i Have seen key logging software that says its "undetectable" on a MAC. I think I may have something on my Mac, I've searched the community for key logging software, i dont see it on the computer. This so-called undetectable software, is there anyway to find out if it's there?
MacBook Pro (13-inch Mid 2012)
"Thinking" you have something you've read about and actually having it are two entirely different things.
There is no such thing as undetectable software. There's always a way to find it, even a rootkit. For the latter, rootkits load before the OS layer and can then be written to tell the OS not to allow any search function to show it. Terminal (Unix) is also below the GUI OS layer and will show them. You could also boot to another drive with a clean OS on it. A rootkit can only affect the same drive it's on that you're booting to. From another drive, it's just another file and would be visible.
However, keyloggers are generally not rootkits. You just need to know what files to look for. But as I said, the chances you have one are very slim. If you want, you can download and run EtreCheck. Copy/paste the results here. It will show all running processes. From there, members can help determine what should, or should not be on your Mac.
It's best to describe the problem, if you have one, in as much relevant detail as possible, rather than to say what you think is causing it or how you think it should be solved.
IIt's not a problem with the computer, but a certain person knows information that could've only been obtained on that computer. Also, I found my computer locked a couple of weeks ago, data encrypted, & a new "guest user" profile on the sign in screen. I wouldn't put it past this person to have gotten in, put the software on the computer, then make it look like it was never accessed. Kurt, I will copy & paste that once I get back to my computer. I did see someone copy & paste their files on this site, & I didn't see the one program that was a key logger on that list when I compared with mine. It's more than just "thoughts", specific information was known, & he's done it in the past to someone.
Why do you suspect there's "something" on your Mac? What facts, symptoms make you think that?
There is so little chance that your Mac is infected with password-stealing malware that trying to check for it would be a waste of time. If you want to check anyway, you need the services of a consultant in forensic computing. Running any kind of "anti-malware" software is worse than doing nothing. All such software is useless.
The above proviso doesn't apply to Windows or Android devices. Those platforms are infested with dangerous malware.
In almost every case where only Apple devices are involved, this kind of incident has one of the following causes:
Change the account password to a random string of at least 10 characters, and never use that password for anything else. Any password that you can remember is too weak. If there are security questions on the account, the answers should also be random strings, and you have to make sure you don't lose them.
From this newer information, I would say number 3 or 4 in Linc's list of possibilities are the likely ones.
As Linc mentioned, change all of your current passwords to long, complex and difficult to break strings. The longer and more obnoxious, the better. I like this simple password generator. You can create up to a 999 character password, which would take a few trillion eons to break. Obviously, you'd have a tough time remembering that. In addition to this password generator, I also use 1Password to keep track of all of these complex passwords for me. You only have to remember one to log into the app. It then automatically fills in all of these passwords for your web site logins. Make sure that password is NOT easy to guess or break.
Here's one example with 24 characters:
You can click New Password as many times as you like until you get one you think is more difficult than another. Then click the Copy button to put it on the clipboard. Punctuation & Symbols makes it even harder to crack a password, but not all sites will let you use them. Others won't accept a password unless you have at least one such character in it.
All of this is no help though if your Mac has actually been compromised. Which is still also the least likely scenario.
It could be #3 from above, but not #4. I immediately delete anything remotely possible for a scam. Unfortunately for Linc, it is a real possibility that my Mac has been compromised. I have decided to take it to Apple to let them look over it. It may be money wasted, but the peace of mind is worth it.
Kurt, for future reference, I am going to take your advice on passwords though.
Thanks to all who answered!
Just for the sake of saving yourself some money, and the time to take it to an Apple Store, you can clear things up yourself.
1) Backup the entire drive, however you do that. Time Machine, SuperDuper!, Carbon Copy Cloner, etc. Preferably two full backups on two separate drives.
2) Restart the Mac and hold the Command+R keys to boot into Recovery mode. When you can, choose Disk Utility from the menu bar. Erase the boot partition. Exit Disk Utility and choose to install OS X. You will now have a clean drive. Anything that may have been there will be gone.
3) Reinstall your third party apps only from their legal sources.
4) Manually restore your emails, photos or other personal data from the backup. Do not simply merge in a TM backup. If there was anything to get rid of, you'd only succeed in putting it back on the drive. Restore items selectively.
Kurt, that was MOST helpful. Truthfully, there is very little to back up, and I would only need a thumb drive to store all the info. I will do what you have suggested. Few questions though (because I am new to Macs, have used windows for years), I don't remember seeing the disk utility on the bottom menu bar, and if it is there, how do I erase the boot partition? Once I do that, am I given the option to install OS X? Sadly, I know how to do so much with Windows, just haven't gotten there with this Mac.
With Disk Utility open, highlight the name of your startup drive at the left. Choose to erase it as Mac OS Extended (Journaled), which should be the default. That will only take a few moments. Then exit Disk Utility. The simple work screen will come to the foreground again. Choose to install OS X. The version of OS X your Mac shipped with will be installed from Apple's servers. If you had a newer version installed, the Mac will install the same version as the current Recovery partition.
Kurt,
I looked on the activity monitor, and it is showing a number of processed running, and the user is "root". Is this what you are referring to? One is syslogd. Is that my system, or is that something that has been put on the computer? A few others, cupsd, stackshot, TMCacheDelete, logind. There were quite a number of them. Thoughts?
There are lots of normal processes that run as root. These belong to the OS. If the OS didn't give itself root access, it wouldn't have the necessary permissions to do some of the things you tell it to do. If you check further, you'll find user accounts such as "wheel". This is an OS account, as in, The Big Wheel. It again exists so the OS can do what you expect it to do without Unix permissions stopping it, as it may do to a normal account.
To detect a keylogger on Mac, there are several ways to help. I just learn a little from this:
Just share it here. Hope it can help.
Step 1 Open the Activity Monitor to check for unknown process. This system tool will allow you to view the programs (processes) currently running on your computer.
Step 2 Check and Research any unfamiliar processes running in your “Activity Monitor.” Critical system processes sometimes have unrecognizable names, however, and keyloggers may have a name that sounds legitimate.
Step 3 Download and install a mac keylogger detector or another software firewall. This type of mac software alerts you when another program tries to connect to the Internet. It will detect a keylogger for mac before it sends information over the Internet , and allow you to block it.
<Edited by Host>
Undetectable key logger?
