CONSOLE - Several Messages

Question

MariafromUSA Author

Level 1

16 points

CONSOLE - Several Messages

I have found some sentences on Console : Mac OS versus Mac Built , iMessage Public Password,

I do not use imessage, including I do not have an account created with imessenger. At least not yet

I do not have a Host enable my computer is private and personal.

I did not created a Network with a server using other computer and I did not created a LOCAL LAN.

I do not have iCloud or remote enabled. I am outside USA and I do not have internet.

There is also an info MAC OS VERSUS MAC BUILT “os = os x &os_build 14F27&os_version=10.10.5 . ERROR FAIL URL.

In fact console only shows ERROR in several messages NOT SURE....

In regards to someone making sync on my files not sure. I do not know who is MDWORKER.

NS breaking constraints not sure....

There is also an icon of hard drive shared. The shared was not created by me and I am the only one that uses the computer I live by myself. I have only one computer

Recently I decided to place all my files on an External Drive and it is showing another external drive created witn my name by someone else not me.

So NOT SURE wat is going on....

Please if someone can let me know what those sentences mean. See screen shot. I appreciate your reply. Maria

MacBook Pro, OS X Yosemite (10.10.2)

Posted on Jan 29, 2016 3:08 AM

Reply

Answer 1

Jan 29, 2016 8:04 AM in response to MariafromUSA

You've highlighted some messages from Spotlight (mdworker) and the configuration daemon (setting the mDNS/Bonjour host name for the local network), and the system policy daemon and a maps daemon error, all of which are normal processes.

The Persistent State Encryption stuff is related to what Apple calls the Transparent Application Lifecycle support, which is system software that stops and restarts applications, and deals with sudden application termination. That's also all a normal part of OS X.

Now as to whether the disk involved might be having some problems? There's at least some corruption reported with the disk volume structures, and which can sometimes be reparable and can sometimes indicate a hardware failure.

Launchd is also busy starting or restarting something, which could be normal or could be a problem. If it's a problem, there can be many potential triggers for something getting stuck in a crash-restart loop. But in any case, what's shown of that activity doesn't have enough detail on what's happening — if it's even a problem or not.

Your other posting on this topic is similar — there are some messages over there that might imply a disk corruption of some sort, or maybe a disk problem. That "hijack" chatter is largely of interest to whoever is maintaining the applications involved.

Are you having particular issues or problems here, or do you have a concern here? The console logs can be filled with cryptic and arcane and sometimes scary messages, and can have messages that can be interesting and relevant to troubleshooting issues. With your concerns here, and with the configuration report from Etrecheck posted here, then somebody here might be able to better address your question or concern or get you an answer.

Irrespective of the above, make sure your backups are running, and that Time Machine or some alternative is configured and operating and current. Having one or more backup devices is a common recommendation — computers get lost or damaged or stolen, or mistakes or bugs happen, and all computer storage eventually and inevitably will fail — and these backups are how you can better preserve access to your own and often irreplaceable data.

Reply

Answer 2

MariafromUSA Author

Level 1

16 points

Jan 29, 2016 2:48 PM in response to MrHoffman

Mr. Hoffman.

Thank you for your time and reading and answering my questions. I am not sure if I understood, I am an ignorant in regards to certain subjects. I would like to mention that I acquire a computer and the name of the name of the was exposed without extension. It means after a reinstallation the Name of the Computer changed and is showing LOCAL. Also I had find a plist file indicating Screen Shared Permanently and another plist file saying Permission to Access to Guest . I do not have a Guest Account as I mentioned I am the only one that uses the computer. So it looks like strange to have my Privacy being shared with a stranger in a screen shared permanently.

So if you have any ideas in how to remove my computer from this Local Lan and keep the name of the computer as it came from store I will be more than thankful to you. Also I had some pictures damaged so very strange events is happening. I did save the files.

As I mentioned I am in Brazil and it was my Welcome in this country due to all that is going on I do not have internet but apparently a LOCAL and a HOST can access remotely. I appreciate your reply. Maria.

Reply

Answer 3

Jan 29, 2016 3:47 PM in response to MariafromUSA

Do you have backups running? If not, please get those working. Right now. Configure Time Machine  > System Preferences > Time Machine, or use some other backup software.

Why do I suggest that? Do you have some idea of why there are some reports of volume errors? If not, please go figure that out. That reinstallation may have failed to work, or an underlying problem that led to that attempted software reinstallation — what could be failing disk storage hardware — may still exist here.

As for the expected .local host name, you can change that to whatever host name you want with  > System Preferences > Sharing. The computer name is set there. That host name is an expected part of networking on OS X, and is displayed and available on your local network connection. It's how network file sharing and screen sharing and other often-useful functions — features of OS X which can be optionally enabled on the same Sharing settings — are used and accessed.

As for exposing this information — if you're on a typical home or business network, then the gateway box — your ISP "router", or the corporate firewall box — that's almost always configured on the local network will block Internet access to that host name and to your computer.

But I'd very strongly encourage looking into those diagnostics related to an apparently-corrupted volume, and to get Time Machine or some other backup configured and working here in order to preserve your data. Your data files and documents and settings are not replaceable, and properly-maintained backups — preferably with some backups disconnected and offsite — are how you can recover that data after a hardware failure, volume corruption, security breach or other problems.

Reply

Answer 4

MariafromUSA Author

Level 1

16 points

Jan 29, 2016 4:38 PM in response to MrHoffman

Mr. Hoffman, once again I appreciate your time and assistance. I will back up my files as suggested. I do have already placed all my files on a external drive and probably I will create a new external driver for precaution as suggested.

In regards to LOCAL extension all steps mentioned in Sharing and in trying to change the name of the computer as it came from store. I did.

But the name LOCAL is greyout and does not let me change. Reason for that I believe someone is having control of my computer.

As I said I am ignorant on this subject but it looks like this way at least for me.

If you know how to make LOCAL available for change, please let know.

I appreciate your reply.
Maria

Reply

Answer 5

Jan 29, 2016 5:09 PM in response to MariafromUSA

You cannot change the .local that's used on the end of your selected computer name. That part of the name is always going to be .local — that's like .com or .net or .org or .us or .br, or any of the thousands of other names you have seen in your web browser. That .local name is an indication of the type of network computer name, and that computer name (with the .local) is used for specific purposes on the local network.

If you're going to be fearful about whether somebody else is using this computer, get somebody local to look at it — that you trust. Or change all your passwords on all the local users, and remove any remote-access tools that might be present. Check your network firewall settings, too. But nothing that you've shown here — or in the other thread — has indicated any of that. Or maybe consider moving to an iPad or such, as those have fewer options for opening up remote access into the device.

I'd strongly suggest those backups.

Then I'd suggest getting some help to understand more about computer security, given your responses here do imply that you have reasons to be concerned about this. There's rather more to learn, and the Console.app logs probably aren't the best or the easiest spot to learn more, either.

Reply

Answer 6

MariafromUSA Author

Level 1

16 points

Jan 29, 2016 6:32 PM in response to MrHoffman

Mr. Hoffman, I appreciate again your answers. My computer from store did not have a .local at the end.

Also did not have a battery broke at the middle like thunder sign. I also find a VPN information.

In regards to screen sare is there a way of removing it. To avoid rave my privacy exposed.

I also do translations and I do have contracts with Confidential Agreement so a screen share is an open door for stealing Copyright

bplist00‘_ARD_AllLocalUsersPrivs_VNCLegacyConnectionsEnabled_LoadRemoteManagementMenuExtra_ScreenSharingReqPermEnabled_ARD_AllLocalUsers,Jjàúûü†°

I appreciate your reply. Maria

Reply

Answer 7

Jan 29, 2016 7:04 PM in response to MariafromUSA

The .local extension has been used with OS X for a decade or so as part of Bonjour networking — also known as mDNS. Whether or not it was visible at the Apple Store, this is how OS X, iOS and more than a few other devices use the .local top-level domain, and how they all operate and interoperate.

As for that most recent screen shot, that indicates a PPP-based VPN was connected for a little less than ten minutes. Connected to what, is not clear from what's posted. Whether that was something that was directly or indirectly part of normal operations, or of something else is not at all clear.

To disable screen sharing, use the Sharing settings mentioned earlier.

But if your system has been breached to the point of remote administrative access, then there's no point in further discussions about the current state of this system. Back up your files once or (preferably) twice to external storage, wipe the disk, and reinstall OS X and applications from known-good distributions. Do not restore any of your applications from your backups. Only from fresh downloads from the canonical sources for the applications. Change all your local passwords, change your gateway router and local network passwords, change your email server passwords, banking, office and VPN passwords, whatever social-media web sites that you might use, everything.

Get some local help from the Apple Store or local Apple reseller, or from somebody that you trust that's (very) familiar with OS X. Somebody is going to have to look at this system, at your network, and at your particular security requirements, and to discuss the available options and trade-offs and alternatives with you. With some of what you should be concerned about, and what you should consider, as well.

Reply

Answer 8

MariafromUSA Author

Level 1

16 points

Feb 4, 2016 6:31 AM in response to MrHoffman

Mr. Hoffman thank you for your kindness in giving your time in
assisting me in this subject. Just for information I do not have a VPN
neither a Social Media.

In regards to Bank Account and Emails I had some damages on it.
Someone tried to access my bank account and also some emails are without
access.

I created new emails accounts and also it was acessed by someone
I do no know.

I will follow your advice.I will contact Apple store to
reinstall the software not sure if the Genius Bar can understand what is going
on because I requested help from them before and apparently the problem
continue. It means a new reinstallation only made my mouse stop to work
and F2 and letter H do not work either after this new installation and screen
shared continue.

I am not sure if it is consider Normal I had another External
Driver and tried to create a Time Machine for backup but it change the name of
my Hard Drive not sure if it is normal.

In regards to sharing I do not have anything enable to share on
my computer. I do not have Remote or iCloud enable. I do not share my files
specially because of my Translations. I do not have Guest Account created
but it was found also a Permission for guest so someone had access to my
computer. I had some pictures damaged. And I found a file with some of my
pictures printed by Arcsoft. I do not have internet I am using right now a pre
paid just to place these questions.

After I noticed the access to my bank account and others bad
situations I remove my contacts from Address Book in order to safeguard
them but I saw on Console a sentence. FIND NAMES ON ADDRESS BOOK.

Yesterday I was working on a Picture and today it disappeared
and it was on my external drive but I was on the computer and sometimes go to
drink a glass of water and maybe was in this occasion someone took not sure.

I did not create a MOBILME account however I saw on keychain a
request of Password for Mobilme Account and with this information I tried to
create one account for me and my surprise was the paid storage was
used so makes me believe someone made a Sync and took the data.

It is showing on Console Window Server not sure what it means...
Do you know?

I do not have Windows installed on my Mac. I do not have a
Server.

And this Windows Server only receives Error Message and saying
Failed.

There so many Error Message from this Server that I do not
understand why to keep this.

It is another concern in regards to BUNDLE not sure if was made
several copies of my computer. As bundle means Package like Office Package.

See files attached Bundle Development CF Package Build Machine

Maybe was made a “Maria Package” and was distributed to who
knows...

One of them refers as Low Level Package not sure
what is going on.

I am a suspicious person specially when I have responsibility
towards somebody else material.

In bluetooth was PoP up a window with a Person Name as attached
Trying to Access one Folder of Mine. Not sure if it was a War Dialing, because
was so many attempts with different names

All of them Unknown. On my building floor there is no one with
the name informed on bluetooth access.

Also several mouses
installed.

Where I live apparently no one has Apple on my building floor so
no reason to appear several mouses.

Just for you to understand I placed one night some files on my
desktop area to work on them on the next day. Those files were removed and I
saw a file saying permission to guest

A new screen shot attached shows 2 bluetooth connections but I
use only one mouse. Not sure about the second connection.

It was also found a Genieo someone tried to install.

All the update is made via AppStore so not sure about
the Known Good distribution as you mentioned

Do you know another safe source to update or reinstall
besides Apple Store or AppStore via internet??

Please take a look on the Several Building Machine informed with
a different number for each machine. It means Maria Package?? Not sure about
it. I am ignorant on the subject but also suspicious

Another screen share is showing 2 Houses. Not sure.

As far as I know there is no others users but in the file I sent
to you before say All local users. Not sure...

I found 2 information on Shared Folder about SERVER NET and
SERVER HOME not sure what it is. I do not have a server and I live by myself
and I do not have a network computer to computer, In fact I have only one
computer

Mr. Hoffman I do have a lot of Suspicious files I hope you don't
mind the ones that I placed here for you to take a look and have an idea about
the situation.

One of my emails the URL has been changed or adulterated. Not
sure how could this be possible, but it happened.

Another email the URL was changed and placed as SHARED.

If I haven't enough troubles trying to negotiate with Apple I
have a suspicious of a Picture of Mine that was used by a WebSite
Commercial use without paying License and without authorization. It
means Violation of Copyrights.

If they did this to me with a Picture not sure what they can do
with my Clients Materials.

Well was a lot of trouble I am avoiding risks
and excuse me to mention that with you but I am just trying to fix this
computer because I need it.

And you were very kind in share your knowledge
with me and giving me some precious advice.

To tell you the true the impression that I have
is that my computer is being shared with someone I do not know.

Sharing
with the enemy by the damages caused.

One of the bluetooth Natani Ballego tried to Get the folder NEW
FOLDER and had a lot information . See screen shot.

It happened when I was creating new folders with different names
to remove from my disk so I even had the time to change the name of the folder
this person was trying to obtain that folder.

I do have many attempt of Bluetooth access on my computer,
according to my understanding. Most of them informs the name and others the
cell number.

I attached also the screen that mention Remote Management and
ARD and VPN are mentioned not sure because I remove those plugins but it was
returned remotely even if I do not enable remote and I am no using internet
after all this aggravation.

I understand that Technical Support sometimes requires to access
the computer via remote. It happened to me once using Windows someone from
India requested permission installed the software to share the desktop area and
after the job was done this software
were uninstalled. Is not the case here.

In Sharing it states any user from Local Network can access the
computer.

What does it means????

In regards to “hijack” I do have some concerns once all my
emails were being accessed and I was informed suspicious access and all the
time requesting me change my password.

My bank account someone tried to access from another computer.

My Gmail account was placed as a Red Line and a warning message
stating suspicious access. Some emails I can even access. Sounds strange for
me.

The printer that I installed it said was installed successfully,
however the computer said that was no printer installed.

In revising one of the files of Installation I found states
Incompatible Kernel Extension not sure...

<dict>

<key>contentType</key>

<string>config-data</string>

<key>displayName</key>

<string>Incompatible Kernel Extension Configuration Data</string>

<key>displayVersion</key>

<key>packageIdentifiers</key>

<array>

<string>com.apple.pkg.IncompatibleKextConfigData.12U2199</string>

</array>

<key>processName</key>

<string>softwareupdated</string>

</dict>

By the way I wipe out the disk
as suggested by you, only leaving the installation from the store the
few files I had I removed.

So in this way if necessary Apple Store can take a look on this
installation.

I let you know the outcome and what I got with Apple
Store.

From now on I will keep the computer empty only installation.

Do you know if I can I do
an installation on an external disk and use the software installed on the
external disk instead of the computer?
It means instead of open Pages from computer disk open pages, Photos ,
iMail, Contacts directly from an external disk?

Do you believe it is possible?

If you have another idea you are welcome in share with me.

I really appreciate your time in helping me out on this
Maria.

<?xml version="1.0"
encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST
1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>BuildMachineOSBuild</key>

<key>CFBundleDevelopmentRegion</key>

<string>English</string>

<key>CFBundleExecutable</key>

<string>AssetCacheClient</string>

<key>CFBundleIdentifier</key>

<string>com.apple.configurationprofiles.assetcache.client.osx.plugin</string>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/

PropertyList-1.0.dtd">

<dict>

<key>BuildMachineOSBuild</key>

<key>CFBundleDevelopmentRegion</key>

<string>English</string>

<key>CFBundleExecutable</key>

<string>PluginManager</string>

<key>CFBundleGetInfoString</key>

<string>Plugin Manager</string>

<key>CFBundleIdentifier</key>

<string>com.apple.PluginManager</string>

<key>CFBundleInfoDictionaryVersion</key>

<key>CFBundleName</key>

<string>PlugInManager</string>

<key>CFBundlePackageType</key>

<key>CFBundleShortVersionString</key>

<key>CFBundleSignature</key>

<key>CFBundleVersion</key>

<key>DTCompiler</key>

<key>DTPlatformBuild</key>

<key>DTPlatformVersion</key>

<key>DTSDKBuild</key>

<key>DTSDKName</key>

<key>DTXcode</key>

<key>DTXcodeBuild</key>

<key>NSPrincipalClass</key>

<string>PROPlugInManager</string>

</dict>

Reply

Answer 9

Feb 4, 2016 8:35 AM in response to MariafromUSA

Digging into a potential security breach takes rather more access than what can be provided via forums. I've spent several days working on some of these cases, and that's with direct access to the servers involved, and that was a fairly quick turn-around for a "simple" breach.

If those Bluetooth entries are not yours, then somebody else has full access to your system, and probably physical access.

Yes, it is possible to install and boot OS X on an external disk.

Enabling local sharing on the network means that other users on the local network — with a valid user and password — can access resources on this Mac.

If you left only files from "the store", that was not a complete backup or three to external storage, a complete disk wipe — and a disk wipe will erase all files on the disk, so your files must be backed up externally and preferably several times and with at least one copy entirely disconnected from the Mac — followed by the disk wipe, and the reinstallation and migration sequence. This is probably not going to be something that you will want to perform yourself either, so this means getting some local help to reset and rebuild the OS X environment from distributions — getting your own local IT and security support.

OS X already has anti-malware tools and related security with Gatekeeper and Xprotect (if that's not been disabled). Whatever EMET AV package has been installed here has issues. There are many potential issues here, but without rather more data and discussions and details than is feasible here in the forums, what's going on here — if anything — is not at all certain.

But as earlier, please get some local help. Somebody that can help you here, and that can help you learn how to operate a computer more securely.

Reply

Answer 10

MariafromUSA Author

Level 1

16 points

Feb 12, 2016 7:50 AM in response to MrHoffman

Mr. Hoffman,

As I said I let you know the follow up with Apple Store and Apple Customer Support in Brazil.

It was a biggest disappointment in fact not sure if I am dealing with Professional or wit hkids tat does not understand the responsibilities of life

In regards to the issues

Installation Cd damaged by Genius Bar
Installation of a Server Net and Server Home
Tentative to install Genieo

The consequences related to those actions

They do not take responsibilities so the customer has to run a risk each time they request a reinstallation.

They can not answer and only suggest a reinstallation that does not work once an old one takes places after a couple days due to a Remote Access.

The installation CD that came with the computer and was damaged by Genius bar they can replace if I pay a new one.

In regards to reinstallation by Genius Bar can not be responsible for the installation Server NET and Server HOME and are not responsible for the consequences of those servers even after mentioning the issue with my bank account.

I went to the store Genius Bar and I was told they could do a reinstallation as they normally do not more than that but could not give any warranty the old installation returns back remotely after a couple days as it happen before.

And suggest me to contact Customer Service to see if there are other means to take a look more deeply on the issue.

One of the girls from support said she could not contact Apple in USA once they can not make an international call to find out about reinstallation or to request a new CD.

Even if I haven’t asked for that just require assistance to resolve the issue as requested by Genius Bar.

Also they do not use email at work.

I worked on support and I had access to contact any place the company exist, but in Brazil is different.

Also mentioned to contact another site to get help instead of Apple Communities once this FORUM does not resolve anything and had a sarcastic or ironic tone on her voice and showing indifference in resolve the issue.

It was a surprise listen it from an employe once Apple Communities is from Apple company and Apple website so it is saying no one is able to resolve so according to this employee Apple Communities is not trustworthy

Apparently they to not take responsibilities on negligence and customers has to keep their damages without having the issue resolved.

It looks like we are dealing with kids that does not understand the responsibilities of life.

It means:

- Did not resolve the vulnerability of the system

Did not act in the customers best interests
Fail do keep professional boundaries

Result: I need a new computer. Who is going to pay for??

After all done It is my problem if it was hacked and if Genius Bar by negligence installed a Server on a Private computer and caused me financial damages.

Not sure if Login Plugin means someone can log on my computer see image below:

I considered a disrespect against a customer that in the moment of a Purchase gave preference to their products.

Specially knowing the minimum wage in the country is around a gross value 200 dollars a Month, so it is not any ordinary person can afford to purchase an Apple computer in this country.

A MacBook Pro in Brazil costs around 3.200.00 dollars and around 300 dollars for a mouse but they can not help the customer.

In USA the minimum wage is 8.50 an hour considering 40 hours a week in a Month with a net value around 1.100 almost the price of an Apple Computer in USA and the mouse costs 80.00 dollars.

I am Brazilian and never had a problem in this country before but now I see if you have a problem do not rely on anyone to have this resolved.

Just for you to have an idea about how the system works here. An actress famous had her Apple hacked and some of her pictures were removed the local authorities gave her all the assistance including Apple and she did not have issues on Bank Account or emails.

Also was not exposed to ironic comments they were professional in resolve the issue.

Anyway I will try one more time in reinstall and see what happened. In regards to operate securely the computer you are talking with one of them I am very cautious in regards to that I do not download anything from internet and the sites that I visit most of them are safe.

I am not a chat person if I need contact someone I do it by email, of course that if I need I use a chat but I normally do not have time for that.

I am appreciate for your time and assistance and excuse me to share my frustration with Apple support. Anyway I let you know the next outcome on this journey.

Maria

Reply