In need of assistance please...

I ran EtreCheck and will post. It shows high Cpu usage for windowserver.. and others used for remote access. What you have to understand is I KNOW I have remote access on my computer... what I need to know are the answers to the questions I'm asking so I can get a better idea of what type of malware this is and who/why put it here. What are Calvary Logs and who uses them? How could that grithub program "bonzo" windup on my computer?

Thanks you Grant, I appreciate your help... I agree on your last two points... The .plist I posted did look quite complex, yet for even me, a novis, the first line had me questioning the integrity of whom ever wrote it... its looks quite similar to broken glass.... :)

why would it say "Any Apple Boot" if it were properly written for my MacBook? Dont you find that odd? Are all .plists one size fits all? It is the additional latent variables and sub-lists waiting to be enabled that I an worried about... that is why I am here... that is why I am asking for an opinon on what anyone may think the .plist is for, or enableing... What can I expect to find tomorrow? Today, every word seems to be spelled wrong... last week I was translating my emails from French to English.. SUDO is the NetBIOS Name.. ???? Thats not right either... so as for my assesment of what is going on, on this end on the thread... I am quite accurate and you just blew my cover... :)

Thank you for your words of Wisdom my friend.... I can not change the name....it is part of the remote control someone has over my computer. The name Sudo showed up the same day it showed up in the log files... see first post... the log files used to say "Test -MacBook-Pro... now it switched to "Sudo" You tell me why...

2020-12-14 05:57:36-06 Tests-MacBook-Pro softwareupdated[252]: Removing client SUUpdateServiceClient pid=611, uid=501, installAuth=NO rights=(), transactions=0 (/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager)

2020-12-14 07:27:35-06 sudo softwareupdated[252]: SUOSUServiceDaemon: Periodic autoupdate action called

2020-12-14 07:27:45-06 sudo softwareupdated[252]: BackgroundActivity: Starting Background Check Activity

2020-12-14 07:27:45-06 sudo softwareupdated[252]: BackgroundActivity: Starting background actions now.

Im not sure who changed it or or why.. but I know when... (ish)

And if you don't mind.. have you ever seen the glowing blue boxes?? That just started as well.... This is Malware that makes you want to cry... it's evil... you never know what is going to happen next... The blue boxes below.. It doesnt matter if I click "reply" last pic... or the curser to type, middle pic... the show up, and hangs there for awhile... and then there are all of the red lines.... thats the worst! Any suggestions for my overly dramatic assesment of the sitsuation? I warn you.. I havnt even gotten started yet.

Hi Grant,

My computers, phone, etc are being supervised by someone without my permission; there are no Managed Preferences on either computer, but they are being remotely managed. I will show you.. Plrase look for the image that says "system log" as I will attach a few images.. they don't always stay in the correct order. I am on my Mac Air today... I wish we could share my screen so you could really absorb what is going on..

In the system log you will see quite a few things that may stand out, the "remotemanagement" lines are what I want you to look at. Please note, remote management is not enabled on my macs, screen sharing.. ALL sharing if off, stealth is on..All computers have been wiped clean by myself and Apple multiple times.. whatever this is is in my boot.. I believe I know exactly where it goes off the rails during install. Next question under this snapshop..

What are Calvary Loggers? Why do I have PAGES of them?? I tried to place multiple in one screen to allow you to see the "titles"? I ran the jig.min.js on the right, third from bottom through Alien vault and it came back as a compromised_site_redirector_fromcharcode . I literally have PAGES of this stuff. Cont..under pic...

This one... is just called app.js AKA https://github.com/ded/bonzo

Can you tell me where this stuff comes from? how remote management is possible? If you want a challenge and think you can help you are more than welcome to log in and explore...this has been going on for just about a year... the files.. .js files are intermingled in my dropbox... thats how everything got infected.

I cant upload text.. I found this version.plist in;

/Untitled 2/System/Library/SystemProfiler/SPManagedClientReporter.spreporter

?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>BuildAliasOf</key>

<string>MCXTools</string>

<key>BuildVersion</key>

<string>99</string>

<key>CFBundleShortVersionString</key>

<string>8.2</string>

<key>CFBundleVersion</key>

<string>1430</string>

<key>ProjectName</key>

<string>MCXTools</string>

<key>SourceVersion</key>

<string>1430000000000000</string>

</dict>

</plist>

Thoughts??

Thank you!! I appreciate that... I'll be more careful next time.

Hi IdrisSeabright,

First, I do agree with what you are saying.... to a point. Its true logs and files on a Mac can be very confusing BUT...they are not that complicated either. Below is a snip from my console, I am logged in at that time as myself, Marcee, as admin. yet the logs are running as Sudo. the whole stream is above. How does that happen? would you look into this? And at the same time Sudo is the Netbios name... and NO that name could never be changed. A part of the remote management I needed help figuring out.

Jan 1 12:01:46 sudo diagnosticd[2620]: allowing Console (9598) access to stream due to admin status

I have had problems with someone having remote access to my computer for over a year. I have been told to erase and reinstall I have done that on both of my Macs . The problem comes back every single time. Apple erased I erased Today my Mac is honking at me.. yup like when you get an email, or a text the fun alert noises... this computer honks out of the blue like it's mad at me. My Mac Pro is now at Forensics.. they are pulling it apart. Now, I already know, because of the help from Alien Vault and Virus Total I have the Ranson /spyware/ malware Wanna Cry, if you click in the link below it will take you to the tree map of where it started and how it executes. It is absolutely incredible the way this stuff works. It was in my music file... iTunes. I went to iTunes to snoop because it was constantly running in activity monitor and I ran a sample... which lead to apsd/spotlight.... nothing made sense...I'm not a surgeon, and I'm not an engineer, but I dropped those files and I found that F%cking Wanna Cry after a year of ****. I have been on these forums, asking for guidance, help advice,and I have been told I was crazy, I needed mental help, there is nothing there that shows malware, stop looking the files Apple security actually told me it was my fault when I had emojis running through my console . I'm not sure how anyone can say " you haven't shown us anything thats out of the ordinary" . How do you know? Apple doesn't post "Ordinary" Apple doesn't say" this is normal.... that is not... I posted a bootcache above that everyone said was "normal". That scared the crap out of me. Key>PreBoot paths.. stored at ROOT of any Apple Boot and then

Key> disk label. to be TWEEKED FOR THE PICKER and then later after appropriately blessing...

POST BOOTPATH IN RPS DIRECTORIES KNOWN TO BOOTER!!!

 Remote Programming Software (RPS). This is why I am looking for help, I am posting VERY abnormal .plist dedicated to remote access and I am being told everything is normal.

This is why non surgeons go looking for the problem. We know its there, we are told its not and logs can lead to madness. The only thing that leads to madness is looking for help and being told your insane. That happens quite often on these threads and I'm not saying its you or many but I was so ganged up on by people, telling me I needed mental health help, the thread came down.. I came for help and was told I was crazy...

https://www.virustotal.com/graph/embed/ge9360076daab458185304df5bbe36fceb94c81c94df3488d972c37d79b9b7f66

My apologies Grant.... Long story short... go straight to the .plist. All of my apple devices have malware , spyware, hellware on them... bluetooth, wifi, modem, router, remote access, you name it, I have it... clean install will not help. Go to the .plist... I did not create that .plist... I can't imagine the system setting that up so I am asking.. what does anyone out there think is it meant to do?? should I delete as it doesnt look like something I want or like something anyone would want.

The Malware I have gets worse over time... the files on my phone (icloud drive) are being encrypted slowly but surly... I just need help trying to figure this out.. I'm on my own here.

Thank you