assistance requested

Krista's Avatar

Krista

17 Sep, 2018 03:36 AM

Last login: Sun Sep 16 21:25:04 on ttys000
Kristas-MacBook-Pro:~ kristahowden$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
Kristas-MacBook-Pro:~ kristahowden$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
Password:
com.adobe.ARMDC.Communicator
Adobe_Genuine_Software_Integrity_Monitor
Adobe_Genuine_Software_Integrity_Service
com.adobe.ARMDC.SMJobBlessHelper
com.adobe.acc.installer.v2
Kristas-MacBook-Pro:~ kristahowden$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
com.adobe.acc.AdobeDesktopService.19748.73545783-BDEF-4E74-9EA1-66D6EA7B7EEA
com.malwarebytes.mbam.frontend.agent
com.adobe.AdobeCreativeCloud
com.openssh.ssh-agent
com.microsoft.update.agent
com.sqwarq.DetectX-Swift.observer
com.microsoft.Outlook.19176
com.microsoft.autoupdate.fba.12708
com.adobe.GC.Scheduler-1.0
cn.linfei.SimpleRecoder.20260
com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d
com.adobe.CCXProcess.19756
cn.linfei.SimpleRecoder.20256
com.adobe.CCLibrary.19760
com.spotify.webhelper
com.google.Chrome.19772
com.adobe.Acrobat.Pro.19716
Kristas-MacBook-Pro:~ kristahowden$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
/Library/Components:

/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
HighPointIOP.kext
HighPointRR.kext

/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
AudioMixEngine.framework
NyxAudioAnalysis.framework
PluginManager.framework
iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:
AdobeAAMDetect.plugin
AdobePDFViewer.plugin
AdobePDFViewerNPAPI.plugin
Disabled Plug-Ins

/Library/Keyboard Layouts:

/Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist
com.adobe.AdobeCreativeCloud.plist
com.adobe.GC.Invoker-1.0.plist
com.malwarebytes.mbam.frontend.agent.plist
com.microsoft.update.agent.plist

/Library/LaunchDaemons:
com.adobe.ARMDC.Communicator.plist
com.adobe.ARMDC.SMJobBlessHelper.plist
com.adobe.acc.installer.v2.plist
com.adobe.agmservice.plist
com.adobe.agsservice.plist

/Library/PreferencePanes:

/Library/PrivilegedHelperTools:
com.adobe.ARMDC.Communicator
com.adobe.ARMDC.SMJobBlessHelper
com.adobe.acc.installer.v2
com.microsoft.autoupdate.helper
com.microsoft.office.licensingV2.helper
com.teamviewer.Helper

/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator

/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/StagedExtensions:
Library

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:
Jelytta.otf

Library/Input Methods:
.localized

Library/Internet Plug-Ins:

Library/Keyboard:
.DS_Store
en-dynamic.lm
it-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:
TextReplacements.db
TextReplacements.db-shm
TextReplacements.db-wal

Library/LanguageModeling:
       642-dynamic.lm
      1041-dynamic.lm
da-dynamic.lm
de-dynamic.lm
en-dynamic.lm
es-dynamic.lm
fi-dynamic.lm
fr-dynamic.lm
it-dynamic.lm
nb-dynamic.lm
nl-dynamic.lm
pl-dynamic.lm
pt-dynamic.lm
sv-dynamic.lm
tr-dynamic.lm

Library/LaunchAgents:
.DS_Store
com.adobe.GC.Invoker-1.0.plist
com.google.keystone.agent.plist
com.spotify.webhelper.plist
com.sqwarq.DetectX-Swift.observer.plist

Library/PreferencePanes:

Library/Services:
Kristas-MacBook-Pro:~ kristahowden$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
Applications
Kristas-MacBook-Pro:~ kristahowden$

  1. Support Staff 1 Posted by James on 20 Sep, 2018 03:58 AM

    James's Avatar

    Hi Krista,

    Did Spyware Cleaner find any threats?

    +

    We are currently reviewing your output.

    Let me know,
    James

  2. 2 Posted by Krista Howden on 20 Sep, 2018 07:13 AM

    Krista Howden's Avatar

    From the desk of,

    Dr. Krista Howden

  3. 3 Posted by Krista Howden on 21 Sep, 2018 12:46 AM

    Krista Howden's Avatar

    It didn’t in April when I had a confirmed compromised account with a real time screen share program on a brand new MacBook Pro by someone who I haven’t even seen let along could have my passwords or direct access to my device
    From the desk of,

    Dr. Krista Howden

    From: James <[email blocked]>
    Date: Wednesday, September 19, 2018 at 9:58 PM
    To: "[email blocked]" <[email blocked]>
    Subject: Re: assistance requested [Spyware Cleaner #8]

  4. Support Staff 4 Posted by James on 21 Sep, 2018 12:49 AM

    James's Avatar

    Hi Krista,

    Thanks for providing the report.

    The good news is that you do not have any spyware on your Mac. However someone may be using Apples built in remote desktop to access your Mac.

    Watch this video; https://www.youtube.com/watch?v=mhTCVkANNoE (Check if you have remote management disabled)

    If you have any questions, let me know,
    James

  5. 5 Posted by Krista Howden on 22 Sep, 2018 04:53 AM

    Krista Howden's Avatar

    Hi James,

    I have always ensured there was no authorized sharing and ARD not active in my activity monitor but there is still data flowing out of my device through team viewer even when sharing is disabled. I hear it’s a piece of cake to disable notification of sharing or remote viewing so how can I check this using a terminal and requesting a log of any programs who are sending data from my device?
    From the desk of,

    Dr. Krista Howden

    From: James <[email blocked]>
    Date: Thursday, September 20, 2018 at 6:50 PM
    To: "[email blocked]" <[email blocked]>
    Subject: Re: assistance requested [Spyware Cleaner #8]

  6. Support Staff 6 Posted by James on 24 Sep, 2018 12:02 PM

    James's Avatar

    Hi Krista,

    If you would like to log programs that are sending information from your Mac, you are going to need Little Snitch; https://www.obdev.at/products/littlesnitch/index.html

    Little Snitch will also allow you to control when you want Team Viewer to have access to your internet connection.

    Of course, the other alternative is to just uninstall Team Viewer.

    I hope this helps,
    James

  7. 7 Posted by Krista Howden on 25 Sep, 2018 10:25 AM

    Krista Howden's Avatar

    Hi again James,

    How can I determine if someone is remote viewing my Mac using Apple Desktop? I have disabled any sharing yet this individual still had, or continues to have, real time access to my desktop via remote viewing. Thoughts?

    From the desk of,

    Dr. Krista Howden

  8. 8 Posted by Krista Howden on 25 Sep, 2018 12:26 PM

    Krista Howden's Avatar

    I have installed Little Snitch but don’t really have the knowledge to determine what is a valid imput or output of data….please help…☺

    From the desk of,

    Dr. Krista Howden

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Already uploaded files

  • Terminal_Saved_Output.txt 3.79 KB

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

16 Jan, 2019 07:46 AM
12 Jan, 2019 10:54 PM
07 Jan, 2019 01:00 AM
07 Jan, 2019 12:44 AM
07 Jan, 2019 12:40 AM

 

05 Jan, 2019 07:16 AM
05 Jan, 2019 03:00 AM
05 Jan, 2019 12:27 AM
05 Jan, 2019 12:25 AM
05 Jan, 2019 12:24 AM
05 Jan, 2019 12:22 AM