Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

My macbook pro has been hacked

I have a strong suspicion that my Macbook has been hacked. I have had several incidences like disabled keyboard shorcuts, cursor and keyboard also disabled processes and screen without blocked, change permissions on files, DNS deleted from a VPN service, etc.

I have twice formatted with clean installation of Yosemite. I have used several security tools like Little Snitch and scanner Virus like ClamXav, Avast, Virus Barrier and the last Bitdefender which have not found nothing important. Despite this the incidences are happening.

I have disabled all share services and I have activated the firewall with "Block all incoming connections".

I have two users: administrator and standard for daily tasks also I have strong passwords for logins and disabled root user in the accounts.

I use wifi with other people and share files in dropbox for working. I think that a trojan can be the cause what perhaps allowing remote control.

I have checked the logs and I only have found something that I don't know is common behavior about screen sharing service (I copy this below).

I need help, any ideas are appreciated.

Thanks.

(I have a Macbook Pro 15" 2011 and Yosemite 10.10.4)

_netbios[971]: End script: disable_screensharing

_netbios[989]: Begin script: enable_screensharing

_netbios[992]: End script: enable_screensharing

_netbios[1100]: Begin script: removeFirewallForScreensharingd

_netbios[1103]: End script: removeFirewallForScreensharingd


MacBook Pro (15-inch Late 2011), OS X Yosemite (10.10.4), null

Posted on Jul 5, 2015 3:23 AM

Reply
3 replies

Jul 5, 2015 3:57 AM in response to Rush__

None of what you describe is indicative of hacking or malware. It's very unlikely that you have malware or have been hacked. You probably have something else going on, but I don't understand your symptoms well enough to begin to guess what that might be. As a start, please describe the symptoms in more detail, and don't say things like "disabled processes" and "screen without blocked," because I don't understand what those things mean. What processes are disabled, and how are you determining that they are disabled? What are you seeing happen with the screen? Be sure you're describing things specifically, in a way that anyone will be able to understand without actually being able to see it.


I'd also recommend downloading a copy of EtreCheck:


http://etrecheck.com


Run that and post a copy of the report it generates. That will give us more information about what's going on with your system.

Jul 5, 2015 4:35 AM in response to thomas_r.

Thank you for your response thomas_r.

It's difficult for me because the language. Bellow a copy of the report of EtreCheck

EtreCheck version: 2.2 (132)

Report generated 7/5/15, 1:24 PM

Download EtreCheck from http://etresoft.com/etrecheck


Click the [Click for support] links for help with non-Apple products.

Click the [Click for details] links for more information about that line.


Hardware Information: ℹ️

MacBook Pro (15-inch, Late 2011) (Technical Specifications)

MacBook Pro - model: MacBookPro8,2

1 2.4 GHz Intel Core i7 CPU: 4-core

16 GB RAM Upgradeable

BANK 0/DIMM0

8 GB DDR3 1333 MHz ok

BANK 1/DIMM0

8 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 102 - SN = D86145401CYDGDLAQ


Video Information: ℹ️

Intel HD Graphics 3000

AMD Radeon HD 6770M - VRAM: 1024 MB

Color LCD 1680 x 1050

SyncMaster 1920 x 1080 @ 60 Hz


System Software: ℹ️

OS X 10.10.3 (14D136) - Time since boot: 0:2:21


Disk Information: ℹ️

APPLE HDD HTS727575A9E362 disk2 : (750,16 GB)

EFI (disk2s1) <not mounted> : 210 MB

750 GB (disk2s2) /Volumes/750 GB : 749.30 GB (399.71 GB free)


Samsung SSD 850 EVO 250GB disk0 : (250,06 GB)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

MacOSX250 (disk1) / : 248.83 GB (194.56 GB free)

Core Storage: disk0s2 249.20 GB Online


USB Information: ℹ️

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Inc. FaceTime HD Camera (Built-in)

GenesysLogic USB2.0 Hub

Areson USB Device

Apple, Inc. Keyboard Hub

Apple Inc. Apple Keyboard

Apple Computer, Inc. IR Receiver


Thunderbolt Information: ℹ️

Apple Inc. thunderbolt_bus


Gatekeeper: ℹ️

Mac App Store and identified developers


Kernel Extensions: ℹ️

/Library/Extensions

[loaded] at.obdev.nke.LittleSnitch (4246 - SDK 10.8) [Click for support]


Problem System Launch Daemons: ℹ️

[failed] com.apple.mtrecorder.plist


Launch Agents: ℹ️

[running] at.obdev.LittleSnitchUIAgent.plist [Click for support]

[running] com.bitdefender.antivirusformac.plist [Click for support]


Launch Daemons: ℹ️

[running] at.obdev.littlesnitchd.plist [Click for support]

[failed] com.apple.spirecorder.plist

[loaded] com.barebones.authd.plist [Click for support]

[running] com.bitdefender.AuthHelperTool.plist [Click for support]

[loaded] com.bitdefender.upgrade.plist [Click for support]

[running] com.ipvanish.IPVanish.VPNHelper.plist [Click for support]


User Launch Agents: ℹ️

[loaded] com.google.keystone.agent.plist [Click for support]


User Login Items: ℹ️

iTunesHelper Aplicación (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

IPVanish VPN Aplicación (/Applications/IPVanish VPN.app)


Internet Plug-ins: ℹ️

Default Browser: Version: 600 - SDK 10.10

QuickTime Plugin: Version: 7.7.3

Unity Web Player: Version: UnityPlayer version 4.6.5f1 - SDK 10.6 [Click for support]


3rd Party Preference Panes: ℹ️

None


Time Machine: ℹ️

Time Machine not configured!


Top Processes by CPU: ℹ️

14% SubmitDiagInfo

12% WindowServer

6% mds

3% fontd

2% Little Snitch Agent


Top Processes by Memory: ℹ️

801 MB kernel_task

295 MB mds_stores

279 MB Google Chrome Helper(3)

246 MB BDLDaemon

115 MB ocspd


Virtual Memory Information: ℹ️

12.00 GB Free RAM

4.17 GB Used RAM

0 B Swap Used


Diagnostics Information: ℹ️

Jul 5, 2015, 01:21:58 PM Self test - passed


Jul 5, 2015 2:59 PM in response to Rush__

I don't see anything particularly concerning in your report, although I'd recommend uninstalling Bitdefender.


Beyond that, there's not much more I can say without a better description of the symptoms. You may want to try to contact Apple Support for help. I don't know where you are, but if there is an Apple Store near you, consider making an appointment at the Genius Bar and taking it in so they can actually see what's going on.

My macbook pro has been hacked

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.