Previous 1 3 4 5 6 7 Next 121 Replies Latest reply: Mar 1, 2016 7:41 AM by Jamesalexander88 Go to original post
  • MadMacs0 Level 5 Level 5

    tololo wrote:

     

    Please if you read this could you please help me too?? I also have the same problem

    Note that the last three or four users who tried to jump on have not been assisted by anybody that knows much about this, so I suspect they are no longer monitoring this thread. You'd probably get better results by starting with a new subject and describe exactly what symptoms you are observing along with the Mac model and OS X version you are using.

  • Linc Davis Level 10 Level 10
    expertise.applications
    Applications

    My attention was called to this thread, which I had stopped reading more than a year ago. I'm only commenting on it now because I'm saddened by this outpouring of agony.

     

    I answer a few questions on this site, but only as many as I have time for, and only the ones I choose. I cannot and do not take requests.

     

    Another thing I can't do is computer forensics; that is, the investigation of criminal tampering with a computer. The most that I could do is rule in or out the presence of one of the commercial keylogging products that I happen to know of. Those products are not designed for illegal wiretapping. They're designed to lawfully monitor the activities of employees or children. My knowledge of the subject is far from complete, and in any case, it would be quite easy for a sophisticated attacker with access to the computer to install a keylogger that I couldn't detect by the means at my disposal here. If I were going to install a keylogger on someone's computer, I could, and would, do it in a way that wouldn't be so easily detectable.

     

    Even a complete forensic analysis wouldn't rule out the presence of a hardware keylogger, which is a small, inconspicuous device that needs no software in order to operate. It could, for example, be hidden inside an ordinary-looking USB cable. Even an expert might not be able to find such a device.

     

    A motivated attacker could take even more extreme measures, by planting listening devices in the victim's home or car.

     

    Wiretapping is a crime. Please, ladies -- as most of you seem to be -- if you think you're a victim of that crime, look to a lawyer, a support group, or the police for help. Don't look to a stranger on a public message board. Anyone who's willing to take the risk of prosecution to tamper with your computer may be willing to take other risks, too. Be safe.

  • tololo Level 1 Level 1

    Thank  you so much for replying and I completely understand what you are saying...could you please help me rule out the presence of the commercial keylogging you may happen to know of? Iam pretty sure the person I am talking about is very savvy but I am somehow betting that he may be betting on my ignorance to go undetected with something very simple...please.

     

    Once I have something to base it on I can move forward but right now I am empty handed and have nothing but my suspicions and this has gotten me nowhere when seeking help. I have to start my own investigation for now and this is my beginning. I understand the risk of this but I really have no other choice for now.

  • Linc Davis Level 10 Level 10
    expertise.applications
    Applications

    The right way to use this site is first to search for answered questions similar to yours (which you must already have done), and if you don't find a solution that way, to start your own thread. Almost any reasonable question will get some kind of response, though not always a useful one.

  • tololo Level 1 Level 1

    Thank you

  • salscopis Level 1 Level 1

    Hi Linc and everyone.

     

    Wondering if you could help me decipher if there's something on my computer too, please.

     

    Thanks very much

     

     

    Step 1:

     

    com.digidesign.iokit.DigiDal (10.0f56)

    com.RME.driver.FirefaceAudioDriver (3.06)

    com.paceap.kext.pacesupport.snowleopard (5.9)

    com.caiaq.driver.NIUSBMaschineControllerDriver (2.5.2)

     

    Step 2:

    org.samba.smbd

    org.samba.nmbd

    com.paceap.pacesupport

    com.paceap.eden.licensed

    com.digidesign.fwfamily.helper

    com.adobe.fpsaud

     

    Step 3

    de.rme-audio.hdspAgent

    de.rme-audio.firefaceUSBAgent

    de.rme-audio.firefaceAgent

    com.google.keystone.user.agent

     

    step 4

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    AFnd.framework

    CFnd.framework

    DAE.framework

    DFW.framework

    DHS.framework

    DSI.framework

    DSPManager.framework

    DUI.framework

    DigiPlatformSupport.framework

    DigiStreamManager.framework

    DigidesignFWDriver.framework

    DirectIO.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    SonicBirth.framework

    TSLicense.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    JavaAppletPlugin.plugin

    NP-PPC-Dir-Shockwave

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    flashplayer.xpt

    iLok Client Helper Plugin

    iLokClientHelper.plugin

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    de.rme-audio.firefaceAgent.plist

    de.rme-audio.firefaceUSBAgent.plist

    de.rme-audio.hdspAgent.plist

     

    /Library/LaunchDaemons:

    PACESupport.plist

    com.adobe.fpsaud.plist

    com.digidesign.fwfamily.helper.plist

    com.paceap.eden.licensed.plist

     

    /Library/PreferencePanes:

    DigidesignFireWireAudio.prefPane

    DigidesignMbox2.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    NIUSBAudio.prefPane

     

    /Library/PrivilegedHelperTools:

    Google Drive Icon Helper

    licenseDaemon.app

     

    /Library/QuickLook:

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

     

    /Library/Spotlight:

    AppleWorks.mdimporter

    Microsoft Office.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    Digidesign Mbox 2

    DigidesignLoader

     

    /etc/mach_init.d:

    dashboardadvisoryd.plist

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

     

    Library/Fonts:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.google.keystone.agent.plist

     

    Library/PreferencePanes:

    .FA686BFF5186C9DDF6D8

    .U9HSPVH6XNHB

    .VAOC8YCKM1X4

     

    Step 5

    iTunesHelper, Dropbox, NIHardwareAgent

  • MadMacs0 Level 5 Level 5

    salscopis wrote:

     

    Hi Linc and everyone.

     

    Wondering if you could help me decipher if there's something on my computer too, please.

    As Linc just told the last user:

    The right way to use this site is first to search for answered questions similar to yours (which you must already have done), and if you don't find a solution that way, to start your own thread.
    He is not monitoring this ancient thread and I probably should stop as well.

  • Bronwy Level 1 Level 1

    I am unable to carry out this search to finding the spyware. After I input this information into my terminal, when I get to the point of inputing my password it will not let me type it or anything else. My password works everywhere else needed on my computer, but not the terminal after I have copied and pasted the information listed above. I am hoping to ascertain the type of sypware on my computer. I know for a fact that it is there and it has created havock in my life. This person has phisical access to my computer.

     

    Is there spyware that will prevent inputing this information into the terminal?

  • stevejobsfan0123 Level 8 Level 8
    expertise.iphone
    iPhone

    Note that when you type your password into Terminal, it will not actually show up, not even as "••••." So even if you can't see anything, just type your password and press Return.

  • joandja Level 1 Level 1

    I'm hoping someone will read this and see if something fishy is going on? I did the steps provided (Which were excellently posted! Easy to understand). Just have no clue beyond that.

     

    An added note. We had someone on 8/13 make 3 fraudulent charges on our iTunes acct. We closed the acct. and only use gift cards now. In 12/13 we had another fraudulent charge from EETsac on our c.c. and had to be reissued a new credit card.

     

    Maybe someone's on our computer? Thanks.


     

    STEP 1:

    com.eltima.ElmediaPlayer.kext (1.0)

     

    STEP 2:

    com.intego.BackupAssistant.daemon

    com.eltima.ElmediaPlayer.daemon

    com.adobe.SwitchBoard

    com.adobe.fpsaud

     

    STEP 3:

    com.kodak.BonjourAgent

    com.intego.backupassistant.agent

    com.conduit.loader.Agent

    com.adobe.CS5ServiceManager

    com.yahoo.YahooContactSyncAgent

    com.nchsoftware.expressinvoice.agent

    com.kodak.KODAK

    com.kodak.KODAK

    com.kodak.KODAK

    com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9

    com.adobe.AAM.Scheduler-1.0

     

    STEP 4:

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    Adobe AIR.framework

    EWSMac.framework

    NyxAudioAnalysis.framework

    OnOneWidgets.framework

    PluginManager.framework

    TSLicense.framework

    iTunesLibrary.framework

    onOneToolbox.framework

     

    /Library/Input Methods:

     

    /Library/InputManagers:

    CTLoader

     

    /Library/Internet Plug-Ins:

    .DS_Store

    AdobePDFViewer.plugin

    Disabled Plug-Ins

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    JavaAppletPlugin.plugin

    Musicnotes.plugin

    NP-PPC-Dir-Shockwave

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Scorch.plugin

    Silverlight.plugin

    Unity Web Player.plugin

    Unused

    flashplayer.xpt

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.CS5ServiceManager.plist

    com.conduit.loader.agent.plist

    com.intego.backupassistant.agent.plist

    com.kodak.BonjourAgent.plist

     

    /Library/LaunchDaemons:

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.apple.third_party_32b_kext_logger.plist

    com.eltima.ElmediaPlayer.daemon.plist

    com.intego.BackupAssistant.daemon.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

    ct_scripting.osax

     

    /Library/Spotlight:

    AppleWorks.mdimporter

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    Intego Backup Assistant

    ProTec6b

     

    /etc/mach_init.d:

    dashboardadvisoryd.plist

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

    com.adobe.SwitchBoard.monitor.plist

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

    A BUNCH OF FONTS and this....

    encodings.dir

    fonts.dir

    fonts.list

    fonts.scale

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9.plist

    com.kodak.KODAK AiO Annual Opt.plist

    com.kodak.KODAK AiO Firmware Updater.plist

    com.kodak.KODAK AiO Software Updater.plist

    com.nchsoftware.expressinvoice.agent.plist

    com.yahoo.YahooContactSyncAgent.plist

     

    Library/PreferencePanes:

    .DS_Store

     

    Library/QuickTime:

     

    STEP 5:

    Safari, Dropbox

  • John Galt Level 8 Level 8

    joandja as has already been noted numerous times in this ancient thread you need to start your own Discussion. It's only by chance that I happened to read this one. Most of its qualified participants may no longer be subscribed to it.

     

    The Conduit Community Toolbar spyware is installed on your Mac. While it alone does not explain any fraudulent account activity it is garbage you probably you do not want, and you will require specific instructions for getting rid of it. To ensure you do, please start your own Discussion.

     

    Start with this page:

     

    https://discussions.apple.com/community/mac_os

     

    Navigate to your OS X version, then click the "Start a Discussion" link near the upper right under Actions.

  • joandja Level 1 Level 1

    Thank you John! I had already deleted Conduit Community Toolbar but only for the reason I was irked it came up each time Safari was up. After doing a bit more research it looks like I should remove a few more files.

  • edsonyazejy Level 1 Level 1

    Hello,

     

    I'm having the same problem, can anyone help me and see if I have any keylogger or spyware in my computer?

     

    Last login: Fri Feb 14 00:19:23 on ttys000

    edsons-mbp:~ edsonyazejy$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    com.manycamllc.driver.ManyCamDriver (0.0.9)

    edsons-mbp:~ edsonyazejy$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    com.teamviewer.service

    com.parallels.mobile.kextloader.launchdaemon

    com.parallels.mobile.dispatcher.launchdaemon

    com.oracle.java.Helper-Tool

    com.microsoft.office.licensing.helper

    com.adobe.fpsaud

    edsons-mbp:~ edsonyazejy$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.microsoft.Excel.27840

    com.adobe.Reader.23440

    com.wondershare.helper_compact.63568

    com.nike.nikeplusconnect

    com.parallels.mobile.startgui.launchagent

    com.goacemjobhmmbdlbbfjgifjcojdfnjfm.updater

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

    edsons-mbp:~ edsonyazejy$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    EWSMac.framework

    NyxAudioAnalysis.framework

    OSXFUSE.framework

    PluginManager.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    Default Browser.plugin

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.nike.nikeplusconnect.plist

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.microsoft.office.licensing.helper.plist

    com.oracle.java.Helper-Tool.plist

    com.parallels.mobile.dispatcher.launchdaemon.plist

    com.parallels.mobile.kextloader.launchdaemon.plist

    com.teamviewer.teamviewer_service.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    JavaControlPanel.prefPane

    OSXFUSE.prefPane

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleAVCIntraCodec.component

    AppleHDVCodec.component

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    AppleProResCodec.component

    DVCPROHDCodec.component

    FCP Uncompressed 422.component

    IMXCodec.component

    ManyCamVDig_RGB.component

    ManyCamVDig_YCbCr.component

     

    /Library/ScriptingAdditions:

    Ignitor.osax

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    .DS_Store

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

    HARRP___.TTF

    HPOTTER.TTF

    LUMOS.TTF

    MagicSchoolOne.ttf

    MagicSchoolTwo.ttf

     

    Library/Frameworks:

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    .DS_Store

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.goacemjobhmmbdlbbfjgifjcojdfnjfm.updater.plist

    com.parallels.mobile.startgui.launchagent.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    .localized

    edsons-mbp:~ edsonyazejy$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, SmartDaemon, Dropbox, AdobeResourceSynchronizer, Wondershare Helper Compact

    edsons-mbp:~ edsonyazejy$

     

     

    THANK YOU

  • rickbeacham Level 1 Level 1

    Re-install Mac OS X if you feel someone has backdoor access. It will be easier to reinstall the OS. And you can't be certian what services are legit or have backdoors themselves..   Backup all personal data then Delete the OS and Re-install.  Run Little Snitch and keep up with outgoing connections for a little while.  Install a virus scanner and scan your fresh install of Mac OS X. 

  • John Galt Level 8 Level 8

    rickbeacham wrote:

     

    Re-install Mac OS X if you feel someone has backdoor access. It will be easier to reinstall the OS.

     

    That will do nothing to remove a keylogger.

     

    Install a virus scanner and scan your fresh install of Mac OS X.

     

    If one suspects a keylogger or other malware has been installed but does not know how to go about eliminating it, a complete system erasure followed by installing OS X and one's essential software will eliminate all doubt. Keyloggers aren't viruses and there is no product that can possibly detect every variant of one that may exist. Installing a "virus scanner" will do nothing beneficial and is far more likely to cause unrelated problems.

Previous 1 3 4 5 6 7 Next