brian9192O Author

Level 1

8 points

I am quite sure someone is remotely hacked into my computer please help! Can you confirm and is there a way I can find out who it is? (Etrecheck Report Included)

EtreCheck version: 4.3.6 (4D041)

Report generated: 2018-07-28 16:18:43

Download EtreCheck from https://etrecheck.com

Runtime: 5:11

Performance: Below Average

Problem: Other problem

Description:

Somebody is remotely hacked into my computer I believe and want to be sure and find out who is doing it.

Major Issues:

Anything that appears on this list needs immediate attention.

No Time Machine backup- Time Machine backup not found.

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

Heavy RAM usage- This machine is using a large amount of RAM.

High battery cycle count- Your battery may be losing capacity.

Apps crashing- There have been numerous app crashes.

Unsigned files- There are unsigned software file installed. They appear to be legitimate but should be reviewed.

Low performance- EtreCheck report took over 5 minutes to run. This is unusual.

32-bit Apps- This machine has 32-bits apps that may have problems in the future.

Abnormal shutdown- Your machine shut down abnormally.

Hardware Information:

MacBook Pro (Retina, 13-inch, Early 2015)

MacBook Pro Model: MacBookPro12,1

1 2.7 GHz Intel Core i5 (i5-5257U) CPU: 2-core

8 GB RAM - Not upgradeable

BANK 0/DIMM0 - 4 GB DDR3 1867 ok

BANK 1/DIMM0 - 4 GB DDR3 1867 ok

Battery: Health = Normal - Cycle count = 1368

Video Information:

Intel Iris Graphics 6100 - VRAM: 1536 MB

Color LCD 2560 x 1600

Drives:

disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes)

Internal PCI 5.0 GT/s x4 Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 [Core Storage Container] 120.47 GB

disk1 - Macintosh HD (Journaled HFS+) 120.11 GB

disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB

Mounted Volumes:

disk1 - Macintosh HD 120.11 GB (41.96 GB free)

Journaled HFS+

Mount point: /

Encrypted

Network:

Interface usbmodem1420: MT65xx Preloader

Interface en0: Wi-Fi

802.11 a/b/g/n/ac

One IPv4 address

Interface en5: iPhone

Interface en3: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

iCloud Quota: 39.51 GB available

System Software:

macOS Sierra 10.12.6 (16G1510)

Time since boot: About 2 days

System Load: 4.76 (1 min ago) 3.83 (5 min ago) 3.07 (15 min ago)

Security:

System	Status
Gatekeeper	Mac App Store and identified developers
System Integrity Protection	Enabled

Unsigned Files:

Launchd: /Library/LaunchDaemons/com.avast.update.plist

Executable: /Library/Application Support/Avast/components/update/update.sh

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.avast.osx.secureline.home.userinit.plist

Executable: ~/Library/Application Support/AvastSecureLine/hub/userinit.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avast.init.plist

Executable: /Library/Application Support/Avast/hub/init.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avast.uninstall.plist

Executable: /Library/Application Support/Avast/hub/autouninstall.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avast.osx.secureline.userinit.plist

Executable: /Library/Application Support/AvastSecureLine/hub/userinit.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avast.userinit.plist

Executable: /Library/Application Support/Avast/hub/userinit.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.update.plist

Executable: /Library/Application Support/AvastSecureLine/components/update/update.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.uninstall.plist

Executable: /Library/Application Support/AvastSecureLine/hub/autouninstall.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avast.osx.secureline.init.plist

Executable: /Library/Application Support/AvastSecureLine/hub/init.sh

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.macpaw.CleanMyMac3.Scheduler.plist

Executable: '/Users/***/Library/Application Support/CleanMyMac 3/CleanMyMac 3 Scheduler.app' -F -g -n '/Users/***/Library/Application Support/CleanMyMac 3/CleanMyMac 3 Scheduler.app' --args -scheduled

Details: Exact match found in the whitelist - probably OK

32-bit Applications:

24 32-bit apps

Kernel Extensions:

/Library/Application Support/Avast/components/fileshield/signed

[Loaded] AvastFileShield.kext (AVAST Software a.s., 4.0.0 - SDK 10.12)

/Library/Application Support/Avast/components/proxy/signed

[Loaded] AvastPacketForwarder.kext (AVAST Software a.s., 2.1 - SDK 10.12)

System Launch Agents:

[Not Loaded]	7 Apple tasks
[Loaded]	171 Apple tasks
[Running]	49 Apple tasks
[Killed]	59 Apple tasks

System Launch Daemons:

[Not Loaded]	42 Apple tasks
[Loaded]	166 Apple tasks
[Running]	67 Apple tasks
[Killed]	43 Apple tasks
[Other]	2 Apple tasks

Launch Agents:

[Loaded]	com.avast.userinit.plist (? bb25154c - installed 2018-06-07)
[Running]	com.avast.osx.secureline.update-agent.plist (AVAST Software a.s. - installed 2018-06-07)
[Loaded]	com.avast.osx.secureline.userinit.plist (? 2fc1004f - installed 2018-06-07)
[Loaded]	6H4HRTU5E3.com.avast.passwords.Agent.plist (AVAST Software a.s. - installed 2017-08-18)

Launch Daemons:

[Loaded]	6H4HRTU5E3.com.avast.passwords.AgentXPC.plist (AVAST Software a.s. - installed 2017-08-18)
[Running]	com.nordvpn.osx.helper.plist (? 5936d993 - installed 2018-05-29)
[Loaded]	com.avast.uninstall.plist (? 22f94791 - installed 2018-06-07)
[Loaded]	com.avast.init.plist (? fc55b6fa - installed 2018-06-07)
[Running]	com.cleverfiles.cfbackd.plist (ELTIMA LLC - installed 2017-06-29)
[Loaded]	com.avast.osx.secureline.init.plist (? 1bda83b1 - installed 2018-06-07)
[Loaded]	com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-06-25)
[Loaded]	com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2015-06-04)
[Loaded]	com.macpaw.CleanMyMac3.Agent.plist (MacPaw Inc. - installed 2017-06-29)
[Running]	com.avast.osx.secureline.update.plist (? f50a649c - installed 2018-06-07)
[Loaded]	com.avast.update.plist (? 5c6ac355 - installed 2018-06-07)
[Loaded]	com.avast.osx.secureline.uninstall.plist (? ba7a0061 - installed 2018-06-07)

User Launch Agents:

[Loaded]	com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-18)
[Loaded]	com.macpaw.CleanMyMac3.Scheduler.plist (? 0 - installed 2017-12-16)
[Loaded]	com.avast.osx.secureline.home.userinit.plist (? 0 - installed 2018-06-07)

User Login Items:

SmartDaemon Application (ELTIMA LLC - installed 2017-06-29)

(/Library/Application Support/CleverFiles/SmartDaemon.app)

iTunesHelper Application (Apple - installed 2018-07-10)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Dropbox Application (? - installed 2017-06-22)

(~/iCloud Drive (Archive)/Dropbox.app)

CleanMyMac 3 Menu Application (MacPaw Inc. - installed 2018-07-20)

(/Applications/CleanMyMac 3.app/Contents/MacOS/CleanMyMac 3 Menu.app)

Google Chrome Application (Google, Inc. - installed 2018-06-25)

(/Applications/Google Chrome.app)

6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper SMLoginItem (AVAST Software a.s. - installed 2018-05-30)

(/Applications/AvastSecureLine.app/Contents/Library/LoginItems/6H4HRTU5E3.com.av ast.osx.secureline.avastsecurelinehelper.app)

Internet Plug-ins:

FlashPlayer-10.6: (installed 2018-07-10)

QuickTime Plugin: (installed 2018-07-25)

Flash Player: (installed 2018-07-10)

PepperFlashPlayer: (installed 2018-07-10)

SharePointBrowserPlugin: (installed 2017-08-29)

3rd Party Preference Panes:

Flash Player (installed 2018-06-25)

FUSE (installed 2017-04-16)

Time Machine:

Time Machine Not Configured!

Top Processes by CPU:

Process (count)	Source	% of CPU	Location
Google Chrome Helper (45)	Google, Inc.	103
Google Chrome	Google, Inc.	27
kernel_task	Apple	17
WindowServer	Apple	7
plugin-container (5)	Mozilla Corporation	3

Top Processes by Memory:

Process (count)	Source	RAM usage	Location
Google Chrome Helper (48)	Google, Inc.	3.49 GB
kernel_task	Apple	1.00 GB
mdworker (15)	Apple	357 MB
plugin-container (5)	Mozilla Corporation	296 MB
Google Chrome	Google, Inc.	244 MB

Top Processes by Network Use:

Process	Source	Input	Output	Location
ovpn	?	91 MB	7 MB	/Applications/NordVPN.app
mDNSResponder	Apple	2 MB	411 KB
netbiosd	Apple	269 KB	51 KB
Dropbox	?	23 KB	6 KB	~/iCloud Drive (Archive)/Dropbox.app
SystemUIServer	Apple	0 B	3 KB

Top Processes by Energy Use:

Process (count)	Source	Energy (0-100)	Location
Google Chrome Helper (48)	Google, Inc.	43
Google Chrome	Google, Inc.	18
hidd	Apple	1
plugin-container (5)	Mozilla Corporation	1
WindowServer	Apple	1

Virtual Memory Information:

Available RAM	1.17 GB
Free RAM	16 MB
Used RAM	6.83 GB
Cached files	1.16 GB
Swap Used	2.72 GB

Software Installs (past 30 days):

Name	Version	Install Date
Safari	11.1.2	2018-07-10
iTunes	12.8	2018-07-10
Adobe Flash Player	30.0.0.134	2018-07-10
Adobe Pepper Flash Player	30.0.0.134	2018-07-10
Gatekeeper Configuration Data	148	2018-07-17
Security Update 2018-003	10.12.6	2018-07-25
Security Update 2018-004	10.12.6	2018-07-25

Diagnostics Information (past 7 days):

2018-07-28 16:11:18 Xcode.app Crash (23 times)

/Applications/Xcode.app

dyld: launch, loading dependent libraries

2018-07-28 13:48:23 mds Crash (8 times)

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata .framework/Versions/A/Support/mds

Initializing

2018-07-26 14:07:04 Last Shutdown Cause: 3 - Hard shutdown

End of report

Message was edited by: brian9192O In addition, computer constantly asks me to log on twice, once with a faded black human icon with my password and then again with a normal icon. I am also, somehow...not the administrator of my own macbook.

MacBook Pro (Retina, 13-inch,Early 2015), iOS 10

Posted on Jul 28, 2018 2:21 PM

Reply

Top-ranking reply

Level 10

362,007 points

Posted on Jul 28, 2018 2:26 PM

What gives you the idea you've been hacked? Nothing in the EtreCheck report would point that out so why post it before anyone here asked for it?

A Troubleshooting Procedure that may Fix Problems with macOS El Capitan or Later

You should try each, one at a time, then test to see if the problem is fixed before going on to the next.

Be sure to backup your files before proceeding if possible.

Shutdown the computer, wait 30 seconds, restart the computer.
Disconnect all third-party peripherals.
Resetting your Mac’s PRAM and NVRAM
Reset the System Management Controller (SMC)
Reset your Startup Disk and Sound preferences.
Start the computer in Safe Mode. Test in safe mode to see if the problem persists, then restart normally. Also, see Use safe mode to isolate issues with your Mac - Apple Support and Playing Safe- what does Safe mode do?.
Use Apple Hardware Test to see if there is any hardware malfunction. How to invoke and interpret the Apple hardware tests - CNET.
Repair the disk by booting from the Recovery HD. Immediately after the chime hold down the Command and R keys until the Utility Menu appears. Choose Disk Utility and click on the Continue button. Select the indented (usually, Macintosh HD) volume entry from the side list. Click on the First Aid button in the toolbar. Wait for the Done button to appear. Quit Disk Utility and return to the Utility Menu. Restart the computer from the Apple Menu.
Repair permissions on the Home folder: Resolve issues caused by changing the permissions of items in your home folder.
Create a New User Account Open Users & Groups preferences. Click on the lock icon and enter your Admin password when prompted. On the left under Current User click on the Add [+] button under Login Options. Setup a new Admin user account. Upon completion log out of your current account then log into the new account. If your problems cease, then consider switching to the new account and transferring your files to it - Transferring files from one User Account to another.
Download and install the OS X El Capitan 10.11.6 Combo Update or 10.12.6 Combo Update or Download macOS High Sierra 10.13.6 Combo Update as needed.
Reinstall OS X by booting from the Recovery HD using the Command and R keys. When the Utility Menu appears select Reinstall OS X then click on the Continue button.
Erase and Install OS X Restart the computer. Immediately after the chime hold down the Command and R keys until the Apple logo appears. When the Utility Menu appears:

Select Disk Utility from the Utility Menu and click on Continue button.

When Disk Utility loads select the drive (out-dented entry) from the Device list.

Click on the Erase icon in Disk Utility's toolbar. A panel will drop down.

Set the Format type to APFS (for SSDs only) or Mac OS Extended (Journaled.)

Click on the Apply button, then wait for the Done button to activate and click on it.

Quit Disk Utility and return to the Utility Menu.

Select Reinstall OS X and click on the Continue button.

14. If none of the above helps then see How to Downgrade macOS High Sierra and macOS Reversion- How to Downgrade from High Sierra.

15. If you get here without success then make an appointment at the Apple Genius Bar for service. If you need to find an Apple Store - Find a Store - Apple.

View in context

Similar questions

8 replies

Top-ranking reply

Level 10

362,007 points

Jul 28, 2018 2:26 PM in response to brian9192O

What gives you the idea you've been hacked? Nothing in the EtreCheck report would point that out so why post it before anyone here asked for it?

A Troubleshooting Procedure that may Fix Problems with macOS El Capitan or Later

You should try each, one at a time, then test to see if the problem is fixed before going on to the next.

Be sure to backup your files before proceeding if possible.

Shutdown the computer, wait 30 seconds, restart the computer.
Disconnect all third-party peripherals.
Resetting your Mac’s PRAM and NVRAM
Reset the System Management Controller (SMC)
Reset your Startup Disk and Sound preferences.
Start the computer in Safe Mode. Test in safe mode to see if the problem persists, then restart normally. Also, see Use safe mode to isolate issues with your Mac - Apple Support and Playing Safe- what does Safe mode do?.
Use Apple Hardware Test to see if there is any hardware malfunction. How to invoke and interpret the Apple hardware tests - CNET.
Repair the disk by booting from the Recovery HD. Immediately after the chime hold down the Command and R keys until the Utility Menu appears. Choose Disk Utility and click on the Continue button. Select the indented (usually, Macintosh HD) volume entry from the side list. Click on the First Aid button in the toolbar. Wait for the Done button to appear. Quit Disk Utility and return to the Utility Menu. Restart the computer from the Apple Menu.
Repair permissions on the Home folder: Resolve issues caused by changing the permissions of items in your home folder.
Create a New User Account Open Users & Groups preferences. Click on the lock icon and enter your Admin password when prompted. On the left under Current User click on the Add [+] button under Login Options. Setup a new Admin user account. Upon completion log out of your current account then log into the new account. If your problems cease, then consider switching to the new account and transferring your files to it - Transferring files from one User Account to another.
Download and install the OS X El Capitan 10.11.6 Combo Update or 10.12.6 Combo Update or Download macOS High Sierra 10.13.6 Combo Update as needed.
Reinstall OS X by booting from the Recovery HD using the Command and R keys. When the Utility Menu appears select Reinstall OS X then click on the Continue button.
Erase and Install OS X Restart the computer. Immediately after the chime hold down the Command and R keys until the Apple logo appears. When the Utility Menu appears:

Select Disk Utility from the Utility Menu and click on Continue button.

When Disk Utility loads select the drive (out-dented entry) from the Device list.

Click on the Erase icon in Disk Utility's toolbar. A panel will drop down.

Set the Format type to APFS (for SSDs only) or Mac OS Extended (Journaled.)

Click on the Apply button, then wait for the Done button to activate and click on it.

Quit Disk Utility and return to the Utility Menu.

Select Reinstall OS X and click on the Continue button.

14. If none of the above helps then see How to Downgrade macOS High Sierra and macOS Reversion- How to Downgrade from High Sierra.

15. If you get here without success then make an appointment at the Apple Genius Bar for service. If you need to find an Apple Store - Find a Store - Apple.

Reply

Level 9

68,786 points

Jul 28, 2018 2:45 PM in response to brian9192O

The screen shot is meaningless. Every install of the macOS includes those files.

Kappy has a lot of excellent suggestions and steps, but you will first be doing yourself a huge favor by removing Avast and CleanMyMac. Both are completely worthless apps. Look at the ridiculous amount of system resources Avast is easting in the report. It's insane.

https://support.avast.com/en-us/article/Uninstall-Mac-Security

Never install anything like this garbage again. They truly do nothing worthwhile for you.

CleanMyMac, and other "cleaning" apps are also well known to remove system files. Once you have completely removed Avast and CleanMyMac, make a full, restorable backup and then reinstall the OS.

Reply

Jul 28, 2018 2:32 PM in response to brian9192O

Uninstall avast and CleanMyMac then you can troubleshoot further.

Reply

Level 10

264,772 points

Jul 28, 2018 2:47 PM in response to brian9192O

In addition to the advice already reported regarding CleanMyMac and Avast, you should note that Chrome is using a very high percentage your CPU Resources.

Reply

brian9192O Author

Level 1

8 points

Jul 28, 2018 2:37 PM in response to Kappy

Thanks for your help, this is one reason for suspicion, as well as the fact that I am required to sign into my computer twice when its turned on....the first is my name and a shadow/human figure and then it asks me again with my name again with a normal default icon. I attached the photo from running a command in the terminal.

Reply

Level 10

362,007 points

Jul 28, 2018 2:44 PM in response to brian9192O

That isn't evidence of hacking. Follow my suggested steps posted earlier. Remove unneeded third-party software such a the Anti-Malware software, Avast, and the CleanMyMac software. Not needed. Read your EtreCheck report and try learning more about your computer system.

Reply

brian9192O Author

Level 1

8 points

Jul 28, 2018 2:47 PM in response to Kappy

thanks appreciate your help!

Reply

brian9192O Author

Level 1

8 points

Jul 28, 2018 5:53 PM in response to Kurt Lang

Thank you my computer has been overheating and freezing constantly so maybe this suspicion turned out to have an unexpected benefit!

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

I am quite sure someone is remotely hacked into my computer please help! Can you confirm and is there a way I can find out who it is? (Etrecheck Report Included)

Welcome to Apple Support Community

A forum where Apple customers help each other with their products. Get started with your Apple Account.

Learn more Sign up