMemoryLimit

Reply

Answer 3

Jul 3, 2019 10:32 PM in response to rcosta887

Etrecheck after re-install

I've had more problems. Just did a re-install of the whole system.

And all my network devices were switched off and netstat reported this:

Netstat report

Reply

Mac hacked, infected, or something? Please help.

Similar questions