possible hack
Hi,
I posted in Remote Desktop but no one responded so I'm posting here. Hope you can help or provide advise.
In console I found this - does this mean I am being remote accessed?
Dec 30 00:18:27 administrators-computer-21 sudo: twoadmin : user NOT in sudoers ; TTY=ttyp1 ; PWD=/Users/twoadmin ; USER=root ; COMMAND=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Res ources/kickstart -deactivate -configure -access -
Dec 30 00:18:33 administrators-computer-21 sudo: twoadmin : user NOT in sudoers ; TTY=ttyp1 ; PWD=/Users/twoadmin ; USER=root ; COMMAND=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Res ources/kickstart -deactivate -configure -access -
Dec 30 00:41:13 administrators-computer-21 sudo: twoadmin : user NOT in sudoers ; TTY=ttyp1 ; PWD=/Users/twoadmin ; USER=root ; COMMAND=/usr/sbin/lsof -i
When typing history in terminal this came up - I did not type this:
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/activate Settings; exit
I made the mistake and connected with ethernet via a simple modem, will obviously be connecting soon via a locked down router.
If I have in fact been hacked, will a simple reinstall of the OS be enough? I am running Mac Scan but don't think this wil help if someone has
somehow gained root access.
Thanks for your help or advise.
Sean
MacBook, Mac OS X (10.4.11)