f-mo

Q: Trojan activity?

This is an mbp running Yosemite 10.10.5 (updated from ML) used for work / personal - there should be no sharing / remote access at all. It’s on a minimal network (laptop/printer/wifi router). Can’t upgrade OS as main use is software not yet compatible with 10.11 

 

Am not seeing any particular performance issues, but wish to harden system security.

Ran etrecheck - below are the issues found (edited from the longlist).

I see the absence of xprotectupdater may indicate flashback trojan or similar.

Do any of the below issues suggest trojan activity?  What should I be looking for in the logs? Thanks for any suggestions.

 

 

 

[loaded]    com.apple.systemprofiler.plist (2015-02-26) - Invalid signature!

 

[not loaded]    com.apple.FileSyncAgent.sshd.plist (2014-09-09) - No signature!

 

[loaded]    com.apple.ManagedClient.enroll.plist (2015-05-13) - Invalid signature!

[loaded]    com.apple.ManagedClient.plist (2015-05-13) - Invalid signature!

[not loaded]    com.apple.ManagedClient.startup.plist (2015-05-13) - Invalid signature!

 

[loaded]    com.apple.configureLocalKDC.plist (2014-09-10) - No signature! 

 

[not loaded]    com.apple.efax.plist (2014-09-10) - No signature!

   

[not loaded]    com.apple.emlog.plist (2015-01-09) - No signature!

 

[loaded]    com.apple.gkreport.plist (2015-08-02) - No signature! 

 

[not loaded]    com.apple.locate.plist (2014-09-09) - No signature! 

 

[not loaded]    com.apple.postgres.plist (2015-07-06) - /Applications/Server.app/Contents/ServerRoot/usr/bin/xpostgres: Executable not found! 

 

[failed]    com.apple.xprotectupdater.plist (2014-07-17) - /usr/libexec/XProtectUpdater: Executable not found!

 

[loaded]    org.cups.cupsd.plist (2015-03-24) - Invalid signature!

[not loaded]    org.net-snmp.snmpd.plist (2015-07-14) - No signature!

[not loaded]    org.ntp.ntpd.plist (2015-04-27) - No signature!

 

[not loaded]    ssh.plist (2015-07-25) - No signature!

 

Mar 15, 2016, 08:36:16 PM    ~/Library/Logs/DiagnosticReports/com.apple.preferences.extensions.remoteservice _2016-03-15-203616_[redacted].crash

        /System/Library/PreferencePanes/Extensions.prefPane/Contents/XPCServices/com.ap ple.preferences.extensions.remoteservice.xpc/Contents/MacOS/com.apple.preference s.extensions.remoteservice

MacBook Pro, OS X Yosemite (10.10.5)

Posted on Mar 16, 2016 6:09 AM

Close

Q: Trojan activity?

  • All replies
  • Helpful answers