You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

My Mac Book Air is Been Hacked - 0

Hi Respected Sir / Madam


I have lots of unresolved issue on my MacBook Air, which I have shared in the Apple Support Community by name kbnikhil as I have shared below screen shots




as I could see that Mac OS were getting heavily unstable and not working for me.


even I had a reinstall of MacOS Catelina from Apple Authorised Service Centre Imagine Store at Bangalore India, in the month of April 2022


even then seen high crashes were seen on applications like Text Editors, Face Time, High Encryption was seen on iMessages as I was reporting from almost a year now, it is not getting resolved, Antivirus Programs are not revealing any malware, virus, spyware, bloatware etc..,

But Operating System Gets Updated regularly, .


then I recently came across the below website which suggest there may be a Hacking going on my macOS Catalina.


https://macmyths.com/how-to-tell-if-someone-is-remotely-accessing-your-mac/


I had fallow all there steps, as flows


on System Preferences, Sharing Folder I did not find Screen Sharing Enabled so went on to next steps as fallows


Verify If New User Accounts Have Been Added


Fallowing Command Executed in Terminal


dscl . list /Users | grep -v '^_'


Out Put of the command as fallows


daemon

MyUserAccount

nobody

root


It Looks Normal


Check Which Programs Have Access To Camera And Mic


Fallowing Command Executed in Terminal


lsof | grep -i "AppleCamera"


No OutPut


Logs from /var/logs


Check The Logs For Possible Access Issues

found some things





WebKit Used to sharing was having to see getting sigkill,


also FsckAps Logs showing many disk present



also Failed iBooks Application



Also Failed Photos Application



And Other Applications


Also found Some BloatWare like Studentd Application



After All the Above things and Many Reinstalls still facing lots and lots of Application Failure, OverHeat, Network issues, Apple Store Issues and Many more etc..


So As per the

Al "MacMyths Autor"

Hi, I am Al. I've been working with computers for more than 20 years and I am passionate about Apple products.


is my macBook Catalina Os is Hacked If Yes how to tell, and get rid of these Hackers from my system


Eagerly waiting for some answer or some solution


thank you for listening hopefully I will get faster solution to it

thank you All


K B Nikhil


Posted on Oct 26, 2022 3:13 AM

Reply

Similar questions

22 replies

Jan 11, 2023 4:46 AM in response to IdrisSeabright

Hi John Galt & Idris Seabright


Thank you for supporting me, with the best possible solution.


Yes as per all your support and steps, I have not done anything else, but basic install of MacOS Marvicks and Marvicks updates from Apple App Store. Even I have not logged into my icloud account.


Marvicks MacOS looking like okay.


I have run the same commands like ps aux, also launchctl list as shared below


I have changed all my user admin name to user, for privacy.


Same just change my name to user, for privacy


Same just change my name to user for privacy.


Also surprised is that some "anonymous" command or program is working.


Even odutil show well working opendirectory ldap configured.


I have not installed any other program or Application even the Xcitium MDM Client, Norton 360 or Bitdefender etc..


I have tried to get in touch with apple support which isn't working due to security issues.


Thank you once again


Nikhil


Oct 29, 2022 6:28 AM in response to kbnikhil

hi All, and jefferythefrog


I do not Know wether it is any antivirus or some Malware or spyware causing all the **** of failures.


I went through Googling asking questions etc.. to online communities like apple support communities, ESET Communities.


also went through some books to find out why I have unknown issues like Network Related, Over Battery Drain, TMB Back up highly encrypted keychain, issue, Mac OS Mavericks, Over download no install issues etc..


and after that I started to get some commands as fallows and its output now I have to figure it out what they mean and how to rectify if needed so my MacOS responds properly to me,


even tried Mac OS Catalina installed by Apple Authorise Imagine service Centre, in the month of April 2022 Started to provide issues, with in weeks. ??


Hopefully it would resolved some day,


some of the commands that I executed over the Terminal





some of the terminal command but still I face app failures like iBook and Photos

even after giving full disk access to the iBook etc..

as shared in the screen shot



Also Bloatware like studentd etc.. are getting blocked by Norton 360 but it is a bloatware as shared in the screen shot



as posted in website "https://apple.stackexchange.com/questions/429638/how-can-i-disable-the-studentd-process"



I am unable to understand so many Launch Agents with Daemons also lot many bloat ware are running, or may be a hacker issue causing all the related troubles.


I am hoping some Answers to all the heavy battery drain, unexpected missing of files even the logs were seen to be missing and ESET high network issue as reported,


I do hope I get to know how to get rid of hackers from my Apple Mac OS Catalina .


thank you for listening hope for some support and solution


thank you all

Nikhil


Nov 28, 2022 4:28 AM in response to John Galt

Hi Jeffrey the frog and John Galt


Thank you for reading my post and provide some support.


I have fallow your advice to install and run EtreCheck as shared in the screenshot



Scooped book mark issue, is always there.



I have installed EtreCheck



I have allowed it to run






I have asked EtreCheck to find errors



It has found issues



Thank you

Jan 26, 2023 5:53 AM in response to kbnikhil

Further on I had run command odutil show all as fallow



And I tried to install Mojave and Catalina as fallowing screenshots.



PG 00



PG 01


PG 02



PG 03



I don't know why it's not working,


Any way I will try once more by formatting, which remain 221MB of some files I don't know what it is I will get the photos of it, and then I will reload the time machine backup.


But if you have better suggestions I am all waiting,


If it fail I will take to iCare imagine Apple Authorized service center for re-install.


Thank you all for continued support and reading my post.


Eagerly waiting for solution.


Thank you once again.


Nikhil

Jan 30, 2023 1:56 AM in response to kbnikhil

Hi Apple community Support Team


Thank you for going through my post.


As said I am sharing Log created when install Sieera on top of Marvicks.





The Screen shot showing Keychain with Directory Utility.



PG00



PG01



PG02



PG03



PG04



PG05



PG06



PG07



PG08



PG09



PG10



PG11


PG 12



System and install logs as fallows, Thank you for reading and suggestions.



Nov 16, 2022 6:35 AM in response to kbnikhil

well, first off, have you uninstalled whatever antivirus app you earlier used to run your scans?


and second, i'm thinking you should download and run the free version of EtreCheck so we can see if you have some software installed that is causing your issue. make sure you give "full disk access" to etrecheck. Learn how to use it by reading Using EtreCheck. if you need help interpreting the report, you can see how to post the report here by reading How to use the Add Text Feature When Posting Large Amounts of Text, i.e. an Etrecheck Report. and it automatically obscures sensitive things (like serial numbers) so you don't have to worry about sharing the report here.

Nov 22, 2022 4:13 AM in response to jeffreythefrog

Thank you Jerrythefrog, and Apple support Community.


I will definitely try your EtreCheck and let you know what happened. In a week time.


I also tried launchctl unload on system Library daemon with agent as fallow.


The above is the shell script to shutdown some startup Application,


The error message



The thing is majority of the unwanted startup Application like studentd, httpd ssh, etc.. nothing getting unloaded.


I have tried even with sudo command with not mutch help.


I have also scanned for any malware, viruses, Spyware, from two Anti-virus product like COMODO Client, with Bit defender with no infection at all.


But continued Application failure like textedit Application, Safari Application failure.


I don't know it just keep crashing all Application.


Hopefully it is caused by HACKED incident or Hacking issues.


Httpd is not stopping why?. Even Startup Applications can't get unload from Even with sudo command.


Eagerly waiting for your reply, or some suggestions


Nikhil,



Nov 28, 2022 5:06 AM in response to John Galt

Hi John Galt


I will uninstall all Anti-virus product by this week, give me time also some of the command I gathered and run are as fallow



Also EtreCheck did not provided information about "open directory" "httpd " and " webkit" "studentd "


Also as you can see number of user Accounts looking like increased.


Thank you for your continued support.


Nikhil

Nov 28, 2022 5:25 AM in response to kbnikhil

The point is that Mac has been riddled with so much non-Apple "anti-virus" junk that it cannot possibly function normally. Even worse, Apple's built-in defenses intentionally have been disabled. It is a candidate for a complete erasure to its factory default settings. I recommend you do that. Follow these instructions: What to do before you sell, give away, or trade in your Mac - Apple Support.


When reconfiguring is as new, do not reinstall the junk. Rule 1 of Macs is don't install junk.


EtreCheck did not provided information about "open directory" "httpd " and " webkit" "studentd "


Those are normal macOS components. There is no information for EtreCheck to provide.

Jan 4, 2023 8:04 AM in response to kbnikhil

kbnikhil wrote:
Then I went and reinstall Default MacOS Marvicks


Stop there. At that point, do nothing else other than to upgrade to the macOS version you desire. Nothing else is relevant, unless you need additional help upgrading from Mavericks. Install nothing, do nothing. Just upgrade macOS according to Upgrade to macOS Ventura - Official Apple Support. If that Mac is not eligible for macOS "Ventura," you might be able to install an earlier version of macOS instead. Please back if you need help with that.


Eagerly waiting for simple solution.


If the solution is not erasing and reinstalling macOS (which you appear to have successfully accomplished) what solution are you seeking?

Jan 11, 2023 9:34 AM in response to kbnikhil

Hi Nikhil, the information you provided contains no evidence of malicious interference. If that Mac is working the way you expect then there is no reason for concern. Upgrade macOS if you wish: Upgrade to macOS Ventura - Official Apple Support.


If that Mac is not eligible for Ventura or if you prefer to stop at "Catalina", follow these instructions instead: How to download macOS - Apple Support. You may need to install an intermediate version of macOS first, so write back if you need help with that.


Enjoy your Mac.

Jan 30, 2023 2:19 AM in response to kbnikhil

The logs



Install logs are very huge for adding over a Samsung tablet. May be other system I can add it.


Might help me resolving my issues with continued crashes of all Application including text editor as shared in earlier post.


Thank you for your patience and continued support.

Nikhil.

Jan 3, 2023 10:55 PM in response to John Galt

Hi Apple community Support,


Thank you all for continued support.


As per the Discussion I went on erase and reinstall macOS as fallows



Catalina Reinstall had issues. With install media.



Reformat show present of 32MB files.



Low-level formatting showing 221MB present.



Formatting to APFS files


Present of 125mb other volumes.


Also I have taken some macOS Recovery Utility, terminal command



Above is ps aux Command


Below 3 photo. Of launchctl list command.



Page 02



Page 03



Then I went and reinstall Default MacOS Marvicks



Second step in install of MacOS Marvicks



After successful MacOS Marvicks install


Fallow command ps aux showing anonymous, is running.



Thunderbolt network system auto configured.



All commands like odutil etc.. still well configured result


Eagerly waiting for simple solution.


Thank you all for listening and continued support.


Thank you.

Jan 26, 2023 5:42 AM in response to John Galt

Hi John Galt, Apple community Support team.


Thank you for your suggestion and solutions


I tried to install Mojave and Catalina Mac OS after install of MacOS Marvicks


Also tried to remove majority of unwanted Open directory Utility Application content as fallowing screenshots.



PG 00



PG 01



PG 02



PG 03



PG 04



PG 05



PG 06



PG07



PG 08



PG 09



PG 10



Keeping only Above PG 11, rest of the record from PG 00 to PG 06 Removed, causing me to lose admin control of my MacBook Air , also the Master password also not working correctly.


PG 07 TO PG 10 I CAN'T ALTER OR DO ANYTHING.


FURTHER MORE.



Finding error with Thunderbolt network, I don't understand why ?


Further I tried to install Mojave and Catalina as shared in the next screenshots.


Thank you for reading

Jan 28, 2023 3:24 AM in response to kbnikhil

Hi Everyone Thank you for reading my post,


Thank you John Galt and others, I could finally get MacOS Sierra install over Marvicks,


But 221MB still existing as shared in below screenshots.



PG00



PG01



PG02



PG03



PG04



PG05



PG06



PG 07



PG08



PG 09



PG 10



PG 11



PG 12



PG13



PG 14



PG15



PG 16



PG 17



PG 18


MacOS Sierra is successfully installed, next post I will share the logs of install stages.


Thank you for your continued support.

Nikhil

My Mac Book Air is Been Hacked - 0

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.