neuegirl

Q: Detect spyware and determine who is spying on my imac

I might be paranoid -- but need to know at this point if someone very close to me has installed spyware on my mac. I keep finding forums that say to back up files and just restart your system and wipe everything clean, change passwords, etc. But this won't work for me for a couple of reasons: 1) I really need to know if there is someone close to me who has installed this on my computer and would like to find the IP address that the information is headed to. and 2) the person in question still has access to my computer and almost all of my passwords.

 

Please can we not get into why I think this person is spying, etc. and if anyone knows anyway for me to detect spyware and determine where information is being sent that would be the most helpful.

 

Would greatly appreciate any help here as I am paranoid about even looking up these kinds of things of my home computer (which i am doing now) and my iphone. (which I also need help with determining if it has spyware on it).

 

Thanks very much for any help.

iMac, Mac OS X (10.7.5)

Posted on Mar 24, 2013 5:22 AM

Close

Q: Detect spyware and determine who is spying on my imac

  • All replies
  • Helpful answers

first Previous Page 3 of 5 last Next
  • by mikado_409,

    mikado_409 mikado_409 Jun 29, 2014 2:40 PM in response to Linc Davis
    Level 1 (0 points)
    Jun 29, 2014 2:40 PM in response to Linc Davis

    Hello Everyone,

    I have the same problem as the OP.

    Could someone please have a look and tell me if you think the results from my mac terminal are off? I followed Linc's (thanks!!) directions

    on how to do this. Super helpful!

     

    (Here's the background info)

    I found a "Steallth.ipa" iOS Application on my mac. It had the iTunes logo but wasn't an iTunes file. When I checked the info on the file (5.6MB) -

    I noticed that I only had permission to read as did everyone else. Only admin could read and write. (I don't think I ever installed an admin login).

     

    Not sure what to make of this Stealth app?

    Checked my firewall and it was on,  but these connections were greenlighted:

     

              cups-lpd

              iTunes

              JavaApplicationStub

     

    By the way I don't have any remote access enabled, but did find that an App was added to my login item: WDDriveManagerStatusMenu. I think this might be

    for my external Western Digital.

     

    Also found 2 invisible drives on desktop "home" and "net". And then that all the bluetooth boxes were checked which I don't think I did. But I have to say I haven't

    used this machine as much as I am now.

     

    I left everything as is, to run the Terminal with the 5 steps outlined after a normal boot.

     

    I've since, disabled the 3 apps as incoming connections and turned on

    stealth. Changed the password for Admin and permissions too.

    And now am hoping to find out from one of you that's it all because my machine is

    getting old.

     

    Here are my results. Please let me know your thoughts.

    Thanks so much for your time!

     

    Mikado

     

    Mac Book Pro circa 2006/2007 running Mac OS X 10.6.8

     

    Mac_Terminal_results:

     

    Last login: Sun Jun 29 13:26:54 on console

    Finkston:~ mikado$

    Finkston:~ mikado$ extstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    -bash: extstat: command not found

    Finkston:~ mikado$

    Finkston:~ mikado$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

    Password:

    com.wdc.drivemanagerservice

    com.adobe.fpsaud

    Finkston:~ mikado$

    Finkston:~ mikado$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    ws.agile.1PasswordAgent

    Finkston:~ mikado$

    Finkston:~ mikado$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Address Book Plug-Ins:

    .DS_Store

     

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    .DS_Store

    NyxAudioAnalysis.framework

    PluginManager.framework

    PrintMeSSL.framework

     

    /Library/Input Methods:

    Image Capture

     

    /Library/Internet Plug-Ins:

    .DS_Store

    Flash Player.plugin

    NP-PPC-Dir-Shockwave

    QuickTime Plugin.plugin

    flashplayer.xpt

    nplastpass.plugin

     

    /Library/Internet Plug-Ins (Disabled):

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.wdc.drivemanagerservice.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types

     

    /Library/Spotlight:

    AppleWorks.mdimporter

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iWeb.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

    dashboardadvisoryd.plist

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    AdiumAddressBookAction_AIM.scpt

    AdiumAddressBookAction_ICQ.scpt

    AdiumAddressBookAction_Jabber.scpt

    AdiumAddressBookAction_MSN.scpt

    AdiumAddressBookAction_SMS.scpt

    AdiumAddressBookAction_Yahoo.scpt

     

    Library/Fonts:

    176 DIN Schriften

    AACHEN

    AacheDMedSh1

    Abadi MT Condensed Extra Bold

    Abadi MT Condensed Light

    Andale Mono

    Arial

    Arial Black

    Arial Narrow

    Arial Rounded Bold

    Avant Garde

    AvantGarBol

    AvantGarBolObl

    AvantGarBoo

    AvantGarBooObl

    AvantGarConBol

    AvantGarConBoo

    AvantGarConDem

    AvantGarConMed

    AvantGarDem

    AvantGarDemObl

    AvantGarExtLig

    AvantGarExtLigObl

    AvantGarMed

    AvantGarMedObl

    AvantGarXLig

    AvantGarXLigObl

    BCitNor

    Base 12 Serif Family

    BaseTweSer

    BaseTweSerB

    BaseTweSerBI

    BaseTweSerI

    BaseTweSerSCB

    BaseTweSerSCBI

    BaseTweSerSCI

    BaseTweSerSma

    Baskerville Old Face

    Batang.ttf

    Bauhaus 93

    BayerArcTyp

    BayerArchiType.t1

    Bell MT

    Bernard MT Condensed

    BisteBol

    BisteckBold.bmap

    Bolt Bold

    BoltBolICG

    Book Antiqua

    Bookman Old Style

    Braggadocio

    Britannic Bold

    Brush Script

    BureaEmp

    BureaEmpIta

    Bureau Empire (FB)

    CITY

    COMPACTA BD BT

    CRILLEE startrek

    Calisto MT

    CalveMTBol

    CalveMTLig

    CalveMTMed

    CalvertMT.bmap

    Century

    Century Gothic

    Century Schoolbook

    CitizBol

    CitizBolIta

    CitizLig

    CitizLigIta

    CitizenScreenFonts

    CityBld

    CityBol

    CityBolIta

    CityMed

    CityMedIta

    CityNor

    Colonna

    Comic Sans MS

    CompaBTBol

    CompaBTBolIta

    CompaLig

    CompaMTBol

    Compacta-Light.scr

    CompactaMTBd.bmap

    ConduITCBol

    ConduITCBolIta

    ConduITCLig

    ConduITCLigIta

    ConduITCMed

    ConduITCMedIta

    Conduit ITC Bold

    Conduit ITC Bold Italic

    Conduit ITC Light

    Conduit ITC Light Italic

    Conduit ITC Medium

    Conduit ITC Medium Italic

    Cooper Black

    Copperplate Gothic Bold

    Copperplate Gothic Light

    CrillTBolIta

    CrillTExtBolIta

    CrillTLigIta

    CrillTRegIta

    Curlz MT

    DINEng

    DINMit

    DINNeuGroBolCon

    DINNeuGroLig

    DOT MATRIX

    Desdemona

    DotmaReg

    Edwardian Script ITC

    Engravers MT

    Eurostile

    Expo SSi

    ExpoBlaSSiBla

    ExpoBlaSSiBlaIta

    ExpoBooSSiBoo

    ExpoBooSSiBooIta

    ExpoBooSSiMed

    ExpoBooSSiMedIta

    ExpoLigSSiLig

    ExpoLigSSiLigIta

    ExpoSSi

    ExpoSSiBol

    ExpoSSiBolIta

    ExpoSSiIta

    ExposBlaSSiBla

    ExposBlaSSiBlaIta

    ExposMedSSiMed

    ExposMedSSiMedIta

    ExposSSi

    ExposSSiBol

    ExposSSiBolIta

    ExposSSiIta

    Folio.bmap

    FolioBol

    FolioBolCon

    FolioExtBol

    FolioLig

    FolioMed

    Footlight Light

    FreewBla

    FreewDem

    FreewLig

    FreewRom

    FreewRomIta

    Garamond

    GentlSanBol

    GentlSanBolIta

    GentlSanBoo

    GentlSanBooIta

    GentlSanLig

    GentlSanLigIta

    GentlSanUltBol

    Gentle Sans

    Georgia

    Gill Sans Ultra Bold

    Gloucester MT Extra Condensed

    Goudy Old Style

    Gulim.ttf

    Haettenschweiler

    Harrington

    HelveNeuLig

    HelveNeuMed

    ITC Avant Garde gothic

    Impact

    Imprint MT Shadow

    Kabel.bmap

    KabelITCbyBTBol

    KabelITCbyBTBoo

    KabelITCbyBTDem

    KabelITCbyBTMed

    KabelITCbyBTUlt

    Kino

    KochOriginal screen fonts

    Kocho

    Lucida Blackletter

    Lucida Bright

    Lucida Calligraphy

    Lucida Fax

    Lucida Handwriting

    Lucida Sans

    Lucida Sans Typewriter

    MS Gothic.ttf

    MS Mincho.ttf

    MS PGothic.ttf

    MS PMincho.ttf

    MT Extra

    Matura Script Capitals

    Maus

    Maus.suit

    Mistral

    MitteNor

    Modern No. 20

    Monotype Corsiva

    Monotype Sorts

    NeogrMT

    NeographikMT.bmap

    News Gothic MT

    OPTIBinStyBol

    OPTIBinStyLig

    OPTIBinderStyle.bmap

    OPTIChaBol

    OPTIChampion-Bold.bmap

    OPTIComIta

    OPTIComLig

    OPTIComReg

    OPTICompit

    OPTIStaExt

    OPTIStaXtrBolExt

    OPTIStaines-Extended.bmap

    OPTIVagRouBol

    OPTIVagRound-Bold.bmap

    Onyx

    PMingLiU.ttf

    Perpetua Titling MT

    PlacaMTCon

    Placard_MT_Cn

    Playbill

    RenneArcTyp

    RennerArchiType.t1

    Rockwell

    Rockwell Extra Bold

    Ronda

    RondaBol

    RondaLig

    RondaMed

    SimSun.ttf

    Stencil

    Tahoma

    TapeGun

    TapeGun.bmap

    Times New Roman

    Trebuchet MS

    TwentCenMTUltBol

    Twentieth Century

    U49.t1

    U49Nor

    UNITUS-REGULAR

    UltraBla

    UltraBlack.bmap

    UnituTBla

    UnituTBlaIta

    UnituTBol

    UnituTBolIta

    UnituTLig

    UnituTLigIta

    UnituTReg

    UnituTRegIta

    UnituTUltBol

    Upsil

    Upsilon.bmap

    VAG.bmap

    VAGRouBla

    VAGRouBol

    VAGRouLig

    VAGRouThi

    VectoLHBla

    VectoLHBlaIta

    VectoLHBol

    VectoLHBolIta

    VectoLHIta

    VectoLHLig

    VectoLHLigIta

    VectoLHRom

    Vectora Bitmaps

    Verdana

    Wide Latin

    Wingdings

    Wingdings 2

    Wingdings 3

    displdts.ttf

    freeway

    mittelschrift

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    fbplugin_1_0_3.plugin

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    ws.agile.1PasswordAgent.plist

     

    Library/PreferencePanes:

    Growl.prefPane

     

    Library/ScriptingAdditions:

    1Password Addition.osax

    Finkston:~ mikado$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    WDDriveManagerStatusMenu

    Finkston:~ mikado$

  • by Csound1,

    Csound1 Csound1 Jun 29, 2014 3:32 PM in response to mikado_409
    Level 9 (50,417 points)
    Desktops
    Jun 29, 2014 3:32 PM in response to mikado_409

    IOS apps won't run on a Mac. It's nothing to worry about.

  • by MadMacs0,

    MadMacs0 MadMacs0 Jun 29, 2014 5:19 PM in response to mikado_409
    Level 5 (4,791 points)
    Jun 29, 2014 5:19 PM in response to mikado_409

    mikado_409 wrote:

     

    I have the same problem as the OP.

    I doubt that it is the same problem and this discussion is far too old to be of any use from anybody else that might still be following it.

     

    The way this forum works best is that you read through similar problems and try any solutions you think might apply to your situation, but if you aren't able to resolve it you need to start a new discussion so that current users can quickly drop by to help you out. There may not be anybody other than me that will see your posting.

     

    Sorry, but that's just the way this forum works.

  • by mikado_409,

    mikado_409 mikado_409 Jun 29, 2014 6:53 PM in response to MadMacs0
    Level 1 (0 points)
    Jun 29, 2014 6:53 PM in response to MadMacs0

    Thanks for your reply. I did read through a lot of posts actually - that's where I got the brilliant idea to try Linc's code on the mac terminal before posting on here - I just don't know what any of it means, so I came back here....but now I've got bigger issues. Keychains from the laptop locked me out of my iphone. I'll start a new discussion....thanks

  • by dwaynew270,

    dwaynew270 dwaynew270 Dec 26, 2014 4:17 PM in response to Linc Davis
    Level 1 (0 points)
    Dec 26, 2014 4:17 PM in response to Linc Davis

    I have done this to my friends mAC, as she has asked me to. I don't have her password, so i could not do that step. If you could, please check what came up.

     

    Last login: Fri Dec 26 17:55:43 on ttys000

    Emmalees-MacBook-Pro:~ emmaleecerbone$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    Emmalees-MacBook-Pro:~ emmaleecerbone$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.zeobit.MacKeeper.35584

    com.zeobit.MacKeeper.Helper

    com.google.keystone.user.agent

    Emmalees-MacBook-Pro:~ emmaleecerbone$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    AudioMixEngine.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Default Browser.plugin

    Flash Player.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    flashplayer.xpt

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.zeobit.MacKeeper.AntiVirus.plist

    com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    com.google.keystone.agent.plist

    com.zeobit.MacKeeper.Helper.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    Emmalees-MacBook-Pro:~ emmaleecerbone$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper

    Emmalees-MacBook-Pro:~ emmaleecerbone$

  • by barrman1,

    barrman1 barrman1 Apr 14, 2015 11:44 AM in response to Linc Davis
    Level 1 (0 points)
    Apr 14, 2015 11:44 AM in response to Linc Davis

    Step 1 Output:

     

    com.metakine.handsoff.driver (2.3.3)

    com.taoeffect.ispy.kext (2.0.2)

    jp.co.roland.RDUSB0096Dev (1.0.0)

    com.mcafee.kext.Virex (1.1.0d1)

    com.anchorfree.tun (1.0.2)

     

     

     

    Step 2 Output:

     

    org.tcpdump.chmod_bpf

    org.macosforge.xquartz.privileged_startx

    com.taoeffect.ispyd

    com.metakine.handsoff.daemon

    com.mcafee.virusscan.fmpd

    com.mcafee.ssm.ScanManager

    com.mcafee.ssm.Eupdate

    com.bombich.ccchelper

    com.anchorfree.ajaxserver

    com.adobe.fpsaud

    com.v.helper

     

     

     

    Step 3 Output:

     

    org.macosforge.xquartz.startx

    com.mcafee.reporter

    com.mcafee.menulet

    com.v.agent

    com.taoeffect.EspionageHelper

    com.spigot.SearchProtection

     

     

     

    Step 4 Output:

     

    /Library/Components:

     

    /Library/Extensions:

    HandsOff.kext

     

    /Library/Frameworks:

    AECore.framework

    AEProfiling.framework

    AERegistration.framework

    AVEngine.framework

    AudioMixEngine.framework

    Compressor.framework

    DSPPublishing.framework

    EWSMac.framework

    FxPlug.framework

    MacFUSE.framework

    MacScanner.framework

    MediaServerAPI.framework

    NyxAudioAnalysis.framework

    OSXFUSE.framework

    PluginManager.framework

    ProMetadataSupport.framework

    Qmaster.framework

    ScanBooster.framework

    TSLicense.framework

    VirusScanPreferences.framework

    XSKey.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    JavaAppletPlugin.plugin

    PepperFlashPlayer

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

     

    /Library/Internet Plug-Ins (Disabled):

    .DS_Store

    Flash Player.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.2a246b7c762bbfc2.agent.plist

    com.mcafee.menulet.plist

    com.mcafee.reporter.plist

    com.motu.MOTULauncher.plist

    org.macosforge.xquartz.startx.plist

     

    /Library/LaunchDaemons:

    com.2a246b7c762bbfc2.daemon.plist

    com.2a246b7c762bbfc2.helper.plist

    com.adobe.fpsaud.plist

    com.anchorfree.ajaxserver.plist

    com.apple.aelwriter.plist

    com.apple.qmaster.qmasterd.plist

    com.bombich.ccchelper.plist

    com.mcafee.ssm.Eupdate.plist

    com.mcafee.ssm.ScanManager.plist

    com.mcafee.virusscan.fmpd.plist

    com.metakine.handsoff.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.taoeffect.ispyd.plist

    org.macosforge.xquartz.privileged_startx.plist

    org.tcpdump.chmod_bpf.plist

     

    /Library/PreferencePanes:

    Apple Qmaster.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    NIUSBAudio.prefPane

    OSXFUSE.prefPane

    Perian.prefPane

    RDUSB0096Pref.prefPane

    YAMAHA-USBMIDIPatch.prefPane

    Yamaha Steinberg USB.prefPane

     

    /Library/PrivateFrameworks:

    LLDB.framework

    SymIPS.framework

     

    /Library/PrivilegedHelperTools:

    com.bombich.ccchelper

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    LogicQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AC3MovieImport.component

    AppleHDVCodec.component

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    AppleProResCodec.component

    DVCPROHDCodec.component

    DVCPROHDMuxer.component

    DVCPROHDVideoDigitizer.component

    DVCPROHDVideoOutput.component

    DVCPROHDVideoOutputClock.component

    DVCPROHDVideoOutputCodec.component

    DesktopVideoOut.component

    FCP Uncompressed 422.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

    IMXCodec.component

    Perian.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    cma

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

     

    Library/Fonts:

     

    Library/Frameworks:

    EWSMac-GC.framework

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    .DS_Store

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.D820D739-A73E-49FB-AD7D-470 6B9086A88.plist

    com.spigot.SearchProtection.plist

    com.taoeffect.EspionageHelper.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    EspionageMenu.service

     

     

     

    Step 5 Output:

     

    None

  • by barrman1,

    barrman1 barrman1 Apr 14, 2015 11:45 AM in response to Linc Davis
    Level 1 (0 points)
    Apr 14, 2015 11:45 AM in response to Linc Davis

    Step 1 Output:

     

    com.metakine.handsoff.driver (2.3.3)

    com.taoeffect.ispy.kext (2.0.2)

    jp.co.roland.RDUSB0096Dev (1.0.0)

    com.mcafee.kext.Virex (1.1.0d1)

    com.anchorfree.tun (1.0.2)

     

     

     

    Step 2 Output:

     

    org.tcpdump.chmod_bpf

    org.macosforge.xquartz.privileged_startx

    com.taoeffect.ispyd

    com.metakine.handsoff.daemon

    com.mcafee.virusscan.fmpd

    com.mcafee.ssm.ScanManager

    com.mcafee.ssm.Eupdate

    com.bombich.ccchelper

    com.anchorfree.ajaxserver

    com.adobe.fpsaud

    com.v.helper

     

     

     

    Step 3 Output:

     

    org.macosforge.xquartz.startx

    com.mcafee.reporter

    com.mcafee.menulet

    com.v.agent

    com.taoeffect.EspionageHelper

    com.spigot.SearchProtection

     

     

     

    Step 4 Output:

     

    /Library/Components:

     

    /Library/Extensions:

    HandsOff.kext

     

    /Library/Frameworks:

    AECore.framework

    AEProfiling.framework

    AERegistration.framework

    AVEngine.framework

    AudioMixEngine.framework

    Compressor.framework

    DSPPublishing.framework

    EWSMac.framework

    FxPlug.framework

    MacFUSE.framework

    MacScanner.framework

    MediaServerAPI.framework

    NyxAudioAnalysis.framework

    OSXFUSE.framework

    PluginManager.framework

    ProMetadataSupport.framework

    Qmaster.framework

    ScanBooster.framework

    TSLicense.framework

    VirusScanPreferences.framework

    XSKey.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    JavaAppletPlugin.plugin

    PepperFlashPlayer

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

     

    /Library/Internet Plug-Ins (Disabled):

    .DS_Store

    Flash Player.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.2a246b7c762bbfc2.agent.plist

    com.mcafee.menulet.plist

    com.mcafee.reporter.plist

    com.motu.MOTULauncher.plist

    org.macosforge.xquartz.startx.plist

     

    /Library/LaunchDaemons:

    com.2a246b7c762bbfc2.daemon.plist

    com.2a246b7c762bbfc2.helper.plist

    com.adobe.fpsaud.plist

    com.anchorfree.ajaxserver.plist

    com.apple.aelwriter.plist

    com.apple.qmaster.qmasterd.plist

    com.bombich.ccchelper.plist

    com.mcafee.ssm.Eupdate.plist

    com.mcafee.ssm.ScanManager.plist

    com.mcafee.virusscan.fmpd.plist

    com.metakine.handsoff.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.taoeffect.ispyd.plist

    org.macosforge.xquartz.privileged_startx.plist

    org.tcpdump.chmod_bpf.plist

     

    /Library/PreferencePanes:

    Apple Qmaster.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    NIUSBAudio.prefPane

    OSXFUSE.prefPane

    Perian.prefPane

    RDUSB0096Pref.prefPane

    YAMAHA-USBMIDIPatch.prefPane

    Yamaha Steinberg USB.prefPane

     

    /Library/PrivateFrameworks:

    LLDB.framework

    SymIPS.framework

     

    /Library/PrivilegedHelperTools:

    com.bombich.ccchelper

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    LogicQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AC3MovieImport.component

    AppleHDVCodec.component

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    AppleProResCodec.component

    DVCPROHDCodec.component

    DVCPROHDMuxer.component

    DVCPROHDVideoDigitizer.component

    DVCPROHDVideoOutput.component

    DVCPROHDVideoOutputClock.component

    DVCPROHDVideoOutputCodec.component

    DesktopVideoOut.component

    FCP Uncompressed 422.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

    IMXCodec.component

    Perian.component

     

    /Library/ScriptingAdditions:

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

    cma

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

     

    Library/Fonts:

     

    Library/Frameworks:

    EWSMac-GC.framework

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

     

    Library/Keyboard Layouts:

     

    Library/LaunchAgents:

    .DS_Store

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.D820D739-A73E-49FB-AD7D-470 6B9086A88.plist

    com.spigot.SearchProtection.plist

    com.taoeffect.EspionageHelper.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    EspionageMenu.service

     

     

     

    Step 5 Output:

     

    None

  • by MadMacs0,

    MadMacs0 MadMacs0 Apr 14, 2015 12:46 PM in response to barrman1
    Level 5 (4,791 points)
    Apr 14, 2015 12:46 PM in response to barrman1

    Linc doesn't usually respond to "me too" requests and probably isn't even monitoring this old discussion. You will always be better off posting a new topic with a clear statement of the problem you are seeing, without jumping to the conclusion that you have some sort of spyware on your Mac and posting something that many of us cannot interpret for you.

     

    That being said you need to uninstall McAfee in accordance with theses developer's instructions and run AdwareMedic to get rid of the VSearch, Spigot and perhaps other adware you seem to have accidentally installed. You might be able to do this manually by following these instructions from Apple, but they are incomplete.

     

    What do you use Espionage from TaoEffect for?

  • by drazek73,

    drazek73 drazek73 Sep 10, 2015 3:51 PM in response to Linc Davis
    Level 1 (0 points)
    Sep 10, 2015 3:51 PM in response to Linc Davis

    appreciate the help Linc

     

    drazeks-MacBook-Pro-2:~ drazek$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    drazeks-MacBook-Pro-2:~ drazek$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

    com.adobe.versioncueCS4

    com.microsoft.office.licensing.helper

    com.google.keystone.daemon

    com.oracle.java.Helper-Tool

    com.adobe.fpsaud

    drazeks-MacBook-Pro-2:~ drazek$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.google.Chrome.92332

    com.adobe.CS4ServiceManager

    org.mozilla.firefox.49164

    jp.co.canon.cijscannerregister.86368

    com.microsoft.Word.56832

    com.google.keystone.system.agent

    com.jdibackup.ZipCloud.autostart

    com.oracle.java.Java-Updater

    com.getdropbox.dropbox.80120

    com.rpatechnology.mobilemouse.61944

    com.jdibackup.ZipCloud.notify

    com.adobe.dreamweaver-10.0.40360

    com.divx.update.agent

    com.microsoft.autoupdate.fba.86652

    com.divx.dms.agent

    drazeks-MacBook-Pro-2:~ drazek$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Components:

     

    /Library/Extensions:

    ACS6x.kext

    ATTOCelerityFC8.kext

    ATTOExpressSASHBA2.kext

    ATTOExpressSASRAID2.kext

    ArcMSR.kext

    CalDigitHDProDrv.kext

    EPSONUSBPrintClass.kext

    HighPointIOP.kext

    HighPointRR.kext

    PromiseSTEX.kext

    SoftRAID.kext

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    DivX Toolkit.framework

    DivXInstallerUtilities.framework

    EWSMac.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    TSLicense.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    Default Browser.plugin

    DivX Web Player.plugin

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    Flip4Mac WMV Plugin.webplugin

    JavaAppletPlugin.plugin

    LogitechHarmony.plugin

    OVSHelper.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    SharePointBrowserPlugin.plugin

    SharePointWebKitPlugin.webplugin

    Silverlight.plugin

    SnagitSafariScroller.webplugin

    flashplayer.xpt

    googletalkbrowserplugin.plugin

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

    o1dbrowserplugin.plugin

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.adobe.CS4ServiceManager.plist

    com.divx.dms.agent.plist

    com.divx.update.agent.plist

    com.google.keystone.agent.plist

    com.oracle.java.Java-Updater.plist

     

    /Library/LaunchDaemons:

    com.adobe.fpsaud.plist

    com.adobe.versioncueCS4.plist

    com.google.keystone.daemon.plist

    com.microsoft.office.licensing.helper.plist

    com.oracle.java.Helper-Tool.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    JavaControlPanel.prefPane

    VersionCueCS4.prefPane

     

    /Library/PrivilegedHelperTools:

    com.microsoft.office.licensing.helper

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iBooksAuthor.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    iBooksAuthor.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

     

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    Library/Fonts:

    eurof35.ttf

    eurof36.ttf

    eurof55.ttf

    eurof56.ttf

    eurof75.ttf

    eurof76.ttf

     

    Library/Frameworks:

    EWSMac.framework

     

    Library/Input Methods:

    .localized

     

    Library/Internet Plug-Ins:

    CitrixOnlineWebDeploymentPlugin.plugin

    ZoomUsPlugIn.plugin

     

    Library/Keyboard Layouts:

     

    Library/LanguageModeling:

    da-dynamic.lm

    de-dynamic.lm

    en-dynamic.lm

    es-dynamic.lm

    fr-dynamic.lm

    it-dynamic.lm

    nb-dynamic.lm

    nl-dynamic.lm

    pt-dynamic.lm

    sv-dynamic.lm

    tr-dynamic.lm

     

    Library/LaunchAgents:

    com.apple.CSConfigDotMacCert-email@hidden-SharedServices.Agent.plist

    com.apple.FolderActions.enabled.plist

    com.apple.FolderActions.folders.plist

    com.jdibackup.ZipCloud.autostart.plist

    com.jdibackup.ZipCloud.notify.plist

     

    Library/PreferencePanes:

     

    Library/Services:

    .localized

    drazeks-MacBook-Pro-2:~ drazek$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Mobile Mouse Server, BitTorrent, Dropbox, Google Chrome

    drazeks-MacBook-Pro-2:~ drazek$

  • by MadMacs0,

    MadMacs0 MadMacs0 Sep 10, 2015 4:41 PM in response to drazek73
    Level 5 (4,791 points)
    Sep 10, 2015 4:41 PM in response to drazek73

    Linc doesn't usually respond to "me too" requests and probably isn't even monitoring this very old discussion. You will always be better off posting a new topic with a clear statement of the problem you are seeing, without jumping to the conclusion that you have some sort of spyware on your Mac and posting something that many of us cannot interpret for you.

  • by drazek73,

    drazek73 drazek73 Sep 14, 2015 9:47 AM in response to MadMacs0
    Level 1 (0 points)
    Sep 14, 2015 9:47 AM in response to MadMacs0

    Thank you for your reply MadMacs.  I did post it under a new thread as well.

     

    detect key logger, screen capture, spyware on mac @linc davis

     

    It would be great to know how to interpret these findings.  It was from this thread's Lincs reply giving instructions how to generate them. 

  • by MadMacs0,

    MadMacs0 MadMacs0 Sep 14, 2015 2:36 PM in response to drazek73
    Level 5 (4,791 points)
    Sep 14, 2015 2:36 PM in response to drazek73

    drazek73 wrote:

     

    It would be great to know how to interpret these findings.

    I should have mentioned that Linc often changes his diagnostics either to get different information or to adapt to a new OS.  That's why I suggested you not post them until asked. 

  • by drazek73,

    drazek73 drazek73 Sep 15, 2015 9:51 AM in response to MadMacs0
    Level 1 (0 points)
    Sep 15, 2015 9:51 AM in response to MadMacs0

    so how do you get help here?  I did start a new thread.  I also run macsan (nothing found), little snitch has some outgoing nmdb process with IP Address: 192.168.32.1 .. otherwise i'm not finding anything

     

    https://discussions.apple.com/thread/7212631

  • by MadMacs0,

    MadMacs0 MadMacs0 Sep 15, 2015 10:15 AM in response to drazek73
    Level 5 (4,791 points)
    Sep 15, 2015 10:15 AM in response to drazek73

    drazek73 wrote:

     

    so how do you get help here?  I did start a new thread.

    As I told you before, start a new thread with a clear and detailed explanation of the problem without posting a diagnostic that nobody but Linc would understand.  What are you seeing that would lead you to believe you have spyware? Did somebody gain physical access to your computer or did you allow them to through sharing?

  • by drazek73,

    drazek73 drazek73 Sep 15, 2015 2:43 PM in response to MadMacs0
    Level 1 (0 points)
    Sep 15, 2015 2:43 PM in response to MadMacs0

    there was no physical access that i'm aware of .. i don't want to explain who/what competitor/business partner knows what they shouldn't b/c it's irrelevant

     

    bottom line is, we're looking for ways to scan and eliminate any possibility of keyloggers or screen recorders on our network

     

    is there a software out there to accomplish this?

     

    i can start a new thread or add to the one I already started if that helps

first Previous Page 3 of 5 last Next