User profile for user: dn-oneup
dn-oneup Author
User level: Level 1
0 points

Request for key-logger check -- followed instructions from old threads

Hi everyone,


This is my first post on this site. I've become worried about malware installed on my computer (credit card info was stolen last week). After reading several related posts I am hopeful that I don't actually have a key-logger installed on my computer (since I don't think anyone around me installed malicious software, and it seems unlikely a website could install it without my consent), but I would like to be sure.


I have followed instructions posted by Linc, and generated this output in terminal:


--------Terminal output--------


Test 1 output:


Test 2 output:



com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.adobe.fpsaud



Test 3 output:


com.google.keystone.system.agent

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

com.adobe.AAM.Scheduler-1.0


Test 4 output:


/Library/Components:


/Library/Extensions:


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

Python.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

AmazonMP3DownloaderPlugin101736.plugin

CitrixICAClientPlugIn.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Mathematica.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

googletalkbrowserplugin.plugin

npgtpo3dautoplugin.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin


/Library/Keyboard Layouts:


/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.google.keystone.agent.plist


/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.apple.remotepairtool.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist


/Library/PreferencePanes:

Flash Player.prefPane

TeXDistPrefPane.prefPane


/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper


/Library/QuickLook:

iWork.qlgenerator


/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component


/Library/ScriptingAdditions:


/Library/Spotlight:

Microsoft Office.mdimporter

Wolfram Notebook.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:


Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle


Library/Fonts:


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

.DS_Store

Google Earth Web Plug-in.plugin

WebEx64.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.3D2FB447-CF7A-4D6C-B796-C91 08A0F0174.plist


Library/PreferencePanes:


Test 5 output:


iTunesHelper, Dropbox, AdobeResourceSynchronizer, Popup


--------end Terminal output--------


I've found several other threads with different suggestions for rooting out and eliminating key-loggers. Is this step (above) sufficient, or is there more I should do? I just read stuff on the flashback virus (on this forum) and followed some Terminal prompts. I don't think I have it, but I do think I'm getting paranoid now.


Thanks

MacBook Pro (13-inch Early 2011), OS is 10.7.5

Posted on Oct 8, 2013 12:52 AM

Reply
3 replies
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Oct 8, 2013 2:43 AM in response to dn-oneup

There are many, many possible ways for your credit card number to get stolen. Malware on your Mac, while possible, is the most unlikely. So unlikely that I would not consider it without a good reason.


As to the question of how to detect a keylogger... that's very difficult. You can detect known malware fairly easily, with a good anti-virus program. However, no current Mac malware incorporates a keylogger. Most includes a backdoor of some kind, which could be used by a hacker to install a keylogger remotely, if you were infected. Alternately, someone malicious with physical access to your computer could also install a keylogger.


Here's the issue... when you have someone consciously installing a keylogger on your machine, you can't really ever be sure you've detected it. It could be disguised as something legit. It could even replace a system component. Someone with a lot of experience might be able to locate the keylogger, using various methods. You could try to install something like Little Snitch, to intercept any transmissions that software might make... but if someone's already got a backdoor (or physical access) allowing them to install a keylogger, what's to stop them from disabling Little Snitch?


Bottom line, there's really no reason to believe you have a keylogger on your Mac. However, if you should, at some point in the future, become convinced that you have a keylogger, the only true solution will be to erase the hard drive and reinstall everything from scratch.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Request for key-logger check -- followed instructions from old threads

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up