Have I been hacked? (Repeating APSD messages and hosts file not working)
Hi,
I keep getting these repeat Console messages on my root user even if I am not using the computer (and it had went on for days), may I know what is happening? (My hosts file is also weirdly not working)
8/5/18 4:53:57.088 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:57.282 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:57.487 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:57.542 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:53:57.683 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:57.888 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:58.054 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:58.247 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:58.392 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:58.592 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:58.796 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:58.997 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:59.194 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:59.398 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:53:59.604 PM apsd[81]: *** LOG MESSAGE QUOTA EXCEEDED - SOME MESSAGES FROM THIS PROCESS HAVE BEEN DISCARDED ***
8/5/18 4:54:00.002 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:54:01.985 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:07.289 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:12.138 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:17.253 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:22.135 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:26.000 PM syslogd[858]: ASL Sender Statistics
8/5/18 4:54:27.198 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:32.175 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:37.233 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:42.190 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:47.163 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:52.269 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:54:54.012 PM akd[1322]: *** LOG MESSAGE QUOTA EXCEEDED - SOME MESSAGES FROM THIS PROCESS HAVE BEEN DISCARDED ***
8/5/18 4:54:54.012 PM akd[314]: *** LOG MESSAGE QUOTA EXCEEDED - SOME MESSAGES FROM THIS PROCESS HAVE BEEN DISCARDED ***
8/5/18 4:54:57.181 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:55:00.056 PM apsd[81]: *** LOG MESSAGE QUOTA EXCEEDED - SOME MESSAGES FROM THIS PROCESS HAVE BEEN DISCARDED ***
8/5/18 4:55:01.799 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:55:07.012 PM apsd[81]: Unexpected replacement of connection in <APSConnectionServer: 0x7ffc0bd761b0>
8/5/18 4:55:07.395 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:55:12.100 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:55:17.269 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:55:22.164 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
8/5/18 4:55:27.189 PM launchservicesd[82]: Process 933 (Activity Monitor.app) attempted to bypass check for entitlement "com.apple.private.launchservices.allowedtoget.LSActivePageUserVisibleOriginsKe y" while running as root. This is no longer a supported configuration. Please file a radar against that process to adopt that entitlement.
Here are some other samples of the Console log message which I found weird.
5/5/18 2:51:54.948 PM WiFiAgent[438]: [NO client logger] <Sep 11 2015 20:39:39> WIFICLOUDSYNC WiFiCloudSyncEngineCreate: created...
5/5/18 2:51:54.948 PM WiFiAgent[438]: [NO client logger] <Sep 11 2015 20:39:39> WIFICLOUDSYNC WiFiCloudSyncEngineRegisterCallbacks: WiFiCloudSyncEngineCallbacks version - 0, bundle id - com.apple.wifi.WiFiAgent
5/5/18 2:51:54.949 PM secd[392]: do_with_account_if_after_first_unlock Cannot inflate account object as root
5/5/18 2:51:54.950 PM secd[392]: securityd_xpc_dictionary_handler WiFiAgent[438] View Error Domain=com.apple.security Code=550 "(null)"
5/5/18 2:51:54.986 PM diagnostics_agent[439]: AutoSubmitPreference is 0
5/5/18 2:51:55.179 PM CrashReporterSupportHelper[455]: DebugLogging not enabled
5/5/18 2:51:55.317 PM Keychain Circle Notification[425]: Posted at launch: (
)
5/5/18 2:51:55.318 PM secd[392]: do_with_account_if_after_first_unlock Cannot inflate account object as root
5/5/18 2:51:55.319 PM secd[392]: securityd_xpc_dictionary_handler Keychain Circle [425] DeviceInCircle Error Domain=com.apple.security Code=550 "(null)"
5/5/18 2:51:55.319 PM secd[392]: do_with_account_if_after_first_unlock Cannot inflate account object as root
5/5/18 2:51:55.320 PM secd[392]: securityd_xpc_dictionary_handler Keychain Circle [425] CopyApplicantPeerInfo Error Domain=com.apple.security Code=550 "(null)"
5/5/18 2:51:55.320 PM secd[392]: do_with_account_if_after_first_unlock Cannot inflate account object as root
5/5/18 2:51:55.321 PM secd[392]: securityd_xpc_dictionary_handler Keychain Circle [425] CopyPeerPeerInfo Error Domain=com.apple.security Code=550 "(null)"
5/5/18 2:51:55.321 PM Keychain Circle Notification[425]: rawStatus -1, #applicants 0, #peers 0, err=Error Domain=com.apple.security Code=550 "(null)"
5/5/18 2:51:55.325 PM Keychain Circle Notification[425]: {ChangeCallback}
5/5/18 2:51:55.339 PM SubmitDiagInfo[456]: Couldn't load config file from on-disk location. Falling back to default location. Reason: Won't serialize in _readDictionaryFromJSONData due to nil object
5/5/18 2:51:55.340 PM MRT[442]: Agent finished.
5/5/18 2:51:55.340 PM MRT[442]: Finished MRT run
5/5/18 2:51:55.000 PM kernel[0]: Sandbox: SocialPushAgent(423) deny(1) file-write-data /private/var/root/Library/Preferences/com.apple.socialpushagent.plist
5/5/18 2:51:55.000 PM kernel[0]: Sandbox: SocialPushAgent(423) deny(1) file-write-data /private/var/root/Library/Preferences/com.apple.socialpushagent.plist
5/5/18 2:51:55.436 PM Keychain Circle Notification[425]: {ChangeCallback} scheduleActivity 4001-01-01 00:00:00 +0000
5/5/18 2:51:55.436 PM Keychain Circle Notification[425]: {ChangeCallback} Applicants
5/5/18 2:51:55.436 PM Keychain Circle Notification[425]: Checking validity of 0 notes
5/5/18 2:51:55.437 PM Keychain Circle Notification[425]: writeToStorage plist={
absentCircleWithNoReason = 0;
applicationDate = "0000-12-30 00:00:00 +0000";
lastCircleStatus = "-1";
lastWritten = "2018-05-05 06:51:55 +0000";
pendingApplicationReminder = "4001-01-01 00:00:00 +0000";
pendingApplicationReminderInterval = 86400;
}
5/5/18 2:51:55.528 PM diagnostics_agent[439]: AutoSubmitPreference is 0
5/5/18 2:51:55.581 PM diagnostics_agent[439]: AutoSubmitPreference is 0
5/5/18 2:51:55.638 PM SubmitDiagInfo[456]: Couldn't load config file from on-disk location. Falling back to default location. Reason: Won't serialize in _readDictionaryFromJSONData due to nil object
5/5/18 2:51:55.655 PM com.apple.xpc.launchd[1]: (com.apple.updateEFIDesktopPicture) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
5/5/18 2:51:55.816 PM sandboxd[130]: ([407]) SpotlightNetHelp(407) deny file-write-create /private/var/root/Library/Caches/com.apple.metadata.SpotlightNetHelper
5/5/18 2:51:55.859 PM sandboxd[130]: ([407]) SpotlightNetHelp(407) deny mach-lookup com.apple.storeaccountd.daemon
5/5/18 2:51:55.876 PM sandboxd[130]: ([407]) SpotlightNetHelp(407) deny file-write-data /private/var/db/mds/system/mds.lock
5/5/18 2:51:56.513 PM fontd[393]: ATSServer: FODBVerifyReviveResults made adjustments
Another set:
5/5/18 2:54:56.853 PM com.apple.geod[510]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9808)
5/5/18 2:54:56.855 PM com.apple.geod[510]: 2018-05-05 14:54:56.854, 510, 2341ea80, [CountryConfiguration]: Could not determine current country code: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “gspe1-ssl.ls.apple.com” which could put your confidential information at risk."
MacBook Pro, OS X El Capitan (10.11.6), MacBook Pro 5,4
