User profile for user: kwcw
kwcw Author
User level: Level 1
11 points

Why would root have Bomgar running?

Hello - Had a problem with creative cloud, called Adobe, had a sreenshare session to correct. In doing so, Bomgar was downloaded and eventually Adobe opened Activity Monitor. There, I saw 2 Bomgar applications running, the current one and one that Root initiated over an hour ago while I wasn't near computer. He couldn't explain and deleted all traces of Adobe and and changed all permissions and deleted both Bomgar sessions and that was that. I found Bomgar software on my iPhone as well so a couple of weeks ago I removed all traces of Bomgar from my new iMac running 10.12.6 - I did have a quick screen share session with Apple over a different matter in-between but didn't download anything. No one has yet to tell my why Bomgar was running without my knowledge. And then KeyChain cannot be found error came up, was accessed and modified while I was away before I came back to post this. WWYouDO?

iMac, 10.12.1

Posted on Oct 3, 2017 7:38 PM

Reply
21 replies
User profile for user: kwcw
kwcw Author
User level: Level 1
11 points

Oct 4, 2017 10:03 AM in response to tygb

While activity monitor was opened, he deleted all traces of Bomgar, then I believe it was etc file where he went and deleted all traces of anything that had "Adobe" on it then replaced. He went so fast and just mumbled when I asked so I don't know but I can't find bomgar anywhere now. In looking, I did find and did some research on LSQuarantineEvents as well as this which is on frameworks disturbing:

CoreLocationProtobuf:


Obtained from: Unknown

Last Modified: 10/3/17, 5:34 PM

Kind: Intel

64-Bit (Intel): Yes

Location: /System/Library/PrivateFrameworks/CoreLocationProtobuf.framework

Private: Yes

With the reports I ran that were blacked out and redacted, the actual reports that are "missing" from their files and watching ATT delete information that router was hacked (printed out before they did) - I think I'm going back to pen, paper and stamps.

Reply
User profile for user: tygb
tygb
User level: Level 9
65,010 points

Oct 4, 2017 10:47 AM in response to kwcw

The folders are locked , see the path .

User uploaded file

Bomgar is an software for screen sharing purposes , you can see in users and groups > login items > if it is found select and click on minus sign , see in download folder .And also look in security and privacy > accessibility .


User uploaded file

Restart the machine and empty the trash .

When the screen session ends it will always prompt to delete the software and click on ok , but unfortunately you might missed that option .

You can consult apple support senior advisors .

Reply
User profile for user: tygb
tygb
User level: Level 9
65,010 points

Nov 24, 2017 3:09 AM in response to munkymajik

Bomgar is a third party paid service software for remote control access you can find out the link for it on the internet .SIP is enabled in the system and is protecting the user (also there are many processes running in the system and for every internal process only apple support can answer it .

When the user removes the software it is deleted from the system .

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Why would root have Bomgar running?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up