mac.backdoor.iworm

Linc,

I ran the test...here are my results...not very computer literate, but i think i have some issues based on what i have been witnessing and the results...I think whatever i have, it has control of my system...can you help me...

Start time: 20:20:13 10/09/14

Model Identifier: MacBookPro6,2

Memory: 2 GB

System Version: OS X 10.9.5 (13F34)

Kernel Version: Darwin 13.4.0

Time since boot: 1:14

SATA

Hitachi

System load

combined level = Bad

- battery level = Bad

FileVault: On

Diagnostic reports

2014-10-07 Activity Monitor crash

2014-10-08 Microsoft Excel hang x2

2014-10-08 TextEdit hang

2014-10-09 Mail hang

2014-10-09 MemeodHelper crash

2014-10-09 info crash x2

Log

Oct 8 22:45:23 CoreStorageFamily::unlockVEKs() failed to unwrap the vek, status = e00002bc

Oct 8 23:11:44 CoreStorageFamily::unlockVEKs() failed to unwrap the vek, status = e00002bc

Oct 9 00:09:45 CoreStorageFamily::unlockVEKs() failed to unwrap the vek, status = e00002bc

Oct 9 00:09:45 CoreStorageFamily::unlockVEKs() failed to unwrap the vek, status = e00002bc

Oct 9 00:44:20 process backupd[1071] caught causing excessive wakeups. Observed wakeups rate (per sec): 159; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 48362

Oct 9 01:51:06 MacAuthEvent en1 Auth result for: 40 unknown auth fail = 112

Oct 9 01:51:09 MacAuthEvent en1 Auth result for: 40 unknown auth fail = 112

Oct 9 01:51:49 MacAuthEvent en1 Auth result for: 40 unknown auth fail = 112

Oct 9 01:51:52 MacAuthEvent en1 Auth result for: 40 unknown auth fail = 112

Oct 9 01:52:09 MacAuthEvent en1 Auth result for: 40 unknown auth fail = 112

Oct 9 01:52:11 MacAuthEvent en1 Auth result for: 40 unknown auth fail = 112

Oct 9 02:10:28 CoreStorageFamily::unlockVEKs() failed to unwrap the vek, status = e00002bc

Oct 9 02:10:28 CoreStorageFamily::unlockVEKs() failed to unwrap the vek, status = e00002bc

Oct 9 02:14:53 SAM Multimedia: READ or WRITE failed, SENSE_KEY = 0x05, ASC = 0x24, ASCQ = 0x00

Oct 9 02:14:53 SAM Multimedia: READ or WRITE failed, SENSE_KEY = 0x05, ASC = 0x24, ASCQ = 0x00

Oct 9 02:14:53 SAM Multimedia: READ or WRITE failed, SENSE_KEY = 0x05, ASC = 0x24, ASCQ = 0x00

Oct 9 02:14:53 SAM Multimedia: READ or WRITE failed, SENSE_KEY = 0x05, ASC = 0x24, ASCQ = 0x00

Oct 9 02:14:53 SAM Multimedia: READ or WRITE failed, SENSE_KEY = 0x05, ASC = 0x24, ASCQ = 0x00

Oct 9 14:06:29 process Finder[178] thread 1738 caught burning CPU! It used more than 50% CPU (Actual recent usage: 62%) over 180 seconds. thread lifetime cpu usage 108.625839 seconds, (105.924634 user, 2.701205 system) ledger info: balance: 90001358902 credit: 108412347810 debit: 18410988908 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 143697275006

Oct 9 14:42:01 process Preview[508] caught causing excessive wakeups. Observed wakeups rate (per sec): 287; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 54222

Oct 9 14:44:49 process WindowServer[118] caught causing excessive wakeups. Observed wakeups rate (per sec): 159; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 201565

Oct 9 18:44:37 wl0: Beacon Loss Event

Oct 9 18:45:03 directed SSID scan fail

Oct 9 18:45:08 directed SSID scan fail

Oct 9 18:45:17 directed SSID scan fail

Daemons

com.adobe.fpsaud

Agents

com.macpaw.CleanMyMac2Helper.trashWatcher

com.macpaw.CleanMyMac2Helper.scheduledScan

com.macpaw.CleanMyMac2Helper.diskSpaceWatcher

launchd

/Library/LaunchDaemons/com.adobe.fpsaud.plist

- com.adobe.fpsaud

Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist

- com.macpaw.CleanMyMac2Helper.diskSpaceWatcher

Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.scheduledScan.plist

- com.macpaw.CleanMyMac2Helper.scheduledScan

Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.plist

- com.macpaw.CleanMyMac2Helper.trashWatcher

Bundles

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

Contents of /System/Library/LaunchDaemons/com.apple.rpmuxd.plist (Apple binary property list)

bplist00” \MachServices_ ProgramArgumentsULabel— _ com.apple.rpmuxd ° _ /usr/libexec/rpmuxd /58KLN

Font issues: 35

Firewall: On

DNS: 208.67.222.222 (static)

User login items

OpenDNS Updater

- /Applications/OpenDNS Updater.app

Restricted files: 54

Elapsed time (s): 282

by the way...i got rid of all the programs loaded of the web by my kids...MacCleaner, Adobe etc...so why are they still showing up...It looks like I have a ton of files and i get the feeling that whatever has infected our computer is grabbing mail, contacts, other files and sending them to a remote server, then it deletes the files...In essence I think the hackers are doing whatever they want and have set up many rules that mask their identity and what their doing...here's a few things i found messing around through some odd folders (that were all locked if that is relevant) that seem sketchy...again not computer guy, just intuition ;

here is a screen shot of some of my launch agents...test results showed a bunch of stuff for com.macpaw.CleanMyMac2Helper, but I can't find anything lil ethat in my launch agent folders.

I believe you are wasting your time here. Linc normally doesn't respond to "me too requests" and may not even be monitoring this discussion any more.

You didn't describe your problem or why you came to this discussion. That is something you must always start with in the forum so that we have some clue on what issue you are trying to solve.

If you are simply checking to see if you have been infected by the iWorm Trojan/Backdoor then the only test you need to make is outlined here Dr. Web announces new “iWorm” malware. That other information is no longer needed. If you don't see that file and that folder, then you have not been infected and need to start a new discussion.

That's just the way this forum works best.