SOS: Can anyone with any type of computer forensics background or knowledge please help me? Dealing with stalker, now cyberstalking me a year after I moved away and filed a restraining order. Deeply rooted in Mac and Iphone System.

Question

Level 1

5 points

SOS: Can anyone with any type of computer forensics background or knowledge please help me? Dealing with stalker, now cyberstalking me a year after I moved away and filed a restraining order. Deeply rooted in Mac and Iphone System.

Hello, I am reaching out to anyone at this point because I am desperate and am hoping somewhere here can be of some help. I would have gone to a computer forensics company if I had the money, but I am a broke college student and i'm only minoring in Computer Science, and am still a beginner so I only can only understand so much when trying to diagnose this insanity on basically all my devices at this point. I've even been to the point where taunting messages would display on my computer, as I spent hours trying to remove or attempt to block the remote access connection to my computer, as I assumed that it must have stemmed from there and thus gave access to my phone and all my other devices. I've already gone to the police, but at this point I just desperately want to try to assess what program or software is even being used - as its one of the most complicated that I have come across. At this point, I just wan't it off, as it has gotten to the point of making me sick and paranoid all over again. I have no idea how it even started, but i'm assuming it most likely happened through my use of kali linux tools on my virtual machine. We just started using them in my computer forensics class, like 6 months back and this happened shortly after so i'm assuming the two are connected. I just am desperate for help, as I can't take the stress of not having control over any of my own personal information and my privacy being invaded - once again. I even ended up failing an exam, and didn't find out till months later that my professor hadn't received a single one of my emails - despite me sending it through my own university email, and through D2l which is a server we use at my university. I can go on and on, and I know most of these posts are never taken very seriously because its usually an older person who sees a "suspicious" file name and automatically thinks they're being hacked. But I promise this is very real, and I'm willing to run any diagnostics or whatever is asked of me and post it on here. I'm just really hoping someone see's this and helps out. I finally got to the point where I said "screw it" and just decided that I didn't care if I was being monitored, and that it didn't matter. But now I live on campus in my apartment alone with just my dogs, and the more I start to understand and learn through my classes, the more scared i'm becoming of how serious it is, especially that some random person wouldn't put this much effort and time into watching my non-eventful life. Just if you do see this, and you are understanding of how advanced spyware is and know that you can be of some help, even if its just determining what tool or software they're using will be of great help. The fact that i've gotten to the point of using useless tools like little snitch, just shows how desperate I am at this point. No factory reset or anything has fixed it.

MacBook Pro TouchBar and Touch ID, macOS High Sierra (10.13.4), Remote Monitoring, Hacker, Stalker

Posted on Sep 20, 2018 6:16 AM

Reply

Answer 1

Old Toad

Level 10

207,403 points

Sep 23, 2018 1:26 PM in response to n0rmanb0ates

Mounted Volumes:

disk1s1 - N*****e 121.12 GB (9.31 GB free)

APFS

Mount point: /

Encrypted

You're running dangerously low on free spade on your boot drive. It's recommended that one maintain a minimum of 15-20 GB of free space on the boot drive for temporary cache and swap files.

Also I second the comments about CleanMyMac. Bad, biggly bad.

Reply

Answer 2

JimmyCMPIT

Level 7

29,223 points

Sep 20, 2018 6:49 AM in response to n0rmanb0ates

Please describe the behavor you are seeing with the devices, not your situation, use punctuation.

There are no malware or virus for a non jailbroken iOS device at this time. The developer SDK does not include the tools for developers to do so. Since the Apple Store is the only location a non-broken jailbroken device could get software it restricts the deployment of malicious software.

There are no reported virus for OS X/Mac OS in the wild at this time. You can not install keyloger software on a Mac unless your are physically sitting at it and have credentials to do so.

if you think your Apple ID has been compromised see this link:

https://support.apple.com/en-us/HT204145

You may wish to change your Apple ID log/pass with a complex password you don’t use for anywhere else.

If you share the same or similar log/pass combo with another service (e.g. social media, bank, email, etc.) and that service is compromised then anyone with that information simply needs to try the same combo elsewhere

To change your Apple ID password see this link:

https://support.apple.com/en-ca/KM205079

You also need to remove (with prejudice) clean my mac

see John Galts solution here

How do I remove Clean My Mac 3 from Mac book pro with OS 10.7.5

Reply

Answer 3

n0rmanb0ates Author

Level 1

5 points

Sep 20, 2018 6:17 AM in response to n0rmanb0ates

EtreCheck version: 4.3.6 (4D041)

Report generated: 2018-09-20 09:06:54

Download EtreCheck from https://etrecheck.com

Runtime: 6:31

Performance: Below Average

Problem: Other problem

Description:

Hacker

Major Issues:

Anything that appears on this list needs immediate attention.

No Time Machine backup- Time Machine backup not found.

Gatekeeper disabled- Gatekeeper security protection is disabled. This computer is at risk of malware infection.

Low disk space- This machine is running critically low on free hard drive space.

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

Unsigned files- There are unsigned software file installed. They appear to be legitimate but should be reviewed.

Low performance- EtreCheck report took over 5 minutes to run. This is unusual.

32-bit Apps- This machine has 32-bits apps that may have problems in the future.

Hardware Information:

MacBook Air (13-inch, Early 2015)

MacBook Air Model: MacBookAir7,2

1 1.6 GHz Intel Core i5 (i5-5250U) CPU: 2-core

8 GB RAM - Not upgradeable

BANK 0/DIMM0 - 4 GB DDR3 1600 ok

BANK 1/DIMM0 - 4 GB DDR3 1600 ok

Battery: Health = Normal - Cycle count = 449

Video Information:

Intel HD Graphics 6000 - VRAM: 1536 MB

Color LCD 1440 x 900

Drives:

disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes)

Internal PCI 5.0 GT/s x4 Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 121.12 GB

disk1s1 - N*****e (APFS) 121.12 GB (109.00 GB used)

disk1s2 - Preboot (APFS) [APFS Preboot] 121.12 GB (20 MB used)

disk1s3 - Recovery (APFS) [Recovery] 121.12 GB (519 MB used)

disk1s4 - VM (APFS) [APFS VM] 121.12 GB (2.15 GB used)

disk2 - Disk Image 196 MB (Disk Image)

External Disk Image

disk2s1 [Partition Map] 31 KB

disk2s2 - S***********************w (HFS+) 196 MB

disk3 - Disk Image 105 MB (Disk Image)

External Disk Image

disk3s1 - V********x (HFS+) 105 MB

disk4 - Disk Image 97 MB (Disk Image)

External Disk Image

disk4s1 [Partition Map] 31 KB

disk4s2 - m*********************************y (HFS+) 97 MB

disk5 - Disk Image 135 MB (Disk Image)

External Disk Image

disk5s1 - S****r (HFS+) 135 MB

disk6 - Disk Image 466 MB (Disk Image)

External Disk Image

disk6s1 [Partition Map] 31 KB

disk6s2 - C************************d (HFS+) 466 MB

disk7 - Disk Image 210 MB (Disk Image)

External Disk Image

disk7s1 - A**************s (HFS+) 210 MB

disk8 - Disk Image 464 MB (Disk Image)

External Disk Image

disk8s1 - C**************************s (HFS+) 464 MB

disk9 - Disk Image 17 MB (Disk Image)

External Disk Image

Mounted Volumes:

disk1s1 - N*****e 121.12 GB (9.31 GB free)

APFS

Mount point: /

Encrypted

disk1s4 - VM [APFS VM] 121.12 GB (9.31 GB free)

APFS

Mount point: /private/var/vm

disk2s2 - S***********************w 196 MB (106 MB free)

HFS+

Mount point: /Volumes/S***********************w

disk3s1 - V********x 105 MB (2 MB free)

HFS+

Mount point: /Volumes/V********x

disk4s2 - m*********************************y 97 MB (84 MB free)

HFS+

Mount point: /Volumes/m*********************************y

disk5s1 - S****r 135 MB (26 MB free)

HFS+

Mount point: /Volumes/S****r

disk6s2 - C************************d 466 MB (342 MB free)

HFS+

Mount point: /Volumes/C************************d

disk7s1 - A**************s 210 MB (128 MB free)

HFS+

Mount point: /Volumes/A**************s

disk8s1 - C**************************s 464 MB (250 MB free)

HFS+

Mount point: /Volumes/C**************************s

Network:

Interface en0: Wi-Fi

802.11 a/b/g/n/ac

One IPv4 address

Interface en3: iPhone

Interface en2: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

System Software:

macOS High Sierra 10.13.6 (17G65)

Time since boot: About 5 hours

System Load: 10.49 (1 min ago) 4.79 (5 min ago) 3.15 (15 min ago)

Security:

System	Status
Gatekeeper	Anywhere
System Integrity Protection	Enabled

Unsigned Files:

Launchd: /Library/LaunchDaemons/org.gpgtools.gpgmail.patch-uuid.plist

Executable: /Library/Application Support/GPGTools/uuid-patcher