How can I determine if a keg logger or other spyware is on my computer? I am a novice.
MacBook Pro, Mac OS X (10.7.5), 2.4 Gz Intel Core i5 8 GB 1067 MHz
suz125 wrote:
How can I determine if a keg logger or other spyware is on my computer?...
What makes you think such a thing has happened...?
Well, a couple of things are: person knowing exactly things I had written, computer slowness, finding trojan.zbot by using bitedefender (which I hadn't done at the time I originally posted this.)
Why do posts like these go unanswered??? This is a very serious matter for females these days and not just a case of misplaced paranoia. It is a criminal matter if someone is using this kind of software and it is not the financial aspect that worries us - it's our lives.
I have already posted that I found 2 applications already (one on my windows laptop and one on my Ipad) one of which was being used by my ex to remotely access my webcam. I have a 3 year old son. Yet everywhere I look these threads go dead without any proper advice. My ex still knows information only possibly found within my new month old email account.
Please can someone advise me about my macbook. Please.
Some of us (myself included) just don't know that much about keylogging software - and I would bet that few here do.
I did come across this article - http://mackeyloggerprotection.com/ - and you can always check your non-Apple kernel extensions for something suspicious by going into Terminal and entering (copy and paste):
kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
Everyone should have some knowledge of the 'big players' out there that play on Macs, I think. The only one that I really am aware of, though, as we had a woman on here whose ex had used it on her, is Spector Pro - but just Googling seems to bring up a number of other shady apps.
Sometimes these questions just slip by us, or we simply lack (in my case) the technical knowledge to offer any help or solutions.
But we'll bump this one up and hope that the OP responds as well...
Clinton
Last login: Mon Mar 4 20:00:02 on ttys000
unknown109addb5b694:~ user$
Last login: Mon Mar 4 20:01:27 on ttys000
unknown109addb5b694:~ user$
unknown109addb5b694:~ user$
Last login: Mon Mar 4 20:01:38 on ttys000
unknown109addb5b694:~ user$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
com.Bitdefender.iokit.av (2.0.1)
com.trendmicro.kext.KERedirect (1.0.0)
com.trendmicro.kext.filehook (1.1.0)
unknown109addb5b694:~ user$
Topics can often simply cycle off the first page and be lost before anyone knowledgeable sees them. These are busy forums. There's nothing personal about it.
To answer the question, though, if you truly believe that someone has somehow managed to install key logging or back door software, there's really nothing you can do about that other than completely wipe the device and start over with a fresh system. There's no software in existence that can find all possibly remote access software. Someone with physical access, for example, could set up remote access and/or key logging using completely legit software.
That said, in my experience, people often blame keyloggers when that's not remotely the most likely explanation. For example, getting access to online accounts does not require access to the user's computer. It often takes no more than knowing some basic personal information about that person. Similarly general computer performance problems or finding Windows malware does not in any way suggest malware.
Check out my Mac Malware Guide:
Also, tighten up the security of your online accounts. Change passwords to something not even someone who knows you could guess, and use a password manager (like 1Password) to keep track of them. If you find yourself unable to log in and have to reset your password, be immediately suspicious that someone else has already reset the password and had access to the account. Do not use the same password for more than one account.
I am grateful that you took the time to answer this and did what you said (I hope). The result are below. Thanks.
Above message for Clinton.
This message for Thomas: Your second paragraph is very useful for me. Confirmation of what I was thinking. Thanks. I am sure the remainder will be useful for others as well.
Nothing suspicious there - in the past I've seen keyloggers with kext files but in your case, none. Just that you're running Bitdefender av software.
I'm going to let Thomas Reed take it from here - he's our resident av/malware expert...
Good luck,
Clinton
Thomas, I find paragraph 2 helpful for me..was suspecting the same. Hope the remainder of the post will be helpful to others as well.
Clinton, so does this mean that the culprit is "unknown109addb5b694:~ user$"? I have seen this before.
thanks, just saw this...so "...user$" doesn't mean what I was thinking?
I have been unsuccessful at removing trendmicro so doubt I would have much luck with spyware.
Clinton, so does this mean that the culprit is "unknown109addb5b694:~ user$"? I have seen this before.
That is your Unix prompt, the message that is displayed at the beginning of the command line to indicate that the shell is ready for your input. By default, it has the form:
computername:currentdirectory username$
The part of your prompt that reads "unknown109addb5b694" is your computer's name, as seen on your current local network. This is not any kind of indication of someone hacking you or a malware infection. It simply means your computer has been, for some reason, given a rather strange and bland name. You can change this name in System Preferences -> Sharing.
I notice that you have both BitDefender and Trend Micro installed, from the results of the test Clinton asked you to do. You should never have two different anti-virus programs doing active scanning at the same time. You need to remove one or the other. In addition, you would have been hard-pressed to find two worse Mac anti-virus programs without hard data to assist you! See the results of my latest testing of anti-virus software:
http://www.thesafemac.com/mac-anti-virus-testing-01-2013/
My personal recommendation would be to remove them both entirely. You say you have been unsuccessful in removing Trend Micro. There should be a Trend Micro folder in your Applications folder with an uninstaller. Did you run that?
How can I determine if a key logger has been placed on my macbook pro?
