Detect spyware and determine who is spying on my imac

Linc doesn't usually respond to "me too" requests and probably isn't even monitoring this very old discussion. You will always be better off posting a new topic with a clear statement of the problem you are seeing, without jumping to the conclusion that you have some sort of spyware on your Mac and posting something that many of us cannot interpret for you.

Thank you for your reply MadMacs. I did post it under a new thread as well.

detect key logger, screen capture, spyware on mac @linc davis

It would be great to know how to interpret these findings. It was from this thread's Lincs reply giving instructions how to generate them.

drazek73 wrote:

It would be great to know how to interpret these findings.

I should have mentioned that Linc often changes his diagnostics either to get different information or to adapt to a new OS. That's why I suggested you not post them until asked.

so how do you get help here? I did start a new thread. I also run macsan (nothing found), little snitch has some outgoing nmdb process with IP Address: 192.168.32.1 .. otherwise i'm not finding anything

https://discussions.apple.com/thread/7212631

drazek73 wrote:

so how do you get help here? I did start a new thread.

As I told you before, start a new thread with a clear and detailed explanation of the problem without posting a diagnostic that nobody but Linc would understand. What are you seeing that would lead you to believe you have spyware? Did somebody gain physical access to your computer or did you allow them to through sharing?

there was no physical access that i'm aware of .. i don't want to explain who/what competitor/business partner knows what they shouldn't b/c it's irrelevant

bottom line is, we're looking for ways to scan and eliminate any possibility of keyloggers or screen recorders on our network

is there a software out there to accomplish this?

i can start a new thread or add to the one I already started if that helps

drazek73 wrote:

there was no physical access that i'm aware of ..

If there was no physical access and you didn't approve shared access over your network, then there is no spyware on the computer. There is no currently known malware for OS X that could surreptitiously install a key logger or similar.

i don't want to explain who/what competitor/business partner knows what they shouldn't b/c it's irrelevant

Not really, but you've said enough. If you plan on pursuing legal action you need to bring in a law enforcement official that is certified in computer forensics to conduct an examination of your network immediately.

we're looking for ways to scan and eliminate any possibility of keyloggers or screen recorders on our network

is there a software out there to accomplish this?

If MacScan didn't find anything, then there is very close to zero chance that there is anything like you are looking for on the computer. It's a lousy malware detector, but you won't find anything better at finding spyware. The nmdb process is normally used to provide connectivity between Mac and Windows computers and 192.168.32.1 would appear to be a devise on your local network. Do you have Windows File Sharing turned on? What port was it using? It should be easy enough to identify what devise is using that IP address.

sharing is turned off

I can send all the littlesnitch processes that it picks up .. will that be sufficient to diagnose/eliminate any possibility of spyware?

I also followed your instructions. I have had this privacy problem since at least 2003 and probably before that. The weird thing is, these coworkers of mine not only know everything I type on my computer, they also are privy to corded phone calls I have made from the "privacy" of my own home. One of these coworkers gave me a floppy disk in about 1999 saying it was free email software. Being a new computer owner/user, I took it home and tried it but nothing showed up on the screen besides a little guy with a smily face. I clicked it and nothing seemed to happen until I realized in 2003 that they had access to everything I do on my computer. It seems to me that they somehow have access to the DSL line (the phone line) somewhere between my house and the phone company/ISP. After I discovered they had access to my phone calls I terminated my land line service and now only use Skype which is supposed to be encrypted. The iMac I use now is my 3rd computer since that first one that I slipped that disk into.

If you have the time and/or the inclination to look at it, here are the results of my diagnostic test:

(thank you!)

Last login: Thu Dec 31 17:09:20 on console

My-iMac:~ dave$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

My-iMac:~ dave$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.opendns.osx.DNSCryptConfigUpdater

net.tunnelblick.tunnelblick.tunnelblickd

com.machangout.glims.loader

com.zeobit.MacKeeper.AntiVirus

com.google.keystone.daemon

com.opendns.osx.DNSCryptProxy

com.adobe.fpsaud

net.tunnelblick.startup.vpnbook--us1--udp53

com.teamviewer.Helper

My-iMac:~ dave$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

net.mehlau.pastor.63392

com.opendns.OpenDNS_Updater.84512

com.opendns.osx.DNSCryptMenuBar

uk.co.markallan.clamxav.freshclam

com.vimov.weatherhd.mac.menulauncher

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

com.pandasystems.pandocalendar.84832

com.eidac.smcFanControl2.13792

com.google.keystone.system.agent

jp.co.canon.ij.CNSSelectorAgent.93792

com.macility.typinator2.68192

com.jdibackup.ZipCloud.autostart

com.skype.skype.672

net.tunnelblick.tunnelblick.LaunchAtLogin

com.jdibackup.ZipCloud.notify

com.machangout.glims.agent

net.culater.SIMBL.Agent

com.zeobit.MacKeeper.Helper

jp.co.canon.cijscannerregister.16992

com.google.GoogleDrive.8992

My-iMac:~ dave$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

BJUSBLoad.kext

CIJUSBLoad.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

DivXInstallerUtilities.framework

GlimsAdditions.framework

NyxAudioAnalysis.framework

PluginManager.framework

TSLicense.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

Disabled Plug-Ins

EPPEX Plugin.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Quartz Composer.webplugin

Silverlight.plugin

flashplayer.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.google.keystone.agent.plist

com.machangout.glims.agent.plist

com.opendns.osx.DNSCryptMenuBar.plist

com.oracle.java.Java-Updater.plist

com.teamviewer.teamviewer.plist

com.teamviewer.teamviewer_desktop.plist

net.culater.SIMBL.Agent.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.google.keystone.daemon.plist

com.machangout.glims.loader.plist

com.opendns.osx.DNSCryptConfigUpdater.plist

com.oracle.java.Helper-Tool.plist

com.teamviewer.Helper.plist

com.teamviewer.teamviewer_service.plist

com.zeobit.MacKeeper.AntiVirus.plist

net.tunnelblick.tunnelblick.startup.vpnbook--us1--udp53.plist

net.tunnelblick.tunnelblick.tunnelblickd.plist

/Library/PreferencePanes:

DNSCrypt.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

JavaControlPanel.prefPane

/Library/PrivilegedHelperTools:

Google Drive Icon Helper

com.teamviewer.Helper

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AC3MovieImport.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

Perian.component

/Library/ScriptingAdditions:

Glims.osax

SIMBL.osax

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWeb.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

YMsgrCallABPlugin.bundle

YMsgrMsnABPlugin.bundle

YMsgrSmsABPlugin.bundle

YMsgrYimABPlugin.bundle

Library/Fonts:

CONEI___.TTF

gorefont.ttf

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Google Earth Web Plug-in.plugin

Library/Keyboard Layouts:

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.jdibackup.ZipCloud.autostart.plist

com.jdibackup.ZipCloud.notify.plist

com.zeobit.MacKeeper.Helper.plist

net.tunnelblick.tunnelblick.LaunchAtLogin.plist

uk.co.markallan.clamxav.freshclam.plist

Library/PreferencePanes:

Library/Services:

.localized

My-iMac:~ dave$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

smcFanControl, iTunesHelper, PandoCalendar, Canon IJ Network Scanner Selector EX, Typinator, Mail, Google Drive, Skype, iLauncherHelper, OpenDNS Updater, Stickies, Dave.pastor

My-iMac:~ dave$

Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this almost three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.

You will always be better off posting a new topic with a clear statement of the problem you are seeing and why you suspect it might be spyware, without posting any diagnostics until requested.

That's just the way this forum works best.

Hey linc iv been looking for some information like this for a couple days now, i was wondering if you could help me with a few things.

Im dealing with the same kind of problem on a professional scale, but i have no knowledge of these things. is there some way i can contact you through apple or otherwise?

my name is coco ! :}

Linc doesn't normally respond to "me too" requests and almost certainly isn't monitoring this almost three year old discussion. He often changes his diagnostics routines, so what your have posted may be meaningless now and certainly should not be interpreted by anybody but Linc.

You will always be better off posting a new topic with a clear statement of the problem you are seeing and why you suspect it might be spyware, without posting any diagnostics until requested.

That's just the way this forum works best.

My Mac os was working well with the Yosemite and I installed boot camp and installed windows 7 on the other partition. All was well until I upgraded my Mac OS to El Capitan. Whenever I press and hold Alt to go to the windows 7 partition I see a recovery partition which won't boot to windows. Please what can I do? I need to resolve it.😟

My Mac os was working well with the Yosemite and I installed boot camp and installed windows 7 on the other partition. All was well until I upgraded my Mac OS to El Capitan. Whenever I press and hold Alt to go to the windows 7 partition I see a recovery partition which won't boot to windows. Please what can I do? I need to resolve it.😟

im just not really one for making a public spectacle of my life

thanks for this though.