remote sharing/hacked
Trying to track down how my computer is hacked and my screen is being remotely shared. All of my screen sharing settings have always been off, and my firewall is always set to the highest level of security.
I ran ps -A | grep Remote in terminal and here are the results:
Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds
MacBook-Air:~ time$ sudo ps -A | grep Remote
7236 ?? 0:03.64 /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
7934 ?? 0:00.18 /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagen t
10061 ?? 0:00.03 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
14665 ttys000 0:00.01 grep Remote
MacBook-Air:~ time$
sh-3.2# ps -A | grep Remote
69 ?? 0:00.20 /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
384 ?? 0:00.10 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
386 ?? 0:00.03 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
387 ?? 0:00.10 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
572 ?? 0:00.43 /System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XP CServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticati o nRemoteService
699 ttys000 0:00.01 grep Remote
also, as additional information, when checking screen sharing in terminal
MacBook-Air:~ time$ [[ -f /etc/com.apple.screensharing.agent.launchd ]] && echo 'enabled' || echo 'disabled'
The reply is that screensharing is enabled
MacBook Air, macOS High Sierra (10.13.3)