How to detect Spyware or keylogger under Snow Leopard?

Alexander Ilin wrote:
It looks like somebody is useing spyware or keylogger on my MacBook Pro.

Welcome to Apple's discussion groups.

Why do you think so?

How can I detect the process and delete the spy application?

I'd launch the Activity Monitor utility, then set the list at the top to "All Processes". You'll now see a list of everything running on your Mac. At this point it might or might not be easy to identify which process(es) belong to a keylogger.

Could it also be done via browser Firefox or Safari?

Those browsers do have "extensions" that could behave that way.

Note that there is not much malware for the Mac... see my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>. So it's very unlikely that you've got some kind of spyware on your computer. It is also very unlikely that a hacker has gotten remote access and installed something. The only easy way for you to get malicious software on your machine is for someone with physical access to install it.

As Mr. Boyd has asked, why do you believe you have spyware.

In that case, get a copy of [MacScan|http://macscan.securemac.com> and scan your hard drive. I normally consider MacScan to be ridiculous in what it scans for - a significant portion of what it identifies as "Mac malware" is just legit software that has the potential to be misused by someone with physical access. However, since that's exactly what you've got, that's probably the best tool to find anything that your "friend" might have installed.

Alexander Ilin wrote:
Hi! I am pretty much sure about that. One of my "friends" got physical access to my computer. And I know for sure he has got some info out of it. I am afraid, he has installed some type of spyware to track Skype messages and emails.

Physical access trumps all. My advice is to reinstall the OS from DVD. Reinstall all of your applications. Do not use any migration tools.

I agree with etresoft; if some "friend" had physical access to your computer, it would be very difficult for you to be certain you could find any malicious software he might have installed. Backing up your documents, erasing the drive (I would recommend doing the "zero all data" option to be absolutely certain the drive is completely erased), and reinstalling the OS is the only way you can be sure you get everything removed. When you create your new user account, use a different user name and password then you did previously.

Then don't let your "friends" have access to your system, particularly not to any user account that has administrator privileges. If a "friend" that you can't completely trust wants to use your computer, let them use a Guest account.

Regards.

The best way to back up iTunes is to drag the entire iTunes folder (the folder containing the library and XML files and the iTunes Media/Music folder) to an external hard drive. Someone else here or in the iPhoto forum should be able to advise on backing up iPhoto.

Regards.