Help!!! Malware with rdp found
Hi there,
I have strong suspicions that there is currently malware on my laptop with rdp setup, keyboard logger (passwords emailed) and camera access.
Did a few searches and ran the following etrecheck Checks. Removed a few suspicious things already and this is the second report here.
also would be keen to know how to check for active Remote Desktop rdp connections or what processes in activity monitor to look for with keyboard loggers (i suspect there isn’t a generic program?)
I dont have an active virus program (downloaded Bitdefender but install was doing funny things)
Can someone Help?
EtreCheck version: 4.3.6 (4D041)
Report generated: 2018-07-28 15:26:13
Download EtreCheck from https://etrecheck.com
Runtime: 2:45
Performance: Excellent
Problem: Other problem
Description:
suspect malware
Major Issues:
Anything that appears on this list needs immediate attention.
Time Machine backup out-of-date - The last Time Machine backup is over 10 days old.
Battery failure - Your battery is reporting that it needs to be serviced.
Old operating system - Old operating system versions no longer receive security updates.
More than one antivirus app - This machine has multiple antivirus apps installed.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Low disk space - This machine is running low on free hard drive space.
Clean up - There are orphan files that could be removed.
Unsigned files - There are unsigned software file installed. They appear to be legitimate but should be reviewed.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
MacBook Pro (Retina, 15-inch, Early 2013)
MacBook Pro Model: MacBookPro10,1
1 2.7 GHz Intel Core i7 (i7-3740QM) CPU: 4-core
16 GB RAM - Not upgradeable
BANK 0/DIMM0 - 8 GB DDR3 1600 ok
BANK 1/DIMM0 - 8 GB DDR3 1600 ok
Battery: Health = Service Battery - Cycle count = 476
Video Information:
Intel HD Graphics 4000 - VRAM: 1024 MB
NVIDIA GeForce GT 650M - VRAM: 1024 MB
Color LCD 2880 x 1800
Drives:
disk0 - APPLE SSD SD512E 500.28 GB (Solid State - TRIM: Yes)
Internal SATA 6 Gigabit Serial ATA
disk0s1 - EFI [EFI] 210 MB
disk0s2 - Macintosh HD [Core Storage Container] 499.42 GB
disk1 - Macintosh HD (Journaled HFS+) 499.05 GB
disk0s3 - Recovery HD [Recovery] 650 MB
Mounted Volumes:
disk1 - Macintosh HD 499.05 GB (15.80 GB free)
Journaled HFS+
Mount point: /
Network:
Interface Bluetooth-Modem: Bluetooth DUN
Interface en3: Thunderbolt Ethernet 2
Interface fw0: Thunderbolt FireWire
Interface en0: Wi-Fi
802.11 a/b/g/n
Interface en5: iPhone
Interface bridge0: Thunderbolt Bridge
Interface en4: Bluetooth PAN
System Software:
OS X Yosemite 10.10.5 (14F2511)
Time since boot: Less than an hour
System Load: 1.71 (1 min ago) 2.04 (5 min ago) 1.49 (15 min ago)
Security:
| System | Status |
|---|---|
| Gatekeeper | Mac App Store and identified developers |
Unsigned Files:
Launchd: ~/Library/LaunchAgents/com.logos.LogosIndexer.plist
Executable: /Applications/Logos.app/Contents/MacOS/LogosIndexer.app/Contents/MacOS/LogosInd exer
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.adobe.SwitchBoard.plist
Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.divx.dms.agent.plist
Executable: /Library/Application Support/DivX/DivXMediaServer.app/Contents/MacOS/DivXMediaServer
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.amazon.sendtokindle.launcher.plist
Executable: /usr/bin/stkLaunchAgent.sh
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.skype.skype.shareagent.plist
Executable: /Applications/Skype.app/Contents/Library/LaunchServices/com.skype.skype.shareag ent.bundle/Contents/MacOS/com.skype.skype.shareagent
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.adobe.fpsaud.plist
Executable: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
26 32-bit apps
Kernel Extensions:
/Library/Application Support/HASP/kexts
[Not Loaded] aksfridge.kext (1.0.13274)
/Library/Extensions
[Loaded] SelfProtect.kext (Bitdefender SRL, 1.2.11 - SDK 10.9)
[Loaded] ufsd_NTFS.kext (Paragon Software GmbH, 14.2.288 - SDK 10.5)
/System/Library/Extensions
[Not Loaded] basICColorDISCUS.kext (1.0.0 - SDK 10.4)
[Not Loaded] Seagate Storage Driver.kext (5.2.6 (26**3) - SDK 10.4)
[Not Loaded] Wacom Tablet.kext (Wacom Tablet 6.3.6-3 - SDK 10.8)
/System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns
[Not Loaded] SeagateLeafPowSecDriver_10_4.kext (5.2.6 (26**3) - SDK 10.4)
[Not Loaded] SeagateLeafPowSecDriver_10_5.kext (5.2.6 (26**3) - SDK 10.5)
[Not Loaded] SeagateDriveIcons.kext (5.2.6 (26**3) - SDK 10.4)
System Launch Agents:
| [Not Loaded] | 6 Apple tasks |
| [Loaded] | 141 Apple tasks |
| [Running] | 66 Apple tasks |
System Launch Daemons:
| [Not Loaded] | 41 Apple tasks |
| [Loaded] | 134 Apple tasks |
| [Running] | 89 Apple tasks |
Launch Agents:
| [Other] | com.adobe.AdobeCreativeCloud.plist (? faec172d - installed 2013-12-05) |
| [Loaded] | com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-07-02) |
| [Loaded] | com.divx.dms.agent.plist (? bf9bdaf7 - installed 2016-03-10) |
| [Not Loaded] | com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2015-03-07) |
| [Loaded] | com.divx.update.agent.plist (? a041d049 - installed 2016-03-02) |
| [Running] | com.wacom.wacomtablet.plist (? 9e9edb5e - installed 2013-06-07) |
| [Other] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-11) |
| [Running] | com.amazon.sendtokindle.launcher.plist (? d18c2039 - installed 2015-11-14) |
| [Loaded] | com.epson.esua.launcher.plist (Seiko Epson Corporation - installed 2017-11-08) |
| [Other] | com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist (Adobe Systems, Inc. - installed 2018-02-15) |
Launch Daemons:
| [Loaded] | com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-02-15) |
| [Loaded] | com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-07-02) |
| [Other] | yEHCjlVXmd8d.plist (? 3d883afd - installed 2015-07-30) |
| [Loaded] | com.malwarebytes.MBAMHelperTool.plist (Malwarebytes Corporation - installed 2015-10-29) |
| [Loaded] | net.sourceforge.MonolingualHelper.plist (? 2a1d8e29 - installed 2016-12-03) |
| [Loaded] | com.paragon.NTFS.launch.plist (Apple - installed 2016-08-29) |
| [Not Loaded] | com.adobe.SwitchBoard.plist (? 856489a3 - installed 2013-05-14) |
| [Loaded] | com.adobe.fpsaud.plist (? 2afb3af7 - installed 2016-04-16) |
| [Loaded] | com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2010-08-25) |
| [Loaded] | com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2017-09-06) |
| [Loaded] | com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-02-15) |
| [Running] | com.80pct.FreedomHelper.plist (Eighty Percent Solutions Corporation - installed 2018-05-24) |
| [Loaded] | com.google.keystone.daemon.plist (Google, Inc. - installed 2018-07-11) |
| [Other] | com.xrite.device.xrdd.plist (? 247330c8 - installed 2013-07-05) |
| [Running] | com.bitdefender.agent.plist (Bitdefender SRL - installed 2018-07-28) |
| [Loaded] | com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2017-10-10) |
User Launch Agents:
| [Running] | com.spotify.webhelper.plist (Spotify - installed 2018-07-28) |
| [Loaded] | com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-04-13) |
| [Loaded] | com.logmein.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2018-02-09) |
| [Loaded] | com.logos.LogosIndexer.plist (? 0 - installed 2017-06-21) |
| [Loaded] | com.adobe.ARM.***.plist (? 0 - installed 2015-09-24) |
| [Loaded] | com.citrixonline.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2017-09-05) |
| [Loaded] | com.skype.skype.shareagent.plist (? 0 - installed 2018-06-15) |
| [Loaded] | com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2015-03-11) |
User Login Items:
Dropbox Application (Dropbox, Inc. - installed 2018-07-14)
(/Applications/Dropbox.app)
StartUpHelper SMLoginItem (Spotify - installed 2018-07-27)
(/Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app)
LoginHelper SMLoginItem (Mac App Store - installed 2018-07-08)
(/Applications/Memory Clean 2.app/Contents/Library/LoginItems/LoginHelper.app)
Internet Plug-ins:
o1dbrowserplugin: (installed 2016-03-14)
WacomNetscape: (installed 2013-06-07)
OVSHelper: (installed 2016-03-17)
Default Browser: (installed 2016-12-03)
AdobeExManDetect: (installed 2013-05-15)
Flip4Mac WMV Plugin: (installed 2013-05-15)
WacomTabletPlugin: (installed 2013-06-07)
AdobeAAMDetect: (installed 2013-12-05)
AdobePDFViewerNPAPI: (installed 2018-02-24)
DivX Web Player: (installed 2016-03-10)
FlashPlayer-10.6: (installed 2016-04-24)
QuickTime Plugin: (installed 2017-10-26)
Flash Player: (installed 2016-04-24)
googletalkbrowserplugin: (installed 2015-12-12)
Silverlight: (installed 2017-06-11)
AdobePDFViewer: (installed 2018-02-24)
JavaAppletPlugin: (installed 2018-02-13)
User Internet Plug-ins:
ZoomUsPlugIn: (installed 2017-09-15)
Safari Extensions:
| AdBlock.safariextz - BetaFish, Inc. - https://getadblock.com (installed 2016-02-11) |
| QuickBrowse.safariextz - Catalin Andrei Vasiliu - http://www.unionsoftwareonline.com (installed 2017-10-24) |
3rd Party Preference Panes:
Flash Player (installed 2016-04-16)
Flip4Mac WMV (installed 2013-03-30)
Java (installed 2018-01-13)
Paragon NTFS for Mac® (installed 2017-04-20)
Perian (installed 2011-07-24)
Time Machine:
Skip System Files: No
Mobile backups: Yes
Auto backup: Yes
Volumes being backed up:
Macintosh HD: Disk size: 499.05 GB - Disk used: 483.24 GB
Destinations:
S*********B [Local] (Last used)
Total size: 4.00 TB
Total number of backups: 45
Oldest backup: 2014-09-17 18:09:42
Last backup: 2018-04-28 01:19:35
W****B [Local]
Total size: 3.00 TB
Total number of backups: 13
Oldest backup: 2016-03-20 02:58:07
Last backup: 2017-10-26 11:23:08
Top Processes by CPU:
| Process (count) | Source | % of CPU | Location |
| com.apple.Safari.SearchHelper | ? | 8 | /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/ com.apple.Safari.SearchHelper.xpc/Contents/MacOS |
| Safari | Apple | 7 | |
| WindowServer | Apple | 5 | |
| kernel_task | Apple | 2 | |
| airportd | Apple | 1 |
Top Processes by Memory:
| Process (count) | Source | RAM usage | Location |
| com.apple.WebKit.WebContent (6) | Apple | 1.29 GB | |
| kernel_task | Apple | 919 MB | |
| mds_stores | Apple | 233 MB | |
| Dropbox (3) | Dropbox, Inc. | 181 MB | |
| Safari | Apple | 133 MB |
Top Processes by Energy Use:
| Process (count) | Source | Energy (0-100) | Location |
| WindowServer | Apple | 2 | |
| com.apple.WebKit.WebContent (6) | Apple | 1 | |
| com.apple.WebKit.Networking | Apple | 1 | |
| networkd | Apple | 0 | |
| Safari | Apple | 0 |
Virtual Memory Information:
| Available RAM | 11.09 GB |
| Free RAM | 8.08 GB |
| Used RAM | 4.91 GB |
| Cached files | 3.01 GB |
| Swap Used | 0 B |
Software Installs (past 30 days):
| Name | Version | Install Date |
| Microsoft AutoUpdate | 4.0.18061000 | 2018-07-02 |
| EPSON Software Updater | 2.3.2 | 2018-07-02 |
| Microsoft Word for Mac | 16.14.18061302 | 2018-07-02 |
| Memory Clean 2 | 1.7 | 2018-07-08 |
| Bitdefender | 1.2.11.197 | 2018-07-28 |
Clean up:
/Library/LaunchDaemons/yEHCjlVXmd8d.plist
/Library/Application Support/SendSpace/XMUP3ohglvj/SendSpace
Executable not found
/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
/Applications/Utilities/Adobe Creative Cloud/ACC/Creative Cloud.app/Contents/MacOS/Creative Cloud
Executable not found
/Library/LaunchDaemons/com.xrite.device.xrdd.plist
/Library/Application Support/X-Rite/Frameworks/XRiteDevice.framework/Versions/B/Resources/xrdd
Executable not found
Diagnostics Information (past 7 days):
2018-07-28 15:16:56 Dock.app CPU (2 times)
/System/Library/CoreServices/Dock.app
2018-07-27 15:43:53 Audacity.app CPU (3 times)
/Applications/Audacity.app
End of report
