Backdoor access being used by hackers?

Question

Mister_Mous Author

Level 1

9 points

Backdoor access being used by hackers?

Is this a hacker trying to use apple’s backdoor to access my laptop?

MacBook Pro 16″, macOS 10.15

Posted on Aug 8, 2020 1:33 AM

Reply

Answer 1

Top-ranking reply

HWTech

Level 9

68,750 points

Aug 8, 2020 4:59 PM in response to Mister_Mous

As EtreCheck shows you have some Adware on the system. Run MalwareBytes as previously suggested to remove the Adware.

https://www.malwarebytes.com/

Also uninstall Kaspersky anti-virus software as well as DrCleaner by following the developers instructions. AV software & cleaning apps are not needed on a Mac (you still got adware with Kaspersky installed so it didn't help you). AV & cleaning apps usually cause more problems than it solves plus they impact system performance.

I see you also have Trusteer endpoint protection installed. If that is not part of the Forinet VPN software, then you should uninstall it as well if it isn't uninstalled by Kaspersky.

Bittorrent can provide you with infected files. Be careful.

FYI, if you do use AV products you should only ever have one product installed since they will conflict with one another and increase the likelihood of problems and performance issues.

Edit: I realize you have MalwareBytes installed. If it isn't up to date, then install the latest version. You may also need to boot into Safe Mode and run MalwareBytes to remove some types of malware.

Reply

Answer 2

Aug 10, 2020 8:32 AM in response to Mister_Mous

You system appears to have been corrupted.

I strongly recommend you do a clean install.

Below you can find detailed instructions on how to perform a clean install.

1) VERY IMPORTANT - BACKUP! You are about to erase your system drive. Never do that without a backup - well, actually, you should have at least two... I recommend a Time Machine on one drive, and a full clone of your system drive in a separate one.

2) Download the full Catalina installer from the App Store. If the installer starts automatically, quit it.

3) Create an installer drive on a thumb drive, following the instructions here:

How to create a bootable installer for macOS - Apple Supportsupport.apple.com › en-us

4) On recent macs, you may need to authorize booting from an external drive, which may be disabled by default. You do this in "Boot Security Utility".

Information about this is available in this support document:

https://support.apple.com/en-us/HT208198

---- do not proceed further without a backup!!!! ----

5) Restart your mac holding the Option key, and select that installer disk to boot your mac

6) Use Disk Utility to reformat your internal drive as APFS

7) Quit Disk Utility and start the installer.

8) When asked, choose to migrate content from "another mac, time machine or drive".

IMPORTANT: elect to migrate ONLY user accounts; NOT applications, settings or other files

Reply

Answer 3

Aug 8, 2020 2:44 AM in response to Mister_Mous

No , but there could be some malware involved. Run MalwareBytes and see what comes up.

Also, you may want to run Etrecheck and post its full report here.

Reply

Answer 4

HWTech

Level 9

68,750 points

Aug 9, 2020 3:56 PM in response to Mister_Mous

Uninstall Kaspersky and DrCleaner and see how the system runs.

Reply

Answer 5

Mister_Mous Author

Level 1

9 points

Aug 8, 2020 3:14 AM in response to Luis Sequeira1

Thanks Luis, here is the report:

EtreCheckPro version: 6.3.1 (6D012)

Report generated: 2020-08-08 12:01:45

Download

EtreCheckPro from https://etrecheck.com

Runtime: 3:07

Performance: Excellent

Problem: Other

problem

Major

Issues:

Anything

that appears on this list needs immediate attention.

Time Machine backup out-of-date -

The last Time Machine backup is over 10 days old.

Adware - Adware

detected.

Unsigned files -

There are unsigned software files installed that could be adware and should be

reviewed.

Minor

Issues:

These

issues do not need immediate attention but they may indicate future problems or

opportunities for improvement.

More than one antivirus app -

This machine has multiple antivirus apps installed.

Heavy network usage -

This machine has recently restarted and has high network usage.

Small backup drive -

Time Machine backup drive is too small.

Clean up - There are

orphan files that could be removed.

Unsigned files -

There are unsigned software files installed. Apple has said that unsigned

software will not run by default in a future version of the operating system.

System modifications -

There are a large number of system modifications running in the background.

32-bit Apps - This

machine has 32-bits apps will not work on current versions of the operating

system.

Kernel extensions present -

This machine has kernel extensions that may not work in the future.

Sharing enabled -

This machine has sharing services enabled that could be a security risk.

Reply

Answer 6

Aug 8, 2020 8:28 AM in response to Mister_Mous

Use the add text button in the reply window to paste the total report.

It appears you have installed a third party antivirus app but without the whole report we are only guessing.

Reply

Answer 7

Mister_Mous Author

Level 1

9 points

Aug 8, 2020 3:15 AM in response to Mister_Mous

Hardware Information:

MacBook Pro

(16-inch, 2019)

MacBook Pro Model: MacBookPro16,1

2.30 GHz 8-Core Intel Core i9 (i9-9880H) CPU:

8-core

16 GB RAM - Not upgradeable

BANK

0/ChannelA-DIMM0 - 8 GB DDR4 2667

BANK 2/ChannelB-DIMM0 - 8 GB DDR4 2667

Battery: Health = Normal - Cycle count = 62

Video Information:

Intel UHD Graphics 630 - VRAM: 1536 MB

AMD Radeon Pro 5500M - VRAM: 4 GB

Color LCD

(built-in) 3584 x 2240

OMEN

by HP 32 2560 x 1440

Drives:

disk0 -

APPLE SSD AP1024N 1.00 TB (Solid State - TRIM: Yes)

Internal

PCI-Express 8.0 GT/s x4 NVM Express

disk0s1

- EFI [EFI] 315 MB

disk0s2

[APFS Container] 1.00 TB

disk1

[APFS Virtual drive] 1.00 TB (Shared by 5 volumes)

disk1s1

- Macintosh HD (APFS) (Shared - 11.23 GB used)

disk1s2

- Macintosh HD - Data (APFS) [APFS Virtual drive] (Shared - 846.41 GB used)

disk1s3

- Preboot (APFS) [APFS Preboot] (Shared - 78 MB used)

disk1s4

- Recovery (APFS) [Recovery] (Shared - 529 MB used)

disk1s5

- VM (APFS) [APFS VM] (Shared - 3.22 GB used)

Reply

Answer 8

Mister_Mous Author

Level 1

9 points

Aug 8, 2020 3:16 AM in response to Mister_Mous

Mounted Volumes:

disk1s1 -

Macintosh HD

1.00

TB (Shared - 11.23 GB used, 149.58 GB available, 138.56 GB free)

APFS

Mount

point: /

Encrypted

Read-only:

Yes

disk1s2 -

Macintosh HD - Data [APFS Virtual drive]

1.00

TB (Shared - 846.41 GB used, 149.58 GB available, 138.56 GB free)

APFS

Mount

point: /System/Volumes/Data

Encrypted

disk1s5 -

VM [APFS VM]

1.00

TB (Shared - 3.22 GB used, 138.56 GB free)

APFS

Mount

point: /private/var/vm

Encrypted

Reply

Answer 9

Mister_Mous Author

Level 1

9 points

Aug 9, 2020 2:49 AM in response to HWTech

Thanks, tried running in safe mode - however when I start Malwarebytes in safe mode I get the following error.

In normal mode malwarebytes found 4 issues and deleted these. See error in safe mode attached

Reply

Answer 10

Mister_Mous Author

Level 1

9 points

Aug 8, 2020 9:46 AM in response to BobTheFisherman

Full report

Reply

Answer 11

Mister_Mous Author

Level 1

9 points

Aug 9, 2020 2:50 AM in response to HWTech

Reply

Answer 12

Mister_Mous Author

Level 1

9 points

Aug 10, 2020 12:26 AM in response to HWTech

Yes did uninstall them. However after running a while the system crashed: the screen icon is all over, dock not responsive, screen turn green and different services asking for the keychain password.

Reply

Backdoor access being used by hackers?

Similar questions