Typical name for key logger in Activity Monitor?

Question

Level 1

8 points

Typical name for key logger in Activity Monitor?

I think my Macbook Pro with Mountain Lion 10.8.3 might have a keylogger.

Can anyone please tell me some typical names of key logger in the Activity Monitor?

Also I could provide screen shots of my Activity Monitor if you guys think it would be helpful.

Another thing is, I ran a scan with the Sophos AV software and it showed no threats, but I researched and saw that Sophos for Mac isn't designed to detect keyloggers for Mac. Can you guys please suggest me some good FREE Mac AV that could detect keyloggers?

Thank you guys so much!!!

MacBook Pro (15-inch Late 2011), OS X Mountain Lion (10.8.3)

Posted on Jun 3, 2013 1:23 PM

Reply

Answer 1

ds store

Level 7

30,855 points

Jun 3, 2013 2:18 PM in response to Henry Jz Liu

I find none of your current processes identified with any known keylogger/malware for Mac's

You are running QQplatform

A threat with the same name exists for Windows

http://www.threatexpert.com/files/qqplatform.exe.html

If you know what this is then it appears to be fine to me.

It seems your dealing with Chinese language and possible the China Government so anything is technically possible.

Don't rely upon my information as being any way accurate or risk your life on it.

Reply

Answer 2

ds store

Level 7

30,855 points

Jun 3, 2013 1:42 PM in response to Henry Jz Liu

Open Terminal from the Applications/Utilities folder and paste this command followed by the enter/return

ps -A >~/Desktop/process.txt

Then double click on it to open it in text edit and select all and copy and paste here

Reply

Answer 3

Henry Jz Liu Author

Level 1

8 points

Jun 3, 2013 1:51 PM in response to ds store

PID TTY TIME CMD

1 ?? 0:06.36 /sbin/launchd

11 ?? 0:00.33 /usr/libexec/UserEventAgent (System)

12 ?? 0:00.51 /usr/libexec/kextd

14 ?? 0:00.72 /usr/sbin/notifyd

15 ?? 0:00.17 /usr/sbin/diskarbitrationd

16 ?? 0:02.32 /usr/libexec/configd

19 ?? 0:00.14 /usr/libexec/warmd

20 ?? 0:00.53 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/u sbmuxd -launchd

22 ?? 0:00.98 /usr/sbin/syslogd

24 ?? 0:00.04 /usr/libexec/stackshot -t

26 ?? 0:01.46 /usr/sbin/securityd -i

28 ?? 0:05.90 /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Supp ort/revisiond

29 ?? 0:01.42 /System/Library/CoreServices/powerd.bundle/powerd

32 ?? 0:05.45 /usr/libexec/opendirectoryd

35 ?? 0:01.16 /System/Library/CoreServices/backupd.bundle/Contents/Resources/mtmfs --tcp --resvport --listen localhost --oneshot --noportmap --nobrowse

36 ?? 0:04.73 /System/Library/CoreServices/backupd.bundle/Contents/Resources/mtmd

37 ?? 0:38.46 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Support/mds

38 ?? 0:01.42 /usr/sbin/mDNSResponder -launchd

41 ?? 0:04.49 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console

42 ?? 0:00.21 /usr/libexec/locationd

43 ?? 0:00.04 /usr/sbin/KernelEventAgent

45 ?? 0:02.48 /usr/libexec/hidd

46 ?? 0:04.20 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/Support/fseventsd

48 ?? 0:00.01 /sbin/dynamic_pager -F /private/var/vm/swapfile

51 ?? 0:00.13 /System/Library/CoreServices/appleeventsd --server

54 ?? 0:00.23 /usr/sbin/blued

55 ?? 0:00.12 /usr/sbin/awacsd

56 ?? 0:00.04 autofsd

57 ?? 0:00.58 /System/Library/PrivateFrameworks/ApplePushService.framework/apsd

61 ?? 0:00.43 /usr/sbin/distnoted daemon

62 ?? 0:02.60 /System/Library/CoreServices/coreservicesd

80 ?? 2:57.86 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphic s.framework/Resources/WindowServer -daemon

81 ?? 0:02.70 /usr/sbin/netbiosd

82 ?? 0:00.17 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer

102 ?? 0:00.17 /usr/libexec/networkd

114 ?? 0:00.02 /System/Library/CoreServices/logind

125 ?? 1:34.48 /usr/sbin/coreaudiod

130 ?? 0:00.41 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift

131 ?? 0:00.02 /usr/sbin/cron

134 ?? 0:00.29 /usr/sbin/aosnotifyd

135 ?? 0:03.47 /usr/libexec/ApplicationFirewall/socketfilterfw

159 ?? 0:00.80 /sbin/launchd

161 ?? 0:01.32 /usr/sbin/cfprefsd agent

167 ?? 0:01.63 /usr/libexec/UserEventAgent (Aqua)

168 ?? 0:04.20 /usr/sbin/distnoted agent

175 ?? 0:00.01 /usr/sbin/pboard

177 ?? 0:00.52 /System/Library/CoreServices/talagent

178 ?? 0:17.74 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock

179 ?? 0:07.43 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer

180 ?? 0:13.81 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder

185 ?? 0:00.28 /usr/sbin/usernoted

186 ?? 0:01.23 /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/st oreagent

191 ?? 0:00.09 /System/Library/CoreServices/NetworkBrowserAgent

193 ?? 0:00.06 /usr/sbin/filecoordinationd

194 ?? 0:01.54 /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app/Conte nts/MacOS/PhotoStreamAgent

201 ?? 0:00.99 /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/Notification Center

205 ?? 0:00.50 /System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/i magent

214 ?? 0:01.25 /Library/Application Support/Razer/RzDeviceEngine.app/Contents/MacOS/RzDeviceEngine

215 ?? 0:01.85 /Library/Application Support/Razer/RzUpdater.app/Contents/MacOS/RzUpdater

218 ?? 0:00.51 /System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/TISwitcher.app/Contents/MacOS/TISw itcher

220 ?? 0:01.79 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/fontd

226 ?? 0:00.72 /Library/Input Methods/SogouInput.app/Contents/SogouServices

228 ?? 0:00.48 /Applications/lockmenow.app/Contents/MacOS/lockmenow -psn_0_77843

231 ?? 0:00.17 /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app/Contents/MacOS/iTunesH elper -psn_0_86037

233 ?? 0:00.08 /usr/libexec/lsboxd

235 ?? 0:00.34 /usr/libexec/syspolicyd

238 ?? 0:00.09 /System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent

240 ?? 0:07.32 /Library/Input Methods/SogouInput.app/Contents/MacOS/SogouInput

242 ?? 0:00.79 com.apple.dock.extra

274 ?? 0:00.63 /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell -psn_0_172074

287 ?? 0:02.89 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient

303 ?? 0:02.72 /System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarA gent

308 ?? 0:00.63 /usr/libexec/xpcd

314 ?? 0:00.01 /System/Library/CoreServices/SleepServicesD

315 ?? 0:00.43 /usr/sbin/cfprefsd daemon

319 ?? 0:00.07 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

325 ?? 0:00.08 /usr/libexec/xpcd

326 ?? 0:00.03 com.apple.audio.SandboxHelper

334 ?? 0:00.03 /sbin/launchd

337 ?? 0:00.05 /usr/sbin/distnoted agent

338 ?? 0:00.04 /usr/sbin/cfprefsd agent

340 ?? 0:00.57 /System/Library/CoreServices/pbs

412 ?? 0:00.55 /usr/sbin/ocspd

460 ?? 0:00.01 /sbin/launchd

462 ?? 0:00.01 /usr/sbin/cfprefsd agent

556 ?? 0:00.04 /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd

1662 ?? 0:27.29 /Applications/Safari.app/Contents/MacOS/Safari -psn_0_344148

1674 ?? 0:02.60 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared

1677 ?? 0:00.59 /System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/cookied

1682 ?? 0:00.05 /System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd

1694 ?? 0:00.15 /usr/libexec/taskgated -s

1697 ?? 0:00.08 /usr/libexec/librariand

1698 ?? 0:05.97 /System/Library/PrivateFrameworks/Ubiquity.framework/Versions/A/Support/ubd

1699 ?? 0:00.02 /System/Library/CoreServices/AppleIDAuthAgent

1723 ?? 0:00.18 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 1

1725 ?? 0:06.97 /Applications/Utilities/Activity Monitor.app/Contents/MacOS/Activity Monitor -psn_0_426088

1727 ?? 0:02.92 /usr/libexec/activitymonitord

1736 ?? 0:00.28 /Applications/QQ.app/Contents/Library/LoginItems/QQPlatform.app/Contents/MacOS/ QQPlatform

1737 ?? 0:03.14 /Applications/QQ.app/Contents/Library/LoginItems/ScreenCapture.app/Contents/Mac OS/ScreenCapture

1740 ?? 0:00.06 com.apple.hiservices-xpcservice

1743 ?? 0:00.39 /System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Content s/MacOS/quicklookd

1744 ?? 0:06.22 /Applications/Mail.app/Contents/MacOS/Mail -psn_0_458864

1747 ?? 0:00.14 com.apple.iCloudHelper

1749 ?? 0:00.03 com.apple.hiservices-xpcservice

1753 ?? 0:07.56 /System/Library/StagedFrameworks/Safari/WebKit2.framework/WebProcess.app/Conten ts/MacOS/WebProcess /System/Library/StagedFrameworks/Safari/WebKit2.framework/WebKit2 -type webprocess -servicename com.apple.WebKit.WebProcess-1662-0x11db50500 -localization zh_CN

1754 ?? 0:00.29 /System/Library/StagedFrameworks/Safari/WebKit2.framework/PluginProcess.app/*** tents/MacOS/PluginProcess /System/Library/StagedFrameworks/Safari/WebKit2.framework/WebKit2 -type pluginprocess -servicename com.apple.WebKit.WebProcess-1662-0x11df26348 -localization zh_CN

1756 ?? 0:02.11 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn_0_475252

1762 ?? 0:00.05 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared

1764 ?? 0:00.28 com.apple.quicklook.satellite

1776 ?? 0:00.19 /System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaults d

1777 ttys000 0:00.03 login -pf liujiazhou

1778 ttys000 0:00.01 -bash

1781 ttys000 0:00.00 ps -A

Reply

Answer 4

ds store

Level 7

30,855 points

Jun 3, 2013 4:21 PM in response to Henry Jz Liu

Apple has anti-malware installed in all 10.6.8 and later OS X versions, there is the free ClamXav and you already have Sopho's to detect what's in major circulation and widespread.

There is nothing that can detect a targeted threat with rarely circulated/used malicious software.

There is no OS X intrusion protection system for new threats, if your that paranoid, wipe the entire machine from the Internet Recovery and start off with all new fresh and verified sources of software.

Apple is taking the route that AppStore is the source of non-malicous software, rather than identifying rouge behavior and notifying the user and Apple, which I think is a better method.

Guess the spooks can't install monitoring software if Apple did that.

Reply

Answer 5

MadMacs0

Level 5

5,233 points

Jun 3, 2013 6:42 PM in response to Henry Jz Liu

I realize you consider this solved, but I can provide you with a bit more information.

Henry Jz Liu wrote:

I think my Macbook Pro with Mountain Lion 10.8.3 might have a keylogger.

What makes you think that?

Can anyone please tell me some typical names of key logger in the Activity Monitor?

The only list I'm aware of is MacScan's Spyware List.

Another thing is, I ran a scan with the Sophos AV software and it showed no threats, but I researched and saw that Sophos for Mac isn't designed to detect keyloggers for Mac. Can you guys please suggest me some good FREE Mac AV that could detect keyloggers?

Since all known keyloggers are either commercial apps or "hacks" that require physical access to the computer or via local network with sharing turned on, none are considered to be malware. Only MacScan is designed to detect the ones on the above list. It isn't free, but you can run it in demo mode. Be advised that it is prone to false alarms so make certain anything it finds is actually what it says it is and also that it does not perform well when scanning for OS X malware.

As ds store observed, it's possible you are dealing with something new and unknown here, so if you do stumble across anything suspicious, don't hesitate to come back and share your findings.

Reply

Answer 6

Henry Jz Liu Author

Level 1

8 points

Jun 3, 2013 9:32 PM in response to MadMacs0

What makes me think there might be a keylogger?

A: A random guy told me to go to this website link, it's obviously a scam or something. However I still proceeded to the website. Safari did not successfully load the webpage though, even when I tried several times. I just want to make sure that my computer is safe after this.

Reply

Answer 7

MadMacs0

Level 5

5,233 points

Jun 3, 2013 10:53 PM in response to Henry Jz Liu

In that case there are only two things you currently need to do to protect yourself going forward.

Make sure you keep your OS X fully up-to-date, especially with security and Java updates.

Keep Java (not JavaScript) disabled in all your browsers unless you must visit a trusted site that requires it. Java will now let you manage the sites you trust, which gives you a bit more flexability.

Reply

Answer 8

Henry Jz Liu Author

Level 1

8 points

Jun 3, 2013 4:03 PM in response to ds store

Thank you so much for your time and patience! So can you recommend me some free anti virus apps that could detect key loggers on Mac?

Reply

Answer 9

Henry Jz Liu Author

Level 1

8 points

Jun 3, 2013 4:59 PM in response to ds store

Thank you!

Reply