1 Reply Latest reply: Jan 2, 2013 7:44 PM by whbb
whbb Level 1 Level 1 (0 points)

Hi,

 

I posted in Remote Desktop but no one responded so I'm posting here. Hope you can help or provide advise.

 

In console I found this - does this mean I am being remote accessed?

 

Dec 30 00:18:27 administrators-computer-21 sudo: twoadmin : user NOT in sudoers ; TTY=ttyp1 ; PWD=/Users/twoadmin ; USER=root ; COMMAND=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Res ources/kickstart -deactivate -configure -access -

 

 

Dec 30 00:18:33 administrators-computer-21 sudo: twoadmin : user NOT in sudoers ; TTY=ttyp1 ; PWD=/Users/twoadmin ; USER=root ; COMMAND=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Res ources/kickstart -deactivate -configure -access -

 

Dec 30 00:41:13 administrators-computer-21 sudo: twoadmin : user NOT in sudoers ; TTY=ttyp1 ; PWD=/Users/twoadmin ; USER=root ; COMMAND=/usr/sbin/lsof -i

 

 

When typing history in terminal this came up - I did not type this:

 

  /System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/activate Settings; exit

 

I made the mistake and connected with ethernet via a simple modem, will obviously be connecting soon via a locked down router.

If I have in fact been hacked, will a simple reinstall of the OS be enough? I am running Mac Scan but don't think this wil help if someone has

somehow gained root access.

 

Thanks for your help or advise.

Sean


MacBook, Mac OS X (10.4.11)