User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

My Mac Book Air is Been Hacked - 0

Hi Respected Sir / Madam


I have lots of unresolved issue on my MacBook Air, which I have shared in the Apple Support Community by name kbnikhil as I have shared below screen shots




as I could see that Mac OS were getting heavily unstable and not working for me.


even I had a reinstall of MacOS Catelina from Apple Authorised Service Centre Imagine Store at Bangalore India, in the month of April 2022


even then seen high crashes were seen on applications like Text Editors, Face Time, High Encryption was seen on iMessages as I was reporting from almost a year now, it is not getting resolved, Antivirus Programs are not revealing any malware, virus, spyware, bloatware etc..,

But Operating System Gets Updated regularly, .


then I recently came across the below website which suggest there may be a Hacking going on my macOS Catalina.


https://macmyths.com/how-to-tell-if-someone-is-remotely-accessing-your-mac/


I had fallow all there steps, as flows


on System Preferences, Sharing Folder I did not find Screen Sharing Enabled so went on to next steps as fallows


Verify If New User Accounts Have Been Added


Fallowing Command Executed in Terminal


dscl . list /Users | grep -v '^_'


Out Put of the command as fallows


daemon

MyUserAccount

nobody

root


It Looks Normal


Check Which Programs Have Access To Camera And Mic


Fallowing Command Executed in Terminal


lsof | grep -i "AppleCamera"


No OutPut


Logs from /var/logs


Check The Logs For Possible Access Issues

found some things





WebKit Used to sharing was having to see getting sigkill,


also FsckAps Logs showing many disk present



also Failed iBooks Application



Also Failed Photos Application



And Other Applications


Also found Some BloatWare like Studentd Application



After All the Above things and Many Reinstalls still facing lots and lots of Application Failure, OverHeat, Network issues, Apple Store Issues and Many more etc..


So As per the

Al "MacMyths Autor"

Hi, I am Al. I've been working with computers for more than 20 years and I am passionate about Apple products.


is my macBook Catalina Os is Hacked If Yes how to tell, and get rid of these Hackers from my system


Eagerly waiting for some answer or some solution


thank you for listening hopefully I will get faster solution to it

thank you All


K B Nikhil


Posted on Oct 26, 2022 3:13 AM

Reply

Similar questions

22 replies
User profile for user: John Galt
John Galt
User level: Level 10
155,474 points

Nov 28, 2022 5:25 AM in response to kbnikhil

The point is that Mac has been riddled with so much non-Apple "anti-virus" junk that it cannot possibly function normally. Even worse, Apple's built-in defenses intentionally have been disabled. It is a candidate for a complete erasure to its factory default settings. I recommend you do that. Follow these instructions: What to do before you sell, give away, or trade in your Mac - Apple Support.


When reconfiguring is as new, do not reinstall the junk. Rule 1 of Macs is don't install junk.


EtreCheck did not provided information about "open directory" "httpd " and " webkit" "studentd "


Those are normal macOS components. There is no information for EtreCheck to provide.

Reply
User profile for user: jeffreythefrog
jeffreythefrog
User level: Level 6
14,166 points

Nov 16, 2022 6:35 AM in response to kbnikhil

well, first off, have you uninstalled whatever antivirus app you earlier used to run your scans?


and second, i'm thinking you should download and run the free version of EtreCheck so we can see if you have some software installed that is causing your issue. make sure you give "full disk access" to etrecheck. Learn how to use it by reading Using EtreCheck. if you need help interpreting the report, you can see how to post the report here by reading How to use the Add Text Feature When Posting Large Amounts of Text, i.e. an Etrecheck Report. and it automatically obscures sensitive things (like serial numbers) so you don't have to worry about sharing the report here.

Reply
User profile for user: jeffreythefrog
jeffreythefrog
User level: Level 6
14,166 points

Oct 26, 2022 8:43 AM in response to kbnikhil

kbnikhil wrote:

Antivirus Programs are not revealing any malware, virus, spyware, bloatware etc..,

which antivirus programs are you using?


those types of apps, as well as any apps that claim to "optimize" or "clean up" or "speed up" your Mac are well known to cause MAJOR issues within macOS while providing zero protection or benefits. I would say that completely removing the antivirus apps, or any "optimizing" apps could very well help you with the issues that you are reporting.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,474 points

Nov 22, 2022 4:20 AM in response to kbnikhil

I have also scanned for any malware, viruses, Spyware, from two Anti-virus product like COMODO Client, with Bit defender with no infection at all.


You need to uninstall all that junk as jeffreythefrog wrote earlier:


jeffreythefrog wrote:
well, first off, have you uninstalled whatever antivirus app you earlier used to run your scans?


Rule 1 of Macs is don't install junk.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,474 points

Jan 11, 2023 9:34 AM in response to kbnikhil

Hi Nikhil, the information you provided contains no evidence of malicious interference. If that Mac is working the way you expect then there is no reason for concern. Upgrade macOS if you wish: Upgrade to macOS Ventura - Official Apple Support.


If that Mac is not eligible for Ventura or if you prefer to stop at "Catalina", follow these instructions instead: How to download macOS - Apple Support. You may need to install an intermediate version of macOS first, so write back if you need help with that.


Enjoy your Mac.

Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Jan 3, 2023 10:55 PM in response to John Galt

Hi Apple community Support,


Thank you all for continued support.


As per the Discussion I went on erase and reinstall macOS as fallows



Catalina Reinstall had issues. With install media.



Reformat show present of 32MB files.



Low-level formatting showing 221MB present.



Formatting to APFS files


Present of 125mb other volumes.


Also I have taken some macOS Recovery Utility, terminal command



Above is ps aux Command


Below 3 photo. Of launchctl list command.



Page 02



Page 03



Then I went and reinstall Default MacOS Marvicks



Second step in install of MacOS Marvicks



After successful MacOS Marvicks install


Fallow command ps aux showing anonymous, is running.



Thunderbolt network system auto configured.



All commands like odutil etc.. still well configured result


Eagerly waiting for simple solution.


Thank you all for listening and continued support.


Thank you.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,474 points

Jan 4, 2023 8:04 AM in response to kbnikhil

kbnikhil wrote:
Then I went and reinstall Default MacOS Marvicks


Stop there. At that point, do nothing else other than to upgrade to the macOS version you desire. Nothing else is relevant, unless you need additional help upgrading from Mavericks. Install nothing, do nothing. Just upgrade macOS according to Upgrade to macOS Ventura - Official Apple Support. If that Mac is not eligible for macOS "Ventura," you might be able to install an earlier version of macOS instead. Please back if you need help with that.


Eagerly waiting for simple solution.


If the solution is not erasing and reinstalling macOS (which you appear to have successfully accomplished) what solution are you seeking?

Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Oct 29, 2022 6:28 AM in response to kbnikhil

hi All, and jefferythefrog


I do not Know wether it is any antivirus or some Malware or spyware causing all the **** of failures.


I went through Googling asking questions etc.. to online communities like apple support communities, ESET Communities.


also went through some books to find out why I have unknown issues like Network Related, Over Battery Drain, TMB Back up highly encrypted keychain, issue, Mac OS Mavericks, Over download no install issues etc..


and after that I started to get some commands as fallows and its output now I have to figure it out what they mean and how to rectify if needed so my MacOS responds properly to me,


even tried Mac OS Catalina installed by Apple Authorise Imagine service Centre, in the month of April 2022 Started to provide issues, with in weeks. ??


Hopefully it would resolved some day,


some of the commands that I executed over the Terminal


Terminal Command "ls -l /dev/* "

Terminal Command " launchctl limit "


Termina Command " scutil --dns "


Terminal Command " df -h "


some of the terminal command but still I face app failures like iBook and Photos

even after giving full disk access to the iBook etc..

as shared in the screen shot



Also Bloatware like studentd etc.. are getting blocked by Norton 360 but it is a bloatware as shared in the screen shot



as posted in website "https://apple.stackexchange.com/questions/429638/how-can-i-disable-the-studentd-process"



I am unable to understand so many Launch Agents with Daemons also lot many bloat ware are running, or may be a hacker issue causing all the related troubles.


I am hoping some Answers to all the heavy battery drain, unexpected missing of files even the logs were seen to be missing and ESET high network issue as reported,


I do hope I get to know how to get rid of hackers from my Apple Mac OS Catalina .


thank you for listening hope for some support and solution


thank you all

Nikhil


Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Nov 16, 2022 4:39 AM in response to kbnikhil

continue to next post as it is not allow more than 5000 character per post


the point is that my application is heavily crashes and seeing this httpd is working and I cannot stop the same


need some idea to stop the httpd, timeutil, with studentd as in my MacBook Air causing lots of issues with high processor running etc..


actually today when I wanted to write the same after login to apple community web portal it actually log itself out and two times I was suppose to give the password to login


showing clearly my MacBook Air is been HACKED


now how to make my mack work for me and remove these hackers.


eagerly waiting for some suggestion or solution.


thank you all for listening

nikhil

Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Nov 16, 2022 4:42 AM in response to kbnikhil

odutil show users, why open dirctory has so many users ??


Local Users:




UUID                                 UID Username  Admin Auth Authorities Disabled PW Field 


------------------------------------ --- --------- ----- ---------------- -------- -------- 


1375B72C-D83E-46AF-99D4-77EFB4AFE194 502 (private) Y     SH, ST, K        (none)   ******** 


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000 0   (private) Y     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000001 1   (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000004 4   (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000000D 13  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000018 24  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000019 25  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000001A 26  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000001B 27  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000001F 31  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000020 32  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000021 33  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000036 54  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000037 55  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000038 56  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000003B 59  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000003C 60  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000041 65  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000043 67  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000046 70  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000047 71  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000048 72  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000049 73  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004A 74  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004B 75  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004C 76  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004D 77  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004E 78  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004F 79  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000052 82  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000053 83  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000054 84  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000057 87  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000058 88  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000059 89  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000005B 91  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000005C 92  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000005D 93  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000005E 94  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000005F 95  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000060 96  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000061 97  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000062 98  (private) N     (none)           (none)   *        


FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000063 99  (private) N     (none)           (none)   *        



Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Nov 22, 2022 4:13 AM in response to jeffreythefrog

Thank you Jerrythefrog, and Apple support Community.


I will definitely try your EtreCheck and let you know what happened. In a week time.


I also tried launchctl unload on system Library daemon with agent as fallow.


unloadsyslibdaemon.sh

The above is the shell script to shutdown some startup Application,


The error message


Unloaderror.txt


The thing is majority of the unwanted startup Application like studentd, httpd ssh, etc.. nothing getting unloaded.


I have tried even with sudo command with not mutch help.


I have also scanned for any malware, viruses, Spyware, from two Anti-virus product like COMODO Client, with Bit defender with no infection at all.


But continued Application failure like textedit Application, Safari Application failure.


I don't know it just keep crashing all Application.


Hopefully it is caused by HACKED incident or Hacking issues.


Httpd is not stopping why?. Even Startup Applications can't get unload from Even with sudo command.


Eagerly waiting for your reply, or some suggestions


Nikhil,



Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Nov 28, 2022 4:28 AM in response to John Galt

Hi Jeffrey the frog and John Galt


Thank you for reading my post and provide some support.


I have fallow your advice to install and run EtreCheck as shared in the screenshot



Scooped book mark issue, is always there.



I have installed EtreCheck



I have allowed it to run






I have asked EtreCheck to find errors



It has found issues


Nikhil’s MacBook Air 2022-11-27


Thank you

Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Nov 28, 2022 5:06 AM in response to John Galt

Hi John Galt


I will uninstall all Anti-virus product by this week, give me time also some of the command I gathered and run are as fallow


Terminal Output text


Also EtreCheck did not provided information about "open directory" "httpd " and " webkit" "studentd "


Also as you can see number of user Accounts looking like increased.


Thank you for your continued support.


Nikhil

Reply
User profile for user: kbnikhil
kbnikhil Author
User level: Level 1
9 points

Jan 11, 2023 4:46 AM in response to IdrisSeabright

Hi John Galt & Idris Seabright


Thank you for supporting me, with the best possible solution.


Yes as per all your support and steps, I have not done anything else, but basic install of MacOS Marvicks and Marvicks updates from Apple App Store. Even I have not logged into my icloud account.


Marvicks MacOS looking like okay.


I have run the same commands like ps aux, also launchctl list as shared below


command ps aux with launchctl list

I have changed all my user admin name to user, for privacy.


my earlier odutil etc command

Same just change my name to user, for privacy


opendirectory ldap password reset

Same just change my name to user for privacy.


Also surprised is that some "anonymous" command or program is working.


Even odutil show well working opendirectory ldap configured.


I have not installed any other program or Application even the Xcitium MDM Client, Norton 360 or Bitdefender etc..


I have tried to get in touch with apple support which isn't working due to security issues.


Thank you once again


Nikhil


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

My Mac Book Air is Been Hacked - 0

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up