Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Marcees1436
Marcees1436 Author
User level: Level 1
15 points

In need of assistance please...

Good Morning and Happy New Year,


I have been having difficulties with remote management on all of my devices... has anyone ever seen anything like this? Is there anything in this .plist that gives any clues on what I am dealing with? what ever it is?? I have erased and reinstalled clean versions of os on my macbook pro, macbook air , iphone and ipad multiple times via recovery and boot drive; all problems return. Yes.. The remote access returns. Today sudo "runs" my computer ever though I am logged in as myself / admin. Please know, I have never touched my disks, re-formatted anything on this computer... Sorry for the pictures... I could not upload the file.


Jan 1 12:01:46 sudo diagnosticd[2620]: allowing Console (9598) access to stream due to admin status

Jan 1 12:01:46 sudo diagnosticd[2620]: Posting stream filter: "{

global = 47245099008;


And this one;


Jan 1 12:04:19 sudo syncdefaultsd[12336]: objc[12336]: Class SYDClient is implemented in both /System/Library/PrivateFrameworks/SyncedDefaults.framework/Versions/A/SyncedDefaults and /System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd. One of the two will be used. Which one is undefined.

Jan 1 12:04:19 sudo syncdefaultsd[12336]: objc[12336]: Class SYDJournal is implemented in both /System/Library/PrivateFrameworks/SyncedDefaults.framework/Versions/A/SyncedDefaults and /System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd. One of the two will be used. Which one is undefined.





MacBook Pro 13″, macOS 11.1

Posted on Jan 1, 2021 10:57 AM

Reply
Question marked as Best reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,879 points

Posted on Jan 2, 2021 6:33 PM

The workgroup-name (used for naming the Windows workgroup, if present) is user settable. If you don't like that name, just type something else. On most Macs, it does nothing at all.


Digging in plists and log files without a completely specific item you are looking for is a recipe for madness.


These files are the product of hundreds to thousands of programmer-years of effort, and they are carrying substantial historical baggage, and possibly "hooks" for features we have never heard of, not even as rumors.



View in context

Similar questions

30 replies
User profile for user: IdrisSeabright
IdrisSeabright
User level: Level 10
156,905 points

Jan 28, 2021 9:05 AM in response to Marcees1436

Marcees1436 wrote:

this stuff hides... and looking in your files is the only way to find it.

But, unless you know what you're looking for, you'll find lots of stuff that you think is a problem but which is not. It's sort of like doing abdominal surgery. Unless you're a surgeon, it's all going to look messy and weird and you won't be able to tell a spleen from a tumor.


Nothing you've show so far indicates any kind of malware.

Reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,879 points

Jan 28, 2021 9:28 AM in response to Marcees1436

<< this stuff hides... >>


Not in Mac OS Catalina and later with a locked system volume and checksummed signed, sandboxed Apps it don't.


Anything that manages to attach itself to a system files cause the system to no longer boot. Anything that manages to add itself to the system Volume is in plain sight, and still has to be approved by you to become executable.

Reply
User profile for user: Marcees1436
Marcees1436 Author
User level: Level 1
15 points

Jan 30, 2021 12:44 PM in response to Grant Bennet-Alder

Hi Grant,


Of what actually occurring? My Mac being hacked? Well OK, I asked you about the glowing boxes, the boot cache above, Sudo in the console even though I was logged in as well as my Netbios name... you told me to look in a specific folder..whitch was /library/managed preferences which I did... I showed you a screen shot that stated that folder could not be found. You told me to look for MCX.plist files... I showed you the below.... its on the first page of this thread... I showed you the text I was typing at that time with every word underlined (spellcheck).... I showed you everything you asked for.. I put it right in front of you then some... and your answer to my question was this

"Looking in logs without knowing exactly what you are looking for is the path to madness"

Now above you are telling me I am not providing "Symptoms" Can you help with the symptoms I've put in front of you and the .plist you asked for and we can move on from there?


/Untitled 2/System/Library/SystemProfiler/SPManagedClientReporter.spreporter


?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>BuildAliasOf</key>

<string>MCXTools</string>

<key>BuildVersion</key>

<string>99</string>

<key>CFBundleShortVersionString</key>

<string>8.2</string>

<key>CFBundleVersion</key>

<string>1430</string>

<key>ProjectName</key>

<string>MCXTools</string>

<key>SourceVersion</key>

<string>1430000000000000</string>

</dict>

</plist>

I did and showed you there were no profiles there. My machine is literally honking at me now..


Reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,879 points

Jan 30, 2021 3:45 PM in response to Marcees1436

One file you showed with wannacry inside is inside diskpart.exe. (or something like that the letters are too fuzzy to make out exactly.)


.exe files are Windows executables. No matter how hard you try, you will NOT be able to execute stuff from inside an .exe file under MacOS.


It is just random junk. I dunno how it got on your Mac, but it does not matter. It cannot possibly become executable, and is not a threat.


another one you analyzed was named filemaker17.advanced .pkg or something like that. I do not know whether that is what it is supposed to be, but if you got a garbage file from somewhere, why not just chuck it out and be done with it?

Reply

In need of assistance please...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up