Previous 1 4 5 6 7 8 Next 111 Replies Latest reply: Aug 14, 2015 3:27 PM by Eddie Mao Go to original post
  • rickbeacham Level 1 Level 1 (0 points)

     

     

    If one suspects a keylogger or other malware has been installed but does not know how to go about eliminating it, a complete system erasure followed by installing OS X and one's essential software will eliminate all doubt.

     

     

    That is exactly what i said.  Delete the OS and re-install.  Maybe i should have neen clearer and said "delete everything on the harddrive.. 

    Install a virus scanner and scan your fresh install of Mac OS X.

    Yes, some viruses/malware are able to save data on other partitions. Yes mac os x has its own virus protection but so does microsoft. I would then remove the virus scanner after the threat is removed or not found since they use resources and can slow down your system .I'm not sure how a virus scanner will cause problems worse then the ones they are having.  Its just eleminating a potentional attack vector.   

     

    If you are still having problems.  Install linux .  Use VMware to run linux or use a live CD or USB(safer).   Make sure its read only.  This way when making credit card payments you will be safe.

  • PlaceNarration Level 1 Level 1 (0 points)

    Hi there Linc,

     

    I too am in the same boat, and was wondering if you would so kind as to take a peek at my results and let me know if there is anything suspicious or if I have a keylogger. I followed all of your instructions, and will post the text after this short note. THANK YOU so much, if you have the time to look at it.

     

    Kindest regards,

    Crystal

     

    -

    Last login: Sat Mar 1 13:46:36 on console

    localhost:~ crystal$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    1. com.paceap.kext.pacesupport.snowleopard (5.7.2)
    2. com.digidesign.iokit.DigiDal (9.0.3f4)
    3. com.Apogee.driver.DuetFWOverideDriver (1.4.4)
    4. com.Cycling74.driver.Soundflower (1.6.2)

    localhost:~ crystal$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

    1. com.paceap.pacesupport
    2. com.spotflux.Spotflux
    3. com.paceap.eden.licensed
    4. com.hidden.daemon
    5. com.google.keystone.daemon
    6. com.duetDaemon.plist
    7. com.digidesign.fwfamily.helper
    8. com.adobe.versioncueCS4
    9. com.adobe.fpsaud

    localhost:~ crystal$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    1. com.google.keystone.system.agent
    2. com.frontierdesign.tranzport.daemon
    3. com.adobe.CS4ServiceManager
    4. com.yahoo.YahooContactSyncAgent
    5. com.nchsoftware.reflect.agent
    6. com.divx.agent.postinstall
    7. com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9
    8. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

    localhost:~ crystal$

    localhost:~ crystal$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    1. AECore.framework
    2. AFnd.framework

    Adobe AIR.framework

    1. ArcCon.framework
    2. CFnd.framework
    3. Compressor.framework
    4. DAE.framework
    5. DFW.framework
    6. DHS.framework
    7. DSI.framework
    8. DSPManager.framework
    9. DSPPublishing.framework
    10. DUI.framework
    11. DigiPlatformSupport.framework
    12. DigiStreamManager.framework
    13. DigidesignFWDriver.framework
    14. DirectIO.framework

    DivX Toolkit.framework

    1. FxPlug.framework
    2. MediaServerAPI.framework
    3. Motion.framework
    4. NyxAudioAnalysis.framework
    5. PluginManager.framework
    6. ProFX.framework
    7. ProMetadataSupport.framework
    8. Qmaster.framework
    9. TSLicense.framework
    10. XSKey.framework
    11. iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    1. AdobePDFViewer.plugin
    2. AdobePDFViewerNPAPI.plugin

    AmazonMP3DownloaderPlugin.plugin

    1. DivXBrowserPlugin.plugin

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    Google Earth Web Plug-in.plugin

    1. JavaAppletPlugin.plugin

    NP-PPC-Dir-Shockwave

    • OVSHelper.plugin
    • OfficeLiveBrowserPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    1. Silverlight.plugin
    2. flashplayer.xpt
    3. googletalkbrowserplugin.plugin
    4. iPhotoPhotocast.plugin
    5. npContributeMac.bundle

    npgtpo3dautoplugin.plugin

    1. nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

    /Library/Internet Plug-Ins (Disabled):

    Flash Player.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    1. com.adobe.CS4ServiceManager.plist
    2. com.frontierdesign.tranzport.daemon.plist
    3. com.google.keystone.agent.plist

     

    /Library/LaunchDaemons:

    1. PACESupport.plist
    2. com.DuetDaemon.plist
    3. com.adobe.fpsaud.plist
    4. com.adobe.versioncueCS4.plist
    5. com.apple.aelwriter.plist
    6. com.apple.qmaster.qmasterd.plist
    7. com.apple.third_party_32b_kext_logger.plist
    8. com.digidesign.fwfamily.helper.plist
    9. com.google.keystone.daemon.plist
    10. com.hidden.daemon.plist
    11. com.paceap.eden.licensed.plist
    12. com.spotflux.Spotflux.plist

     

    /Library/PreferencePanes:

    Apple Qmaster.prefPane

    1. DivX.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    1. Growl.prefPane

    VersionCueCS4.prefPane

     

    /Library/PrivilegedHelperTools:

    1. com.spotflux.Spotflux
    2. licenseDaemon.app

     

    /Library/QuickLook:

    1. GBQLGenerator.qlgenerator
    2. iWork.qlgenerator

     

    /Library/QuickTime:

    1. AppleAVCIntraCodec.component
    2. AppleHDVCodec.component
    3. AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    1. AppleProResCodec.component
    2. DVCPROHDCodec.component
    3. DVCPROHDMuxer.component
    4. DVCPROHDVideoDigitizer.component
    5. DVCPROHDVideoOutput.component
    6. DVCPROHDVideoOutputClock.component
    7. DVCPROHDVideoOutputCodec.component
    8. DesktopVideoOut.component

    DivX Decoder.component

    DivX Encoder.component

    FCP Uncompressed 422.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

    1. IMXCodec.component
    2. LiveType.component
    3. Motion.component
    4. PanasonicAVCCAMImporter.component
    5. SoundboothScoreCodec.component
    6. iChatTheaterPreview.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    1. AppleWorks.mdimporter
    2. GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    1. iWork.mdimporter

     

    /Library/StartupItems:

    DigidesignLoader

    PACESupport

     

    /etc/mach_init.d:

    1. dashboardadvisoryd.plist

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

    1. com.adobe.versioncueCS4.monitor.plist

     

    Library/Address Book Plug-Ins:

    AdiumAddressBookAction_AIM.scpt

    AdiumAddressBookAction_ICQ.scpt

    AdiumAddressBookAction_Jabber.scpt

    AdiumAddressBookAction_MSN.scpt

    AdiumAddressBookAction_SMS.scpt

    AdiumAddressBookAction_Yahoo.scpt

    1. SkypeABDialer.bundle
    2. SkypeABSMS.bundle

     

    Library/Fonts:

    Belwe_Mono_Plain.ttf

    Caviar Dreams Bold.ttf

    1. CaviarDreams.ttf

    CaviarDreams_BoldItalic.ttf

    CaviarDreams_Italic.ttf

    WendyLPStd-Medium.otf

     

    Library/Frameworks:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    Aspera Web 3.1.2.72265.plugin

    BrowserPlus_2.9.8.plugin

    1. CitrixOnlineWebDeploymentPlugin.plugin
    • OctoshapeWeb.plugin

    fbplugin_1_0_3.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    1. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
    2. com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9.plist
    3. com.divx.agent.postinstall.plist
    4. com.nchsoftware.reflect.agent.plist
    5. com.yahoo.YahooContactSyncAgent.plist

     

    Library/PreferencePanes:

    .2Q42TU49FV7VSGGC

    .localized

    1. BrowserPlusPrefs.prefPane
    2. Growl.prefPane
    3. MusicManager.prefPane

    localhost:~ crystal$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    TomTomHOMERunner, Jumpcut, Music Manager, BitTorrent, Dropbox, ConnectService, DuetPopUp

    localhost:~ crystal$

  • Maxformal Level 1 Level 1 (0 points)

    Can someone check mine out too please?  I don't know too awful much about computers, but I ran the steps and here's what I came up with:

     

    Password:

    Sorry, try again.

    Password:

    com.mcafee.virusscan.fmpd

    com.mcafee.ssm.ScanManager

    com.adobe.fpsaud

    -macbook-pro-2:~ Max$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    jp.co.canon.cijscannerregister.4784

    com.adobe.PDApp.AAMUpdatesNotifier.44208.0F49F9FA-2C85-455B-94D3-F0A2E74EE2A9

    com.skype.skype.16752

    com.hp.productresearch.5312

    com.thursby.pkard.tokendagent

    com.mcafee.reporter

    com.mcafee.menulet

    com.hp.help.tocgenerator

    com.google.keystone.user.agent

    com.adobe.AAM.Scheduler-1.0

    macbook-pro-2:~ Max$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AVEngine.framework

    AudioMixEngine.framework

    HPSmartPrint.framework

    MacFUSE.framework

    MacScanner.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    ScanBooster.framework

    Snapfish.framework

    VirusScanPreferences.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AmazonMP3DownloaderPlugin101750.plugin

    CouponPrinter-FireFox_v2.plugin

    CouponPrinter-Safari.webplugin

    Default Browser.plugin

    Flash Player.plugin

    OfficeLiveBrowserPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SiteAdvisor.plugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

    /Library/Internet Plug-Ins (Disabled):

    Flash Player.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.hp.help.tocgenerator.plist

    com.mcafee.menulet.plist

    com.mcafee.reporter.plist

    com.thursby.pkard.tokendagent.plist

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.mcafee.ssm.ScanManager.plist

    com.mcafee.virusscan.fmpd.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    MacFUSE.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleAVCIntraCodec.component

    AppleHDVCodec.component

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    AppleProResCodec.component

    DVCPROHDCodec.component

    FCP Uncompressed 422.component

    IMXCodec.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    PKard

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

    YMsgrCallABPlugin.bundle

    YMsgrMsnABPlugin.bundle

    YMsgrSmsABPlugin.bundle

    YMsgrYimABPlugin.bundle

     

    Library/Fonts:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.apple.FolderActions.enabled.plist

    com.apple.FolderActions.folders.plist

    com.google.keystone.agent.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    .localized

    -macbook-pro-2:~ Max$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    Skype, HP Product Research, HPEventHandler

    -macbook-pro-2:~ Max$

     

    It all looks good to me, but like I said I don't know too much about it.  I have a crazy ex and I want to make sure she's still not stalking me lol.  Thanks!

  • thomas_r. Level 7 Level 7 (30,540 points)

    Folks, please stop posting this output here! These are not helpful.

     

    First of all, there's really no reliable way to determine whether you have a keylogger or other remote access tool installed. A knowledgeable user may be able to identify certain specific malicious programs from this output, but if nothing suspicious is seen, that really means nothing at all. There could still be something there.

     

    Secondly, posting here is not an effective way of getting help. The knowledgeable people here are no longer responding on this topic. Linc Davis said it best here.

  • PlaceNarration Level 1 Level 1 (0 points)

    Wow, thank you for alerting us to this Thomas. It's almost hard to believe after reading the post you just shared that people STILL are specifically asking direct requests of him - *after* he just specifically asked them not to. At least in this case, we (unknowing/ignorant of the proper site ettiquette) saw someone get help on something and so asked for the same, but on the other article, the FIRST post is him explaining why he isn't responding to this one, how the site is supposed to work and what they should do to go about getting a response, should they still need one. People are either stupid or just selfish. I can't figure out which.

     

    Anyways, apologies for the faux pas, and thanks for alerting me to the proper process.

     

    Cheers,

    Crystal

  • mark00thomas Level 1 Level 1 (0 points)

    @ MadMacs0 and @andyBall_uk

     

    Thank you guys so much for the help as well as to everyone else. My ex-wife admited to putting them on my computer. I have learned many lessons thru this, and thank you all for your time and advice.

     

    Cheers

  • sbal12 Level 1 Level 1 (0 points)

    Same to me here. Don't know for sure, hope someone can help me with the output underneath, following steps 1 - 4

     

    Output after step 1:

    com.Cycling74.driver.Soundflower (1.6.6)$

     

    Output after step 2:

    org.tcpdump.chmod_bpf

    com.oracle.java.Helper-Tool

    com.adobe.fpsaud$

     

    Output after step 3:

    de.novamedia.VMCStatusMenue.10592

    com.oracle.java.Java-Updater

    com.spotify.webhelper

    com.google.keystone.user.agent

    com.divx.agent.postinstall$

     

    Output after step 4:

    /Library/Components:

     

    /Library/Extensions:

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AudioMixEngine.framework

    DivX Toolkit.framework

    NMDeviceObserver.framework

    NMGsmKit.framework

    NMNetCore.framework

    NMNetWorker.framework

    NMRegistrationCore.framework

    NMStatistics.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    gsm_device_tools.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Becon.plugin

    Default Browser.plugin

    DivXBrowserPlugin.plugin

    Flash Player.plugin

    JavaAppletPlugin.plugin

    OVSHelper.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.oracle.java.Java-Updater.plist

    de.novamedia.VodafoneDeviceObserver.plist

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.oracle.java.Helper-Tool.plist

    org.tcpdump.chmod_bpf.plist

     

    /Library/PreferencePanes:

    DivX.prefPane

    Flash Player.prefPane

    JavaControlPanel.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    ChmodBPF

    Sudochmod

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    .DS_Store

    Becon.plugin

    Google Earth Web Plug-in.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    .DS_Store

    com.divx.agent.postinstall.plist

    com.google.keystone.agent.plist

    com.spotify.webhelper.plist

     

    Library/PreferencePanes:

    Perian.prefPane

     

    Library/QuickTime:

    AC3MovieImport.component

    Perian.component

     

    Library/Services:

    .localized

     

     

    Output after step 5:

    iTunesHelper, Dropbox, VMCStatusMenu, Vodafone Mobile Broadband

     

     

    This is the output I receive. Would be great if anyone can help me on this. Analyzing this data is too complex for me (unfortunaltely), but I trust on the community support.

     

    Thanks!

  • Commander Smackaho Level 1 Level 1 (0 points)

    I think we've all been duped and apple didnt even see it, that "flashplayer.xpt " is the winner it's an executable script from the browser it's been in there waiting for awhile now and its attaching to all your framework files or better yet replacing them this is a rough one boys we need and the worst part is, I think its been sitting to long to matter now

  • sbal12 Level 1 Level 1 (0 points)

    Okay, thanks Commander Smackaho. But I guess that "flashplayer.xpt" is not a keylogger or spyware in another sense. Or should I be aware of..?

  • thomas_r. Level 7 Level 7 (30,540 points)

    The flashplayer.xpt file is a normal part of Adobe Flash Player. It definitely is not a keylogger or any other kind of malware.

  • The One And Only Arnz Level 1 Level 1 (0 points)

    Hi. Same here. I've had confirmation that something was done by the person but I want to find out exactly what as I completely distrust them now.

     

    Results are:

     

    Step1:

     

    com.rim.driver.BlackBerryUSBDriverInt (0.0.74)

     

    Step2:

     

    com.openbase.com.openexec

    com.trusteer.rooks.rooksd

    com.rim.BBDaemon

    com.oracle.java.Helper-Tool

    com.google.keystone.daemon

    com.adobe.fpsaud

     

    Step3:

     

    com.tomtom.HOMERunnerApp.20096

    jp.co.Canon.bj.scan.network.scannerselector2.27488

    com.rim.BBLaunchAgent

    com.rim.RimAlbumArtDaemon

    com.oracle.java.Java-Updater

    com.google.keystone.system.agent

    com.adobe.CS4ServiceManager

    com.openbase.com.openlaunch

    com.adobe.ARM.925793fb327152fd34795896fa1fb9ffa268b2a852256fe56609efa3

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

     

    Step4:

     

    /Library/Address Book Plug-Ins:

    AddressBookDial.bundle

     

    /Library/Components:

     

    /Library/Extensions:

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    BJUSBLoad.kext

    CIJUSBLoad.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AVEngine.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    DivX Toolkit.framework

    FxPlug.framework

    HPDeviceModel.framework

    HPPml.framework

    HPServicesInterface.framework

    HPSmartPrint.framework

    MacScanner.framework

    NyxAudioAnalysis.framework

    OpenBaseAPI.framework

    OpenBaseAdmin.framework

    OpenBaseAdvancedAPI.framework

    OpenBaseCR.framework

    OpenBaseEOAdaptor.framework

    OpenBaseForms.framework

    OpenBaseLogin.framework

    OpenBaseManager.framework

    OpenBaseNet.framework

    OpenBasePKPlugin.framework

    PluginManager.framework

    ProFX.framework

    RIM_VSP.framework

    RimBlackBerryUSB.framework

    VShieldHelper.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AdobeFlash

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    Default Browser.plugin

    DirectorShockwave.plugin

    Disabled Plug-Ins

    DivXBrowserPlugin.plugin

    EPPEX Plugin.plugin

    Flash Player.plugin

    GarminGPSControl.plugin

    JavaAppletPlugin.plugin

    Mozillaplug.plugin

    PictureTalk Execute.plugin

    PictureTalk Version.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    RealPlayer Plugin.plugin

    Silverlight.plugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    iPhotoPhotocast.plugin

    npdivx.xpt

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.adobe.CS4ServiceManager.plist

    com.google.keystone.agent.plist

    com.oracle.java.Java-Updater.plist

    com.rim.BBAlbumArtCacher.plist

    com.rim.BBLaunchAgent.plist

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.google.keystone.daemon.plist

    com.oracle.java.Helper-Tool.plist

    com.rim.BBDaemon.plist

    com.trusteer.rooks.rooksd.plist

    openbase.plist

     

    /Library/PreferencePanes:

    DivX.prefPane

    Flash Player.prefPane

    JavaControlPanel.prefPane

    OpenBasePreferences.prefPane

    RapportPreferences.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    .DS_Store

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    VShieldEPOInterface

    Virex

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

     

    Library/Fonts:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    Picasa.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.adobe.ARM.925793fb327152fd34795896fa1fb9ffa268b2a852256fe56609efa3.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.337D0AA2-1352-41A3-B9F9-A77 7B794E4B1.plist

    com.apple.SafariBookmarksSyncer.plist

    com.zeobit.MacKeeper.Helper

    jp.co.canon.Inkjet_Extended_Survey_Agent.plist

    openlaunch.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    .localized

     

    LimeWire/Incomplete:

    Big-iMac:~ Dad$

     

    Step5:

    Canon IJ Network Scanner Selector2, AdobeResourceSynchronizer, TomTomHOMERunner, BlackBerry Device Manager

     

    Please help. Thanx - Arnz

  • mark00thomas Level 1 Level 1 (0 points)

    Arnz, There is good news and bad news. The good news is that you know you have spy wear on your machine. The bad news is that you are going to have to do some work to get it back to normal.

     

    1. back up your email, photos, etc. (I keep most of my users home folder and the mail and moble sync folders on a RAID set of drives)

    2. delete the two processes below and any process, dameon that calls to them or is anyway related to them

     

    AEProfiling.framework

    com.trusteer.rooks.rooksd

     

    3. boot from a different drive and boot your machine into target disk mode

    4. use disk utility to erase and reformat the hard drive. I may be completely wrong, but I only let the zeroing out part go for the first 30 min or so thinking that they system folders and files are at the “beginning” of the disk

    5. reinstall OSX

    6. make new user name and password

    7.reinstal apps fresh from app store or their website, not from Time Machine

    8. don’t use time machine

    Replace email folder and other data, but don’t use TM

     

    And finally #9, slap the person who put that **** on your computer.

  • John Galt Level 8 Level 8 (42,190 points)

    The One And Only Arnz, while there are methods to determine the presence of known and commonly available keyloggers, there is no possible way for anyone to determine that one does not exist from the information you provided.

     

    However, numerous other problems definitely exist with that Mac that will prevent its proper operation.


    For assistance please read Writing an effective Apple Support Communities question

  • andyBall_uk Level 7 Level 7 (20,490 points)

    Neither of the two items mentioned are known spy wear

    The first is included in a standard OS X installation, the second is 'security' software... albeit mostly unnecessary & sometimes causing Safari crashes.

    Deleting anything is pointless if the drive is about to be erased.

  • ASK37 Level 1 Level 1 (0 points)

    Hi, I'm concerned I may be in a similar situation. Any help would be appreciated!

     

    FIRST:

     

    com.rim.driver.BlackBerryUSBDriverInt (0.0.74)

     

    SECOND:

     

    com.rim.BBDaemon

    com.adobe.fpsaud

     

    THIRD:

     

    com.rim.BBLaunchAgent

    com.rim.RimAlbumArtDaemon

    com.divx.agent.postinstall

     

    FOURTH:

     

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    Adobe AIR.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    Python.framework

    RIM_VSP.framework

    RimBlackBerryUSB.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.rim.BBAlbumArtCacher.plist

    com.rim.BBLaunchAgent.plist

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.apple.third_party_32b_kext_logger.plist

    com.rim.BBDaemon.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Pref360Control.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    AppleWorks.mdimporter

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    360ControlDaemon

    ChmodBPF

     

    /etc/mach_init.d:

    dashboardadvisoryd.plist

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.divx.agent.postinstall.plist

     

    Library/PreferencePanes:


    FIFTH:

     

    iTunesHelper

Previous 1 4 5 6 7 8 Next