How can I detect a RAT virus on my MAC

You really can't because anything like that would likely require or somehow gain access to your Admin password and likely install itself in the best possible location possible, in EFI as firmware program.

EFI is a software firmware that loads before OS X or Windows loads and sits right between the hardware firmware and any operating system, can access the boot drive, record keystrokes and communicate over the Internet without you or the operating system even knowing about it.

EFI resides in it's own hidden partition on the boot drive and survives despite the operating system being reinstalled.

Far as I know there is nothing that can verify if the contents of EFI are legitimate or not, if you suspect you installed something from a untrustworthy source and noticing unusual network traffic despite having eliminated all other possibilities, you might be RATTED.

If you have another Mac, you can install KisMAC and enable the passive driver in preferences and watch the network traffic between your suspected Mac and the wifi router. RAT network activity should be rather high when your not doing jack squat with the suspected machine.

The only solution to this is a complete drive reformat or replacement from Internet Recovery, however if it's got in that deep it's likely to be tainted even Internet Recovery, as I believe that's hardware firmware based which is susceptible to unwanted change. You'll have to take your chances, but if your machine boots from the older Snow Leopard disks, then I would start from there and work back up to 10.8 agian that way.

There is keyboard and battery firmware that also can be changed by malware, however supposedly it's so small that not much can be placed there and reinfect a cleaned system.

We only know about OS X malware if it makes enough copies it draws the attention of security researchers, limited targeted attacks on users is rather trivial task.

The short answer is, you can't. The only way to be sure your system hasn't been tampered with is to erase the boot volume, reinstall the OS, restore only your documents from a backup, and reinstall all other software from known-good copies or fresh downloads.

That said, you can easily check to see whether any services such as Screen Sharing are enabled in the Sharing preference pane.

I'm not sure I understand the reasons that you're asking about this. Are you actually having a problem, or just trying to learn about security? If the former, what are the symptoms of that problem?

It sounds like you're worried that something may have gotten onto your machine on its own. If that's the case, you're undoubtedly worrying yourself about nothing. See my Mac Malware Guide for the reasons why, and to learn how to protect yourself against malware.

If you believe that someone maliicious has had access to your computer, I would agree with Linc... the only way to be sure of eanything is to erase the hard drive completely, reinstall the system, and import nothing from backup except personal documents in a very controlled fashion.

No, proactively trying to prevent such an occurrence.

There is intrusion detection software called Snort, however you have to very familiar with using the command line (Terminal) and understand computers, there is no graphical user interface so it's not designed to be easy.

Of course it won't do jack diddle if the machine is already compromised, it would have to be installed after erasing everything and starting off with fresh sources of software.

http://www.snort.org/

one can not be over cautious when it comes to security...and it seems that there are a lot of nosey people out there.

Agreed, best thing is to appear uninteresting, don't draw attention with alarming searches or site visits.

When you use the machine, assume someone is watching because they are certainly recording everything if they ever need to look later on.

Never put anything into or do anything on the machine you don't want anyone knowing about.

As we all have learned, technology is a rat fink. It's reporting our location, it's showing them who all our friends are, and their friends, and all their friends and where they are at and all their past locations.

For the best peace of mind, the thing to do is throw the technology away and not use it. It can't rat on you if it doesn't know anything or isn't being used.

If this makes you comfortable, by then all means do so, because companies like Apple and others are only going to add more spyware disguised as a new feature each and every time.

http://www.wired.com/gadgetlab/2011/04/apple-iphone-tracking/

The one thing that is most likely to get you into trouble is paranoia of the kind that you see in homeless people pushing a shopping cart on the street and muttering angrily to themselves.

Try the application called little snitch (3.3.x) for Maverick, it works on older versions of X too, I've been using it for years. You will be surprised how many apps access your internet and local network. That is how I keep an eye out for suspicious activity, that way if there is a RAT on my system I will detect outgoing data connections. The only way any data can be retrieve from my system is with local access or if I allow little snitch to allow the traffic. Now if you have someone with local access you have more trouble and that is a different discussion. best of luck.

Hey, ds store.

You seem to be quite knowledgable. I'd like to ask you a question. I hope this is not an annoyance.

My problem:

My mid-2013 MacBook Air does seem to be hijacked via a RAT or similar. I've deduced this because of several symptomatic problems that reoccur despite entirely erasing the hard-drive. These problems include "typing on its own", "deleted files", and "altered system preferences". It is as though someone is having a row, or a power-trip, tweaking files and OS settings. Furthermore, I'm afraid that these problems occurred when the laptop was given to repair-technicians for over two days.

My question:

Can the laptop be salvaged somehow?

Thank you for any help.

(You could imagine how frustrating it would be to edit any written work, to then discover 'impossible' typos, and re-edit the writing again and again, indefinitely. I've practically ceased my creative life due to the loss of my digital tools!)

WE got our rat playing heavily modded mineCraft. Java is like an undergrad beer party, lots of fun to be had, but ****, you can catch some nasty stuff from some of the most fun people there. If you stay in the App Store, and only download from known developers (don't drink at parties, or date boys who drink or smoke anything, always insist on a condom, had a yada -). You know how to keep yourself safe. I just hate the blame the victim mentality. I say well, yeah, me and the kids played a lot of heavily modded mine craft, all kinds, there's a lot of creative stuff out there, and people nod sagely and say well, Macintosh is completely safe if you don't act like a computer hussy and go around with those sorts of programs.