The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,308 other followers

When you believe that you have a keylogger or some sort trojan | Official Apple Support Communities

Posted by jpluimers on 2017/10/16

We thought one of our Macs was compromised, but it wasn’t: it had too many web browsers open so it was crawling like a snake.

The below terminal commands and EtreCheck [Source: etresoft/EtreCheck: Source code for EtreCheck] helped to find out what was running:

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'  

sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'  

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'  
 
ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null  

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null  

Source: [WayBackI believe that I have a keylogger or some sort … | Official Apple Support Communities

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: