Q: Trojan activity?
This is an mbp running Yosemite 10.10.5 (updated from ML) used for work / personal - there should be no sharing / remote access at all. It’s on a minimal network (laptop/printer/wifi router). Can’t upgrade OS as main use is software not yet compatible with 10.11
Am not seeing any particular performance issues, but wish to harden system security.
Ran etrecheck - below are the issues found (edited from the longlist).
I see the absence of xprotectupdater may indicate flashback trojan or similar.
Do any of the below issues suggest trojan activity? What should I be looking for in the logs? Thanks for any suggestions.
[loaded] com.apple.systemprofiler.plist (2015-02-26) - Invalid signature!
[not loaded] com.apple.FileSyncAgent.sshd.plist (2014-09-09) - No signature!
[loaded] com.apple.ManagedClient.enroll.plist (2015-05-13) - Invalid signature!
[loaded] com.apple.ManagedClient.plist (2015-05-13) - Invalid signature!
[not loaded] com.apple.ManagedClient.startup.plist (2015-05-13) - Invalid signature!
[loaded] com.apple.configureLocalKDC.plist (2014-09-10) - No signature!
[not loaded] com.apple.efax.plist (2014-09-10) - No signature!
[not loaded] com.apple.emlog.plist (2015-01-09) - No signature!
[loaded] com.apple.gkreport.plist (2015-08-02) - No signature!
[not loaded] com.apple.locate.plist (2014-09-09) - No signature!
[not loaded] com.apple.postgres.plist (2015-07-06) - /Applications/Server.app/Contents/ServerRoot/usr/bin/xpostgres: Executable not found!
[failed] com.apple.xprotectupdater.plist (2014-07-17) - /usr/libexec/XProtectUpdater: Executable not found!
[loaded] org.cups.cupsd.plist (2015-03-24) - Invalid signature!
[not loaded] org.net-snmp.snmpd.plist (2015-07-14) - No signature!
[not loaded] org.ntp.ntpd.plist (2015-04-27) - No signature!
[not loaded] ssh.plist (2015-07-25) - No signature!
Mar 15, 2016, 08:36:16 PM ~/Library/Logs/DiagnosticReports/com.apple.preferences.extensions.remoteservice _2016-03-15-203616_[redacted].crash
/System/Library/PreferencePanes/Extensions.prefPane/Contents/XPCServices/com.ap ple.preferences.extensions.remoteservice.xpc/Contents/MacOS/com.apple.preference s.extensions.remoteservice
MacBook Pro, OS X Yosemite (10.10.5)
Posted on Mar 16, 2016 6:09 AM