I think I may have a keystroke logger on my computer. Would a simple system reinstall take care of it, or do I need to wipe the drive an start all over? Is there an easy way to detect for sure if I have one?
It's a third party application, not part of OS X. You can download it from here:
Thank you. If I'm concerned about key loggers being embedded into my MacBook Pro, is it a good idea to take it into one of the stores to have my software reinstalled? I was told that this wipes it out but then again, if I use my Time Machine backup, wouldn't I be reinstalling the malware?
Not sure what is the best way to go about this problem. I see lots of tips here about locating key loggers but they either don't seem to apply to snow leopard or I'm just not doling it right.
The only difference in the instructions I posted for Snow Leopard is that the User library isn't hidden (so you can ignore those bits about holding down the option key in the 'Go' menu of Finder).
Instead, to find the user Library, just click on the little house icon in Finder's sidebar (your 'home' folder), and choose the folder 'Library'.
All the other instructions remains the same.
EDIT: one other difference is that in Snow Leopard, your login items are found at
> System Preferences... Accounts | Login Items
Soft water,mi cannot find Users and Groups in my System Preferences. I am using Snow Leopard. I am the admin of this account.
See my edit above ^ 🙂
I saw lots of files with a . in front of it. Most are greyed out however.
I found this on my desktop just now. I first saw it on an SD card which was being used in a surveillance camera. I was going through the videos on the SD card last night and these files sort of ended up on my hard drive. Now I'm not even able to trash it. Do these look suspicious?
.dbfseventsd
.DS_Store
.file
.fseventsd
.hotfiles.btree
.Spotlight-V100
.Trashes
.vol
It also looks like now there is a Mac HD within another Mac HD. Additional files I'm seeing are:
net
Network
private:
etc:
6to4.conf
AFP.conf
afpovertcp.cfg
aliases
aliases.db
amavisd.conf
apache2
asl.conf
authorization
authorization~previous
auto_home
auto_master
autofs.conf
bashrc
com.apple.screensharing.agent.launchd
csh.cshrc
csh.login
csh.logout
cups
defaults
dnsextd.conf
efax.rc
find.codes
fstab.hd
ftpd.conf
ftpusers
gettytab
group
hostconfig
hosts
hosts.equiv
irbrc
kern_loader.conf
krb5.keytab
localtime
locate.rc
mach_init_per_login_session.d
mach_init_per_user.d
mach_init.d
mail.rc
man.conf
manpaths
manpaths.d
master.passwd
memberd.conf
moduli
named.conf
nanorc
networks
newsyslog.conf
newsyslog.d
notify.conf
ntp-restrict.conf
ntp.conf
openldap
pam.d
passwd
paths
paths.d
pear.conf
pear.conf-previous
periodic
php.ini.default
php.ini.default-5.2-previous
postfix
ppp
profile
protocols
racoon
rc.common
rc.netboot
resolv.conf
rmtab
rpc
rtadvd.conf
security
services
shells
smb.conf
smb.conf.old
smb.conf.template
snmp
ssh_config
sshd_config
sudoers
syslog.conf
ttys
xgrid
xtab
zshenv
There are also:
sbin
usr
var
Volumes
tftpboot
tmp
No. Those are part of your system. Honestly, if you're not familiar with the system files and what should be on your computer, I suggest you stop poking around; it's likely you're going to do more harm than good.
If you're really worried about a keylogger, the best advice I can give you is take your mac to a store and have it looked at by someone who knows what they're doing.
I took the comp to the Genius Bar and the technician went into my Terminal history and saw that someone had embedded codes that made these system files visible. Then he said the person tried to make these files invisible again but mistyped the command. The tech said the only way for these commands to get into Terminal is if they had physical access to the computer or if they were doing screen sharing with me.
If what the tech said is true, it sounds like someone got into my computer while I was away.
The other possibility is that those are your own attempts to reveal and hide the hidden files to search for your suspected keylogger files.
That's crazy. First of all, I wouldn't begin to know how to reveal and hide those files. Second of all, I don't even know about Terminal and what it does and what the purpose of hiding and revealing those files would do. And lastly, you'll notice that I first came into these forums I looking to see why those files were showing up on my HD. And as I recall, you scolded me for not knowing what I was doing and to stop poking around.
If I was so clueless where would I have the sense to go into that programs and embed those strange comments, then come here looking for help?
soondoboo if you need help and don't know where to begin please start a new discussion in the area appropriate for your OS X version:
Much more information is required to begin addressing your concern, starting with the version of OS X you are using. Determine that by clicking the (Apple menu) > About This Mac.
There is nothing wrong with the information in this thread but you won't get the attention you need by tacking on to a Discussion that has not only been solved, but well over a year old.
Earlier you posted a question about removing malware from your Mac. That's not the right way to approach a question regarding keylogger software. There are commercial programs that allegedly identify keyloggers, but they are only capable of searching for specific products, they aren't free, and aren't likely to be satisfactory.
Start a new Discussion with your specific concern. Include your system details and the reasons you believe a keylogger is installed. Thanks.
Actually, I wasn't "scalding" you, i was just trying to urgently stop you breaking your system, which it sounded like you might do from the questions you were asking.
You clearly have access to hidden files from some of the file lists you posted earlier, and I posted instructions earlier in this thread on how to show/hide hidden files which I presumed you'd followed (or tried to follow).
No one here is trying to do anything other than get to the bottom of your problem for you. But we have only what you say to go on, and quite a bit of what you're saying sounds a bit confused. It's not a criticism, it's just an observation from someone who's being doing mac troubleshooting for a long time.
On that note, I'll end by endorsing John Galt's message above. Start a new thread - there's no need to reference this one which may cause more confusion than help, and describe your problem from the beginning with as much technical details as you can.
Keylogger Elimination
