|
key logger?
i am pretty sure some one (former roommate who kept a copy of the apartment key...) has broken in to my apt, put a keylogger/backdoor/something on my macbook and then stole my mac software so i can't just 'wipe & go'...i did the textedit copies of 'activity monitor' and 'terminal: ps axww' suggested earlier in this thread. i don't know how/where to attach these, tho.
i am not sure what all this means, but i do know that now the option to require a password to wake from sleep/boot is not greyed out and can be unchecked at will even if the lock is closed on my security preferences and there is a 'details' and a 'drop arrow' on the password entry screen that leads to options other than entering a password or canceling...does anyone have any suggestions as to my options to secure my machine and, preferably, find out where any hijacked data is going? mac specs: macBook2,1 2.16 GHz Intel Core 2 Duo 1 GB 667 MHz DDR2 SDRAM thanks for your help. your assistance is greatly appreciated! |
If you have evidence that someone had physical access to your computer and compromised it, then nothing that the computer tells you can be trusted. The only way to know for sure that your computer is clean is to
1. Backup any important data files that you want to keep onto an external hard drive. Do not back up any program files. 2. Erase your entire hard drive and install a fresh copy of OS X on it from your OS X Install disc. Then install your applications from their original media, NOT from any backup. 3. Finally, restore the data files from your backup. This will result in a known-clean computer. Anything less will not. Trevor |
Quote:
Can data files be executable in disguise? Even if they aren't couldn't they be compromised altered, etc...? |
Hi, I've been searching all over the internet, trying to find info on how to detect keylogger software like NetNanny or something. I suspect my boyfriend has put something on my computer but I have no proof. I have a macbook and have searched but no luck. If I paste my activity monitor info can someone take a look and see if they see anything suspicious? Also, would NetNanny be visible anywhere else? Here is my activity monitor info. Any help you can provide would be greatly appreciated. I thought about bringing it to the Genius Bar at Apple but not sure if they would be able to tell me anything. If there is something I need to get it off my computer- I am furious at this possible invasion of privacy, and there will be consequences for him if I find something.
899 Activity Monitor 1.9 5 12.11 MB 972.64 MB Intel 145 AirPort Base Station Agent 0.0 2 3.05 MB 908.71 MB Intel 217 AppleSpell.service 0.0 1 5.07 MB 601.73 MB Intel 171 Archive Assistant Scheduler 0.0 2 11.23 MB 914.37 MB PowerPC 155 ATSServer 0.0 2 7.33 MB 642.52 MB Intel 40 autofsd root 0.0 1 664.00 KB 585.62 MB Intel 55 blued root 0.0 1 2.32 MB 596.92 MB Intel 37 configd root 0.0 3 2.32 MB 587.20 MB Intel 157 coreaudiod root 0.0 2 2.54 MB 589.33 MB Intel 45 coreservicesd root 0.0 4 15.60 MB 611.54 MB Intel 15 cron root 0.0 1 632.00 KB 586.69 MB Intel 397 DashboardClient 0.0 4 13.68 MB 921.41 MB Intel 396 DashboardClient 0.0 10 21.05 MB 960.16 MB Intel 398 DashboardClient 0.0 4 9.41 MB 917.01 MB Intel 695 Database Daemon 0.1 3 16.23 MB 1,007.81 MB PowerPC 35 DirectoryService root 0.0 5 3.53 MB 588.82 MB Intel 34 diskarbitrationd root 0.0 1 1,012.00 KB 585.69 MB Intel 42 distnoted daemon 0.0 1 788.00 KB 585.59 MB Intel 156 Dock 0.0 2 14.26 MB 925.84 MB Intel 32 dynamic_pager root 0.0 1 696.00 KB 585.61 MB Intel 159 Finder 0.0 7 16.25 MB 942.94 MB Intel 185 Firefox 45.0 22 201.29 MB 1.38 GB Intel 30 fseventsd root 0.0 12 1.37 MB 592.66 MB Intel 29 hidd root 0.0 2 592.00 KB 586.12 MB Intel 168 HP Communications 0.1 5 16.32 MB 960.65 MB PowerPC 165 HP Event Handler 0.0 3 3.21 MB 859.62 MB Intel 96 hpusbmond root 0.0 1 780.00 KB 586.78 MB Intel 176 iChatAgent 0.0 2 2.95 MB 854.53 MB Intel 170 iTunes Helper 0.0 2 2.45 MB 858.67 MB Intel 0 kernel_task root 1.8 55 79.00 MB 1.09 GB Intel 27 KernelEventAgent root 0.0 2 648.00 KB 585.68 MB Intel 10 kextd root 0.0 2 1.30 MB 586.19 MB Intel 1 launchd root 0.0 3 552.00 KB 586.74 MB Intel 70 launchd 0.0 3 540.00 KB 585.74 MB Intel 213 launchd _securityagent 0.0 3 452.00 KB 585.74 MB Intel 51 launchd _mdnsresponder 0.0 3 456.00 KB 585.74 MB Intel 92 llipd root 0.0 1 208.00 KB 585.59 MB Intel 26 loginwindow 0.0 3 6.86 MB 920.62 MB Intel 172 MacallyMouseHelper 0.0 2 9.86 MB 910.21 MB PowerPC 174 MagicMenu 0.0 1 5.22 MB 915.40 MB Intel 177 Mail 0.0 13 48.24 MB 1,001.34 MB Intel 25 mDNSResponder _mdnsresponder 0.0 2 2.41 MB 588.02 MB Intel 24 mds root 0.3 16 58.98 MB 810.20 MB Intel 846 mdworker 0.1 4 8.36 MB 608.55 MB Intel 63 nmnetmgrd root 0.0 4 1.68 MB 590.82 MB Intel 11 notifyd root 0.0 2 468.00 KB 586.17 MB Intel 13 ntpd root 0.0 1 860.00 KB 586.12 MB Intel 154 pboard 0.0 1 580.00 KB 586.63 MB Intel 180 pipedaemon 0.0 1 2.00 MB 642.04 MB PowerPC 900 pmTool root 1.2 1 1.31 MB 595.69 MB Intel 694 PowerPoint 0.4 9 97.97 MB 1.34 GB PowerPC 323 Preview 0.0 6 36.41 MB 973.44 MB Intel 126 pvsnatd root 0.0 3 528.00 KB 588.73 MB Intel 22 securityd root 0.0 2 1.92 MB 587.35 MB Intel 41 socketfilterfw root 0.0 3 1.54 MB 585.93 MB Intel 149 Spotlight 0.0 6 12.32 MB 1,023.21 MB Intel 20 syslogd root 0.0 4 488.00 KB 587.24 MB Intel 188 System Events 0.0 1 4.44 MB 879.98 MB Intel 18 SystemStarter root 0.0 1 680.00 KB 585.61 MB Intel 158 SystemUIServer 0.2 11 13.50 MB 936.00 MB Intel 216 TextEdit 0.0 8 12.25 MB 934.89 MB Intel 17 update root 0.0 1 280.00 KB 585.57 MB Intel 16 usbmuxd _usbmuxd 0.0 2 936.00 KB 587.46 MB Intel 150 UserEventAgent 0.0 3 2.80 MB 600.57 MB Intel 56 WindowServer _windowserver 1.0 5 38.62 MB 942.05 MB Intel |
I do not see anything unusual in your activity monitor. You mention netnanny, do you suspect someone is monitoring what sites you visit. This can be done through osx preference pane "parent controls".
|
Can anyone help... I have a copy of my monitor activity here below. I have restored the whole mac but I'm not sure weather the keylogger has gone. There was a keylogger because my ex commented on somethings that the only way he could know was by seeing what I was doing on the computer.
Any help would be appreciated. http://i197.photobucket.com/albums/a...august2009.jpg |
Can anyone see if something is wrong here. I had a keylogger and I restored the mac. But Im not sure if it is still there.
Any help would be great.... Code:
331 Activity Monitor shevawnfletcher 1.6 5 17.14 MB 969.14 MB Intel |
How do you know you had a key logger? Did you install it yourself? Did you know that some one else had installed one, such as your employer?
|
Quote:
Quote:
Trevor |
Have I been hacked?
I know I have been but I wanna know how...can u look at my logs and tell me...
Code:
722 Activity Monitor localadmin 5.8 6 22.06 MB 419.33 MB Intel |
Quote:
2) In general, it isn't possible to tell from the logs or a process list (what you showed) whether or not your computer has "been hacked". The malicious software could (if cleverly enough written) completely hide all traces of itself. |
Why is it always the people with 1 or 2 posts that are convinced they've been infected with a virus, have a key logger, or have otherwise had their Macs compromised? If I were the suspicious type, and I am, I would think that the "security" industry is planting FUD. Possibly they're doing it to Windows switchers, or they're trying to do it here. Hard to say.
|
Quote:
Quote:
Sure you would need to type your password for this stuff to even install. But that's a lot easier to archive then most would think. Social engineering isn't that hard. |
You've missed my point. I agree that it's technically possible, but the fact that it's always somebody with very few posts here who is convinced that they've been attacked makes me think there's something going on that doesn't require a successful attack on an individual's computer.
Because actual, successful attacks on real world Mac users are so rare, I believe that it's likely that either the user has been conditioned to believe that every hiccup is a virus/trojan/keylogger/othermalware or they work for somebody who is conditioning people to believe that. Basically, I think there is a great deal of social engineering going on! |
Quote:
Quote:
Quote:
|
Maybe I'm not being explicit enough: I don't think that we're seeing Mac users post these questions. I think we're seeing recent switchers who are not yet experienced enough with Macs to be called Mac users, and/or shills for the so-called "security" industry. The switchers are Windows users, and the security people are shills.
The social engineering I'm talking about isn't aimed at controlling your computer. It's aimed at controlling your buying habits. The idea is to condition you to believe that you need to buy AV software no matter what OS you use. |
Quote:
On the other hand I've been a Windows user for many years, never had a virusscanner and never, ever, got infected with anything. (I do have to admit I'm a security professional so I do know what I'm doing ;) ) |
Q: how can you tell if you have a virus/key logger?
A: -Zero wipe your hard drive, reinstall the OS. This will kill anything currently known. -create non-trivial passwords and don't share them, -add a guest account to your computer that doesn't have privileges to install apps if you need to let others use it. -Don't steal software. -keep all apps and OS up-to-date. -Stop being friends or even dealing with people you do not trust, simple. |
Quote:
|
Quote:
But most AV can at least protect you against known attacks. The people not versed in all the malware techniques, which I assume most users are, would find it beneficial. Prevention is always better then a cure. Even if the amount of malware is still relatively minute :D |
| All times are GMT -5. The time now is 12:16 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.