Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Detect spyware and determine who is spying on my imac

I might be paranoid -- but need to know at this point if someone very close to me has installed spyware on my mac. I keep finding forums that say to back up files and just restart your system and wipe everything clean, change passwords, etc. But this won't work for me for a couple of reasons: 1) I really need to know if there is someone close to me who has installed this on my computer and would like to find the IP address that the information is headed to. and 2) the person in question still has access to my computer and almost all of my passwords.


Please can we not get into why I think this person is spying, etc. and if anyone knows anyway for me to detect spyware and determine where information is being sent that would be the most helpful.


Would greatly appreciate any help here as I am paranoid about even looking up these kinds of things of my home computer (which i am doing now) and my iphone. (which I also need help with determining if it has spyware on it).


Thanks very much for any help.

iMac, Mac OS X (10.7.5)

Posted on Mar 24, 2013 5:22 AM

Reply
96 replies

Sep 10, 2015 4:41 PM in response to drazek73

Linc doesn't usually respond to "me too" requests and probably isn't even monitoring this very old discussion. You will always be better off posting a new topic with a clear statement of the problem you are seeing, without jumping to the conclusion that you have some sort of spyware on your Mac and posting something that many of us cannot interpret for you.

Sep 15, 2015 10:15 AM in response to drazek73

drazek73 wrote:


so how do you get help here? I did start a new thread.

As I told you before, start a new thread with a clear and detailed explanation of the problem without posting a diagnostic that nobody but Linc would understand. What are you seeing that would lead you to believe you have spyware? Did somebody gain physical access to your computer or did you allow them to through sharing?

Sep 15, 2015 2:43 PM in response to MadMacs0

there was no physical access that i'm aware of .. i don't want to explain who/what competitor/business partner knows what they shouldn't b/c it's irrelevant


bottom line is, we're looking for ways to scan and eliminate any possibility of keyloggers or screen recorders on our network


is there a software out there to accomplish this?


i can start a new thread or add to the one I already started if that helps

Sep 15, 2015 10:17 PM in response to drazek73

drazek73 wrote:


there was no physical access that i'm aware of ..

If there was no physical access and you didn't approve shared access over your network, then there is no spyware on the computer. There is no currently known malware for OS X that could surreptitiously install a key logger or similar.

i don't want to explain who/what competitor/business partner knows what they shouldn't b/c it's irrelevant

Not really, but you've said enough. If you plan on pursuing legal action you need to bring in a law enforcement official that is certified in computer forensics to conduct an examination of your network immediately.

we're looking for ways to scan and eliminate any possibility of keyloggers or screen recorders on our network


is there a software out there to accomplish this?

If MacScan didn't find anything, then there is very close to zero chance that there is anything like you are looking for on the computer. It's a lousy malware detector, but you won't find anything better at finding spyware. The nmdb process is normally used to provide connectivity between Mac and Windows computers and 192.168.32.1 would appear to be a devise on your local network. Do you have Windows File Sharing turned on? What port was it using? It should be easy enough to identify what devise is using that IP address.

Jan 1, 2016 4:01 PM in response to Linc Davis

I also followed your instructions. I have had this privacy problem since at least 2003 and probably before that. The weird thing is, these coworkers of mine not only know everything I type on my computer, they also are privy to corded phone calls I have made from the "privacy" of my own home. One of these coworkers gave me a floppy disk in about 1999 saying it was free email software. Being a new computer owner/user, I took it home and tried it but nothing showed up on the screen besides a little guy with a smily face. I clicked it and nothing seemed to happen until I realized in 2003 that they had access to everything I do on my computer. It seems to me that they somehow have access to the DSL line (the phone line) somewhere between my house and the phone company/ISP. After I discovered they had access to my phone calls I terminated my land line service and now only use Skype which is supposed to be encrypted. The iMac I use now is my 3rd computer since that first one that I slipped that disk into.


If you have the time and/or the inclination to look at it, here are the results of my diagnostic test:

(thank you!)



Last login: Thu Dec 31 17:09:20 on console

My-iMac:~ dave$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

My-iMac:~ dave$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.opendns.osx.DNSCryptConfigUpdater

net.tunnelblick.tunnelblick.tunnelblickd

com.machangout.glims.loader

com.zeobit.MacKeeper.AntiVirus

com.google.keystone.daemon

com.opendns.osx.DNSCryptProxy

com.adobe.fpsaud

net.tunnelblick.startup.vpnbook--us1--udp53

com.teamviewer.Helper

My-iMac:~ dave$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

net.mehlau.pastor.63392

com.opendns.OpenDNS_Updater.84512

com.opendns.osx.DNSCryptMenuBar

uk.co.markallan.clamxav.freshclam

com.vimov.weatherhd.mac.menulauncher

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

com.pandasystems.pandocalendar.84832

com.eidac.smcFanControl2.13792

com.google.keystone.system.agent

jp.co.canon.ij.CNSSelectorAgent.93792

com.macility.typinator2.68192

com.jdibackup.ZipCloud.autostart

com.skype.skype.672

net.tunnelblick.tunnelblick.LaunchAtLogin

com.jdibackup.ZipCloud.notify

com.machangout.glims.agent

net.culater.SIMBL.Agent

com.zeobit.MacKeeper.Helper

jp.co.canon.cijscannerregister.16992

com.google.GoogleDrive.8992

My-iMac:~ dave$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:


/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

BJUSBLoad.kext

CIJUSBLoad.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

DivXInstallerUtilities.framework

GlimsAdditions.framework

NyxAudioAnalysis.framework

PluginManager.framework

TSLicense.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

Default Browser.plugin

Disabled Plug-Ins

EPPEX Plugin.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Quartz Composer.webplugin

Silverlight.plugin

flashplayer.xpt


/Library/Keyboard Layouts:


/Library/LaunchAgents:

com.google.keystone.agent.plist

com.machangout.glims.agent.plist

com.opendns.osx.DNSCryptMenuBar.plist

com.oracle.java.Java-Updater.plist

com.teamviewer.teamviewer.plist

com.teamviewer.teamviewer_desktop.plist

net.culater.SIMBL.Agent.plist


/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.google.keystone.daemon.plist

com.machangout.glims.loader.plist

com.opendns.osx.DNSCryptConfigUpdater.plist

com.oracle.java.Helper-Tool.plist

com.teamviewer.Helper.plist

com.teamviewer.teamviewer_service.plist

com.zeobit.MacKeeper.AntiVirus.plist

net.tunnelblick.tunnelblick.startup.vpnbook--us1--udp53.plist

net.tunnelblick.tunnelblick.tunnelblickd.plist


/Library/PreferencePanes:

DNSCrypt.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

JavaControlPanel.prefPane


/Library/PrivilegedHelperTools:

Google Drive Icon Helper

com.teamviewer.Helper


/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

AC3MovieImport.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

Perian.component


/Library/ScriptingAdditions:

Glims.osax

SIMBL.osax


/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWeb.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:


Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

YMsgrCallABPlugin.bundle

YMsgrMsnABPlugin.bundle

YMsgrSmsABPlugin.bundle

YMsgrYimABPlugin.bundle


Library/Fonts:

CONEI___.TTF

gorefont.ttf


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

Google Earth Web Plug-in.plugin


Library/Keyboard Layouts:


Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm


Library/LaunchAgents:

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.jdibackup.ZipCloud.autostart.plist

com.jdibackup.ZipCloud.notify.plist

com.zeobit.MacKeeper.Helper.plist

net.tunnelblick.tunnelblick.LaunchAtLogin.plist

uk.co.markallan.clamxav.freshclam.plist


Library/PreferencePanes:


Library/Services:

.localized

My-iMac:~ dave$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

smcFanControl, iTunesHelper, PandoCalendar, Canon IJ Network Scanner Selector EX, Typinator, Mail, Google Drive, Skype, iLauncherHelper, OpenDNS Updater, Stickies, Dave.pastor

My-iMac:~ dave$

Jan 1, 2016 11:58 PM in response to 23david23

Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this almost three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.

You will always be better off posting a new topic with a clear statement of the problem you are seeing and why you suspect it might be spyware, without posting any diagnostics until requested.

That's just the way this forum works best.

Jan 14, 2016 4:45 PM in response to memsmith

Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this almost three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.

You will always be better off posting a new topic with a clear statement of the problem you are seeing and why you suspect it might be spyware, without posting any diagnostics until requested.

That's just the way this forum works best.

Detect spyware and determine who is spying on my imac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.