Go Back   MacRumors Forums > Apple Systems and Services > OS X

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 28, 2007, 06:53 PM   #1
Eazkk123
macrumors member
 
Join Date: Jan 2007
Has my mac been hacked?

17 " Macbook pro 3gb intel core 2 duo

I installed leopard not so long ago and everything has been running smoothly until the last week or two.

For some reason when I run safari or mac mail it runs seriously slow. It feels like that someone else is on my machine.
For some reason my .mac mail is showing email sent that i've never sent and I changed my password and still lists mail I posted a long time ago as sent today. I am not sure if someone is forwarding off my mail?

Also before when I closed my laptop it went to sleep. Now oddly it sometimes turns on and because it is turned on when the laptop lid is closed it get's very hot. I tested it still with all the apps closed and it goes to sleep than randomly wakes up at any time.

It could be a wild trojan which might of just come about?? I remember on Windows something called netstat - n where you can see what is connected.

Is there any list of tests or anyway I can see if my mac has been hacked?!

Help would be very much appreciated.

Thank you.
Eazkk123 is offline   0 Reply With Quote
Old Nov 28, 2007, 06:58 PM   #2
Fuzzy14
macrumors 65816
 
Fuzzy14's Avatar
 
Join Date: Nov 2006
Location: Renfrew, Scotland
Quote:
Originally Posted by Eazkk123 View Post
where you can see what is connected.
How to see what is connected:
System preferences/Security/Firewall Tab/Advanced button (if this isn't lit, click on 'allow only essential services')/Open Log
__________________
Tiresome monologue

Last edited by Doctor Q; Jan 14, 2011 at 01:19 PM. Reason: edited quote
Fuzzy14 is offline   0 Reply With Quote
Old Nov 28, 2007, 07:02 PM   #3
Eazkk123
Thread Starter
macrumors member
 
Join Date: Jan 2007
I've done that already, it is quite frustrating as I have a lot of important mail relating to my business.
Eazkk123 is offline   0 Reply With Quote
Old Nov 28, 2007, 08:44 PM   #4
maxjg
macrumors member
 
Join Date: Aug 2006
Well, I believe the Trojan was masquerading as a video plugin for porn sites or the like, so unless you have been going there, I doubt you have that. And I really couldn't tell you what would be suspicious activity in netstat, but yeah, just open terminal, and type netstat -n, and it'll show you active programs on your computer using the network.
maxjg is offline   0 Reply With Quote
Old Nov 28, 2007, 09:08 PM   #5
Eazkk123
Thread Starter
macrumors member
 
Join Date: Jan 2007
Help Please...

No I checked that out, and i've never had it on my system. This problem is very odd, and I really do think that someone is on my laptop... If anyone could help or give me a list of what to check to see if my mac has been hacked... I would be truly grateful, as it is causing me so much stress.

Thank you.
Eazkk123 is offline   0 Reply With Quote
Old Nov 28, 2007, 09:32 PM   #6
maxjg
macrumors member
 
Join Date: Aug 2006
Quote:
Originally Posted by Eazkk123 View Post
No I checked that out, and i've never had it on my system. This problem is very odd, and I really do think that someone is on my laptop... If anyone could help or give me a list of what to check to see if my mac has been hacked... I would be truly grateful, as it is causing me so much stress.

Thank you.
What did you mean by emails that you haven't sent?

Last edited by Doctor Q; Jan 14, 2011 at 01:19 PM. Reason: edited quote
maxjg is offline   0 Reply With Quote
Old Nov 28, 2007, 09:53 PM   #7
msharp
macrumors regular
 
Join Date: Jul 2004
I don't know the email problem part, but MBPs do have random wake-up issues.

It randomly wakes it up whenever:
- You have connected an external display which is not turned off (including standby mode);
- You have connected external keyboard and mouse;
- You have network cable connected;
- Or, you have a really bad luck. (just kidding).

I found out this issue after experimenting for nearly a month.

Now, if I am going to leave the room or go to sleep, I do the following things:
1. Turn off the wireless network.
2. Disconnect my external mouse.
3. Shut down my external display.
4. Close the lid, or use my bt keyboard to make it sleep.

Again: no, bt keyboard is not going to wake it up unless you press on it.

It is really weird that if you (in fact, I) have the mouse connected, the MBP will wake up eventually, even nobody is touching the mouse at all.

P.S. I don't have this annoying issue on my previous powerbook g4 1.67.

Hope that helps!
msharp is offline   0 Reply With Quote
Old Nov 28, 2007, 11:42 PM   #8
contoursvt
macrumors 6502a
 
Join Date: Jul 2005
Find a network bandwidth monitor and when your computer is feeling slow, stop doing what ever you're doing and watch the bandwidth monitor...see if its constantly uploading or downloading even if you're not surfing or sending emails..etc.
contoursvt is offline   0 Reply With Quote
Old Nov 29, 2007, 03:02 PM   #9
SC68Cal
macrumors 68000
 
Join Date: Feb 2006
Print output of the following commands for me. Open up terminal and type the following:

Code:
w
So I can see who is logged in, and from where right now
Code:
netstat
So I can see what is connected to your computer right now. If someone was logged into your computer remotely, it would show.


Consider also checking the time stamps of important system binaries and files.

Last edited by SC68Cal; Nov 29, 2007 at 03:09 PM.
SC68Cal is offline   0 Reply With Quote
Old Nov 29, 2007, 03:23 PM   #10
ChrisA
macrumors G4
 
Join Date: Jan 2006
Location: Redondo Beach, California
Quote:
Originally Posted by Eazkk123 View Post
..I really do think that someone is on my laptop... If anyone could help or give me a list of what to check....
"Activity Monitor" will show you every running process.

Last edited by Doctor Q; Jan 14, 2011 at 01:19 PM. Reason: edited quote
ChrisA is offline   0 Reply With Quote
Old Nov 29, 2007, 06:48 PM   #11
Eazkk123
Thread Starter
macrumors member
 
Join Date: Jan 2007
Can you check please, this problem is a real heartache.

Thank you. I've attached all my processes from the activity monitor, and a very helpful user told me to check netstat in the terminal and the w command, which I have also done.
Please may you all check the problem out and see if there is a hacker on my mac.

It seems there is progress which is a real help, thank you. The sad thing is the problem is still around and it is causing me real heartache as my business runs from this laptop.

W Command in Terminal.
Code:
Last login: Thu Nov 29 23:28:02 on ttys000
Eazkk123s-macbook-pro-17:~ Eazkk123$ w
23:28  up 1 day,  5:52, 2 users, load averages: 0.35 0.31 0.48
USER     TTY      FROM              LOGIN@  IDLE WHAT
Eazkk123 console  -                Wed17   29:51 -
Eazkk123 s000     -                23:28       - w
Eazkk123s-macbook-pro-17:~ Eazkk123$
Netstat Command in Terminal
Code:
Eazkk123s-macbook-pro-17:~ Eazkk123$ netstat
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp4       0      0  *.nat-pmp              *.*                    
udp4       0      0  *.5350                 *.*                    
udp4       0      0  192.168.0.19.ntp       *.*                    
udp6       0      0  Eazkk123s-ma.ntp   *.*                    
udp4       0      0  *.*                    *.*                    
udp6       0      0  Eazkk123s-ma.ntp   *.*                    
udp6       0      0  Eazkk123s-ma.ntp   *.*                    
udp6       0      0  localhost.ntp          *.*                    
udp4       0      0  localhost.ntp          *.*                    
udp6       0      0  localhost.ntp          *.*                    
udp6       0      0  *.ntp                  *.*                    
udp4       0      0  *.ntp                  *.*                    
udp6       0      0  *.mdns                 *.*                    
udp4       0      0  *.mdns                 *.*                    
udp4       0      0  *.*                    *.*                    
icm6       0      0  *.*                    *.*                    
icm6       0      0  *.*                    *.*                    
icm6       0      0  *.*                    *.*                    
Active LOCAL (UNIX) domain sockets
Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
 5437000 stream      0      0        0  9ecca18        0        0
 9ecca18 stream      0      0        0  5437000        0        0
 5828f68 stream      0      0  a42e2e0        0        0        0 /Users/Eazkk123/Library/Caches/Acrobat/8.0_x86/Organizer70
 5828330 stream      0      0        0  5814550        0        0
 5814550 stream      0      0        0  5828330        0        0
 58286e8 stream      0      0        0  60b3cc0        0        0 /var/run/mDNSResponder
 60b3cc0 stream      0      0        0  58286e8        0        0
 58284c8 stream      0      0        0        0        0        0
 5437b28 stream      0      0        0        0        0        0
 60b36e8 stream      0      0        0  60b3660        0        0 /var/run/mDNSResponder
 60b3660 stream      0      0        0  60b36e8        0        0
 60b3770 stream      0      0        0  60b37f8        0        0 /var/run/mDNSResponder
 60b37f8 stream      0      0        0  60b3770        0        0
 60b3880 stream      0      0        0  60b3f68        0        0 /var/run/mDNSResponder
 60b3f68 stream      0      0        0  60b3880        0        0
 60b3a18 stream      0      0        0  60b3e58        0        0 /var/run/mDNSResponder
 60b3e58 stream      0      0        0  60b3a18        0        0
 60b3dd0 stream      0      0        0  60b3990        0        0
 60b3990 stream      0      0        0  60b3dd0        0        0
 60b3bb0 stream      0      0        0  60b3b28        0        0
 60b3b28 stream      0      0        0  60b3bb0        0        0
 54374c8 stream      0      0  602a6c0        0        0        0 /tmp/launch-9VICSc/:0
 5828000 stream      0      0  602a7e0        0        0        0 /tmp/launch-wj4NKV/Listeners
 5828088 stream      0      0  602a900        0        0        0 /tmp/launch-WEHZjx/Render
 5437660 stream      0      0  602aa20        0        0        0 /private/tmp/com.hp.launchport
 54373b8 stream      0      0  602abd0        0        0        0 /tmp/launchd-131.ymajv7/sock
 5437198 stream      0      0        0  5828220        0        0
 5828220 stream      0      0        0  5437198        0        0
 58146e8 stream      0      0        0  5814c38        0        0
 5814c38 stream      0      0        0  58146e8        0        0
 58145d8 stream      0      0        0  5437088        0        0
 5437088 stream      0      0        0  58145d8        0        0
 5828550 stream      0      0        0  58285d8        0        0
 58285d8 stream      0      0        0  5828550        0        0
 5814a18 stream      0      0        0  58147f8        0        0
 58147f8 stream      0      0        0  5814a18        0        0
 5828198 stream      0      0  5e1b760        0        0        0 /var/run/pppconfd
 5814d48 stream      0      0        0  5814770        0        0
 5814770 stream      0      0        0  5814d48        0        0
 5828440 stream      0      0  5cdbb90        0        0        0 /tmp/launchd-56.m9HX84/sock
 5814bb0 stream      0      0        0  5437110        0        0
 5437110 stream      0      0        0  5814bb0        0        0
 54376e8 stream      0      0        0  5814cc0        0        0
 5814cc0 stream      0      0        0  54376e8        0        0
 5437550 stream      0      0        0  5828990        0        0
 5828990 stream      0      0        0  5437550        0        0
 5437440 stream      0      0        0  5814990        0        0
 5814990 stream      0      0        0  5437440        0        0
 5828770 stream      0      0        0  58287f8        0        0
 58287f8 stream      0      0        0  5828770        0        0
 5828aa0 stream      0      0        0  5828b28        0        0
 5828b28 stream      0      0        0  5828aa0        0        0
 5828cc0 stream      0      0        0  5828d48        0        0
 5828d48 stream      0      0        0  5828cc0        0        0
 5814110 stream      0      0        0  5814198        0        0
 5814198 stream      0      0        0  5814110        0        0
 5814330 stream      0      0        0  58143b8        0        0
 58143b8 stream      0      0        0  5814330        0        0
 5814880 stream      0      0        0  5814908        0        0
 5814908 stream      0      0        0  5814880        0        0
 5814aa0 stream      0      0        0  5814b28        0        0
 5814b28 stream      0      0        0  5814aa0        0        0
 5814ee0 stream      0      0        0  5814f68        0        0
 5814f68 stream      0      0        0  5814ee0        0        0
 54377f8 stream      0      0        0  5437770        0        0
 5437770 stream      0      0        0  54377f8        0        0
 5437880 stream      0      0        0  5437990        0        0
 5437990 stream      0      0        0  5437880        0        0
 5437a18 stream      0      0        0  5437aa0        0        0
 5437aa0 stream      0      0        0  5437a18        0        0
 5437c38 stream      0      0  551cc70        0        0        0 /var/tmp/launchd/sock
 5437cc0 stream      0      0  551ce20        0        0        0 /private/var/run/cupsd
 5437d48 stream      0      0  551cf40        0        0        0 /var/run/usbmuxd
 5437e58 stream      0      0  5509090        0        0        0 /var/run/asl_input
 5437f68 stream      0      0  5509120        0        0        0 /var/run/portmap.socket
 5437ee0 stream      0      0  55091b0        0        0        0 /var/run/mDNSResponder
 9ecc6e8 dgram       0      0        0  9ecccc0  9ecccc0        0
 9ecccc0 dgram       0      0        0  9ecc6e8  9ecc6e8        0
 58282a8 dgram       0      0        0  54375d8  54375d8        0
 54375d8 dgram       0      0        0  58282a8  58282a8        0
 60b3330 dgram       0      0        0  60b33b8  60b33b8        0
 60b33b8 dgram       0      0        0  60b3330  60b3330        0
 60b3440 dgram       0      0        0  60b34c8  60b34c8        0
 60b34c8 dgram       0      0        0  60b3440  60b3440        0
 60b3908 dgram       0      0        0  60b3d48  60b3d48        0
 60b3d48 dgram       0      0        0  60b3908  60b3908        0
 5828e58 dgram       0      0        0  5437dd0        0  54372a8
 54372a8 dgram       0      0        0  5437dd0        0  58142a8
 58142a8 dgram       0      0        0  5437dd0        0  5814220
 5814220 dgram       0      0        0  5437dd0        0  5814dd0
 5814dd0 dgram       0      0        0  5437dd0        0  5437220
 5828908 dgram       0      0        0  5828dd0  5828dd0        0
 5828dd0 dgram       0      0        0  5828908  5828908        0
 5437220 dgram       0      0        0  5437dd0        0  5828bb0
 5828880 dgram       0      0        0  5437330  5437330        0
 5437330 dgram       0      0        0  5828880  5828880        0
 5828bb0 dgram       0      0        0  5437dd0        0  5828110
 5814660 dgram       0      0        0  5814440  5814440        0
 5814440 dgram       0      0        0  5814660  5814660        0
 5828110 dgram       0      0        0  5437dd0        0  5828660
 5828660 dgram       0      0        0  5437dd0        0  5437908
 5437908 dgram       0      0        0  5437dd0        0        0
 5437dd0 dgram       0      0  5509000        0  5828e58        0 /var/run/syslog

0	 kernel_task	root	2.9	56	122.38 MB	1.39 GB	Intel	
1	 launchd	root	0.0	3	536.00 KB	586.73 MB	Intel	
10	 kextd	root	0.0	2	1.14 MB	586.19 MB	Intel	
11	 notifyd	root	0.0	2	488.00 KB	586.18 MB	Intel	
12	 syslogd	root	0.0	4	564.00 KB	587.21 MB	Intel	
14	 ntpd	root	0.0	1	836.00 KB	586.12 MB	Intel	
16	 update	root	0.0	1	284.00 KB	585.57 MB	Intel	
17	 SystemStarter	root	0.0	1	676.00 KB	585.61 MB	Intel	
20	 securityd	root	0.0	2	1.93 MB	587.32 MB	Intel	
22	 mds	root	0.0	16	58.85 MB	753.95 MB	Intel	
23	 mDNSResponder	_mdnsresponder	0.0	2	2.27 MB	587.88 MB	Intel	
24	 loginwindow	Eazkk123	0.0	4	10.18 MB	964.61 MB	Intel	
25	 KernelEventAgent	root	0.0	2	640.00 KB	585.68 MB	Intel	
27	 hidd	root	0.0	1	580.00 KB	585.59 MB	Intel	
28	 fseventsd	root	0.0	13	1.39 MB	592.71 MB	Intel	
29	 dynamic_pager	root	0.0	1	704.00 KB	585.61 MB	Intel	
31	 diskarbitrationd	root	0.0	1	1,004.00 KB	585.69 MB	Intel	
32	 DirectoryService	root	0.0	5	4.62 MB	588.82 MB	Intel	
34	 configd	root	0.0	3	1.94 MB	587.18 MB	Intel	
37	 autofsd	root	0.0	1	660.00 KB	585.62 MB	Intel	
38	 socketfilterfw	root	0.0	2	1.50 MB	585.82 MB	Intel	
40	 distnoted	daemon	0.0	1	792.00 KB	585.59 MB	Intel	
42	 coreservicesd	root	0.0	4	23.37 MB	624.77 MB	Intel	
52	 WindowServer	_windowserver	0.9	4	76.16 MB	974.18 MB	Intel	
56	 launchd	_mdnsresponder	0.0	3	452.00 KB	585.73 MB	Intel	
58	 blued	root	0.0	1	1.88 MB	596.61 MB	Intel	
80	 llipd	root	0.0	1	220.00 KB	585.59 MB	Intel	
82	 integod	root	0.0	2	74.98 MB	660.34 MB	Intel	
90	 hpusbmond	root	0.0	1	776.00 KB	586.78 MB	Intel	
110	 pvsnatd	root	0.0	3	660.00 KB	588.72 MB	Intel	
123	 coreaudiod	root	0.0	2	2.39 MB	589.39 MB	Intel	
128	 virusbarrierl	root	0.0	2	308.00 KB	603.12 MB	Intel	
131	 launchd	Eazkk123	0.0	3	548.00 KB	585.73 MB	Intel	
139	 Spotlight	Eazkk123	0.0	6	26.76 MB	1.02 GB	Intel	
140	 UserEventAgent	Eazkk123	0.0	2	2.05 MB	588.75 MB	Intel	
142	 Dock	Eazkk123	0.0	4	15.98 MB	934.41 MB	Intel	
143	 pboard	Eazkk123	0.0	1	580.00 KB	586.64 MB	Intel	
144	 IntegoStatusItem	Eazkk123	0.0	1	4.24 MB	911.17 MB	Intel	
145	 ATSServer	Eazkk123	0.0	2	7.02 MB	645.33 MB	Intel	
146	 SystemUIServer	Eazkk123	0.0	7	10.14 MB	933.61 MB	Intel	
147	 Finder	Eazkk123	0.0	9	44.16 MB	1.00 GB	Intel	
155	 HP Event Handler	Eazkk123	0.0	3	2.89 MB	849.88 MB	Intel	
325	 AppleSpell.service	Eazkk123	0.0	1	5.52 MB	601.71 MB	Intel	
333	 TextEdit	Eazkk123	0.0	7	19.13 MB	946.74 MB	Intel	
367	 helpdatad	Eazkk123	0.0	2	5.67 MB	601.68 MB	Intel	
1082	 Help Viewer	Eazkk123	0.0	5	19.21 MB	936.47 MB	Intel	
1318	 Terminal	Eazkk123	0.0	3	8.42 MB	929.76 MB	Intel	
1319	 login	root	0.0	1	1.04 MB	586.80 MB	Intel	
1320	 bash	Eazkk123	0.0	1	904.00 KB	586.18 MB	Intel	
1332	 Safari	Eazkk123	0.0	5	89.28 MB	1.00 GB	Intel	
1334	 Activity Monitor	Eazkk123	4.2	5	16.67 MB	988.01 MB	Intel	
1335	 pmTool	root	1.1	1	1.31 MB	595.68 MB	Intel	
388	 mdworker	Eazkk123	0.0	4	8.35 MB	641.44 MB	Intel	
547	 mysqld	Eazkk123	0.0	2	2.78 MB	596.71 MB	Intel	
1245	 ATSServer	_atsserver	0.0	2	2.25 MB	621.96 MB	Intel	
1283	 mdworker	nobody	0.0	3	2.16 MB	599.36 MB	Intel
Thank you.
Attached Thumbnails
Click image for larger version

Name:	processes.png
Views:	1800
Size:	148.0 KB
ID:	92753   Click image for larger version

Name:	processes 2.png
Views:	511
Size:	102.9 KB
ID:	92754  

Last edited by Doctor Q; Jan 14, 2011 at 07:14 PM.
Eazkk123 is offline   0 Reply With Quote
Old Nov 30, 2007, 12:07 AM   #12
zakatov
macrumors 6502a
 
Join Date: Mar 2005
Location: South Florida
Send a message via AIM to zakatov
There's nothing that's using the CPU. Just format and reinstall, it'll fix everything
zakatov is offline   0 Reply With Quote
Old Nov 30, 2007, 12:28 AM   #13
majordude
macrumors 68020
 
majordude's Avatar
 
Join Date: Apr 2007
Location: Hootersville
Quote:
Originally Posted by zakatov View Post
There's nothing that's using the CPU. Just format and reinstall, it'll fix everything
Well, check/repair the permissions first.
majordude is offline   0 Reply With Quote
Old Nov 30, 2007, 01:03 AM   #14
cohibadad
macrumors 6502a
 
cohibadad's Avatar
 
Join Date: Jul 2007
I gotta see what happens when I put my Leopard server in my DMZ with firewall off. There is nothing critical on it as it is just a test server but I wanna see if there is any activity. So it's done. Any guesses on what happens?
cohibadad is offline   0 Reply With Quote
Old Nov 30, 2007, 01:32 AM   #15
yojitani
macrumors 68000
 
Join Date: Apr 2005
Location: An octopus's garden
I can't remember where I read this - it was recently and may have even been here on MR somewhere - but someone was complaining about their .mac account being hacked... if you haven't, change your password. make sure to combine numbers and letters...
yojitani is offline   0 Reply With Quote
Old Nov 30, 2007, 08:23 PM   #16
Eazkk123
Thread Starter
macrumors member
 
Join Date: Jan 2007
Please help. :(

"17" Macbook pro 3gb intel core 2 duo with leopard"

I've changed all my passwords and done it again yesterday, also my firewall is switched on and I have all the latest updates.

But still my .mac mail is showing email sent that i've never sent and it stills has the problem which it randomly wakes up even when I close all the Apps, I really do think someone is on my system because of the two reasons above, and that it is a trojan which has not been recognized yet.

It is causing me heartache because this laptop is used for my business.

Can you all please look at my post on this thread with my netstat info, my w command info and my activity monitor with all processes running to see if there is anything suspicious.
mDNSResponder _mdnsresponder <=== suspicious? or no?

Thank you, and I hope things get back to normal soon.
Eazkk123 is offline   0 Reply With Quote
Old Nov 30, 2007, 08:33 PM   #17
SawTooth500
macrumors member
 
Join Date: Nov 2007
Location: Florence, Arizona
You may want to turn off any remote access software that is running.
If someone is hacking you, that will allow them to get into your machine.
Have your firewall deny all access from outside to you.

And is it just Leopard, or are you using Vista, too? (I don't particularly care for MicroSnot software, myself)
__________________
G4 Sawtooth (500mhz clocked to 533mhz)
OSX 10.5 (Leopard) installed and running.
Buss speed 133mhz
Rage128Pro graphics card (original eq)
SawTooth500 is offline   0 Reply With Quote
Old Nov 30, 2007, 08:53 PM   #18
SawTooth500
macrumors member
 
Join Date: Nov 2007
Location: Florence, Arizona
Oh, yeah, and anything that has to do with ARD is not necessary to the well-being and operation of your Mac. Dump any thing you find when you type in 'locate ARD' in terminal. And Don't update that particular little gem. Don't know about you, but I don't need Big Brother Steve snooping around in my harddrives.
__________________
G4 Sawtooth (500mhz clocked to 533mhz)
OSX 10.5 (Leopard) installed and running.
Buss speed 133mhz
Rage128Pro graphics card (original eq)
SawTooth500 is offline   -1 Reply With Quote
Old Nov 30, 2007, 09:08 PM   #19
cohibadad
macrumors 6502a
 
cohibadad's Avatar
 
Join Date: Jul 2007
by emails you never sent do you mean emails you never wrote? and this is a .mac email? and it continues after you have changed all of your passwords? Either the NSA is messing with you or this is alien technology.
cohibadad is offline   0 Reply With Quote
Old Nov 30, 2007, 10:23 PM   #20
brkirch
macrumors regular
 
Join Date: Oct 2001
Based on the process list you posted, I would guess that either the HP printer software or VirusBarrier software is causing your slowdowns. I don't see anything in the netstat information or process list that suggests that you have been hacked (besides, isn't the antivirus there to prevent that?).

Quote:
Originally Posted by SawTooth500 View Post
Oh, yeah, and anything that has to do with ARD is not necessary to the well-being and operation of your Mac. Dump any thing you find when you type in 'locate ARD' in terminal. And Don't update that particular little gem. Don't know about you, but I don't need Big Brother Steve snooping around in my harddrives.
IMO, that's being a little too paranoid. ARD can't do anything unless it's enabled, so all deleting it does is make it likely you will have a problem with a future software update.
brkirch is offline   0 Reply With Quote
Old Nov 30, 2007, 10:30 PM   #21
notjustjay
macrumors 603
 
notjustjay's Avatar
 
Join Date: Sep 2003
Location: Canada, eh?
Is there really any point to running VirusBarrier?

No, seriously. Is there?
__________________
.
notjustjay is offline   0 Reply With Quote
Old May 17, 2010, 04:57 PM   #22
Maraxx
macrumors newbie
 
Join Date: May 2010
Location: South Florida
I have a 24" IMAC OS X Leopard 10.5.8 and have very good reason to believe that my IMAC has been hacked. I see above that there is a way thru terminal that you can tell if that is so. Can anybody guide me thru the process and what I can do if I am hacked.
Thank you.
__________________
24" Aluminum IMAC 2.4GHz, 2 GB RAM, 300 GB HD.
Maraxx is offline   -1 Reply With Quote
Old May 17, 2010, 06:31 PM   #23
majordude
macrumors 68020
 
majordude's Avatar
 
Join Date: Apr 2007
Location: Hootersville
Quote:
Originally Posted by Maraxx View Post
I have a 24" IMAC OS X Leopard 10.5.8 and have very good reason to believe that my IMAC has been hacked. I see above that there is a way thru terminal that you can tell if that is so. Can anybody guide me thru the process and what I can do if I am hacked.
Thank you.
http://www.youtube.com/watch?v=eaiBUdnQWVM

Way to go, replying to a thread that was dead three years ago.
majordude is offline   0 Reply With Quote
Old Jan 21, 2011, 09:19 PM   #24
jlos1
macrumors newbie
 
Join Date: Jan 2011
hacked

Hi all -
I too have my suspicion that my notebook has been hacked. I've taken the liberty of going to the terminal and typing in netstat. It does show 2 users. Can you please tell me your thoughts. The ip address is noted with XXX followed by other #. Thanks.


21:12 up 6:07, 2 users, load averages: 0.33 0.30 0.26
USER TTY FROM LOGIN@ IDLE WHAT
jenniferodonohuesye console - 15:06 6:06 -
jenniferodonohuesye s000 - 21:12 - w
jennifer-odonohuesyes-macbook:~ jenniferodonohuesye$ netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 XXX.53639 173.192.77.186-s.http LAST_ACK
tcp4 0 0 XXX.53717 XXX.netbios- TIME_WAIT
tcp4 0 0 XXX.53718 XXX.netbios- TIME_WAIT
udp4 0 0 XXX.kerberos *.*
udp6 0 0 jennifer-odonohu.kerbe *.*
udp6 0 0 localhost.kerberos *.*
udp4 0 0 XXX.netbios- *.*
udp4 0 0 XXX.netbios- *.*
udp4 0 0 *.netbios-dgm *.*
udp4 0 0 *.netbios-ns *.*
udp4 0 0 *.ipp *.*
udp4 0 0 *.* *.*
udp4 0 0 *.51427 *.*
udp4 0 0 *.52348 *.*
udp4 0 0 *.61058 *.*
udp4 0 0 *.53962 *.*
udp4 0 0 *.64086 *.*
udp4 0 0 *.54456 *.*
udp4 0 0 *.62369 *.*
udp4 0 0 *.49259 *.*
udp4 0 0 *.57821 *.*
udp4 0 0 *.51549 *.*
udp4 0 0 *.53519 *.*
udp6 0 0 *.mdns *.*
udp4 0 0 *.mdns *.*
udp4 0 0 XXX.ntp *.*
udp6 0 0 jennifer-odonohu.ntp *.*
udp6 0 0 localhost.ntp *.*
udp4 0 0 localhost.ntp *.*
udp6 0 0 localhost.ntp *.*
udp6 0 0 *.ntp *.*
udp4 0 0 *.ntp *.*
udp4 0 0 *.* *.*
udp4 0 0 *.* *.*
icm6 0 0 *.* *.*
Active LOCAL (UNIX) domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
4834330 stream 0 0 0 3438110 0 0
3438110 stream 0 0 0 4834330 0 0
48343b8 stream 0 0 0 0 0 0
33fe330 stream 0 0 0 0 0 0
4834770 stream 0 0 0 4834440 0 0
4834440 stream 0 0 0 4834770 0 0
3438aa0 stream 0 0 0 33feaa0 0 0
33feaa0 stream 0 0 0 3438aa0 0 0
4834908 stream 0 0 0 48346e8 0 0 /var/run/mDNSResponder
48346e8 stream 0 0 0 4834908 0 0
4834990 stream 0 0 0 4834a18 0 0 /var/run/mDNSResponder
4834a18 stream 0 0 0 4834990 0 0
34386e8 stream 0 0 0 3438e58 0 0
3438e58 stream 0 0 0 34386e8 0 0
3413e58 stream 0 0 0 3438198 0 0 /var/run/usbmuxd
3438198 stream 0 0 0 3413e58 0 0
2dda2a8 stream 0 0 0 2dda4c8 0 0 /var/run/mDNSResponder
2dda4c8 stream 0 0 0 2dda2a8 0 0
3438550 stream 0 0 0 3438440 0 0
3438440 stream 0 0 0 3438550 0 0
33fe6e8 stream 0 0 0 2dda198 0 0 /var/run/mDNSResponder
2dda198 stream 0 0 0 33fe6e8 0 0
34383b8 stream 0 0 0 3413088 0 0
3413088 stream 0 0 0 34383b8 0 0
34385d8 stream 0 0 0 33fe4c8 0 0
33fe4c8 stream 0 0 0 34385d8 0 0
33fe198 stream 0 0 3eee170 0 0 0 /tmp/launch-LGix8C/:0
2ddabb0 stream 0 0 3eee290 0 0 0 /tmp/launch-2P0qAo/Listeners
2ddab28 stream 0 0 3eee3b0 0 0 0 /tmp/launch-Jxdc1q/Render
34137f8 stream 0 0 3eee4d0 0 0 0 /private/tmp/com.hp.launchport
3438f68 stream 0 0 0 34135d8 0 0
34135d8 stream 0 0 0 3438f68 0 0
3413330 stream 0 0 3c9b640 0 0 0 /tmp/launchd-109.DlumPt/sock
3413a18 stream 0 0 0 3413c38 0 0 /var/run/asl_input
3413c38 stream 0 0 0 3413a18 0 0
3438a18 stream 0 0 0 3438b28 0 0 /var/run/asl_input
3438b28 stream 0 0 0 3438a18 0 0
34136e8 stream 0 0 0 3413660 0 0 /var/run/asl_input
3413660 stream 0 0 0 34136e8 0 0
33fe660 stream 0 0 0 33fec38 0 0
33fec38 stream 0 0 0 33fe660 0 0
33feee0 stream 0 0 0 2dda000 0 0
2dda000 stream 0 0 0 33feee0 0 0
2dda6e8 stream 0 0 3745e20 0 0 0 /var/run/pppconfd
3438990 stream 0 0 0 33fe440 0 0
33fe440 stream 0 0 0 3438990 0 0
33fe880 stream 0 0 0 3438770 0 0
3438770 stream 0 0 0 33fe880 0 0
3413990 stream 0 0 0 3413770 0 0
3413770 stream 0 0 0 3413990 0 0
3413440 stream 0 0 0 34134c8 0 0
34134c8 stream 0 0 0 3413440 0 0
3413880 stream 0 0 0 3413908 0 0
3413908 stream 0 0 0 3413880 0 0
3413aa0 stream 0 0 0 3413b28 0 0
3413b28 stream 0 0 0 3413aa0 0 0
33fe000 stream 0 0 0 33fe088 0 0
33fe088 stream 0 0 0 33fe000 0 0
33fe220 stream 0 0 0 33fe2a8 0 0
33fe2a8 stream 0 0 0 33fe220 0 0
33fe770 stream 0 0 0 33fe7f8 0 0
33fe7f8 stream 0 0 0 33fe770 0 0
33fe990 stream 0 0 0 33fea18 0 0
33fea18 stream 0 0 0 33fe990 0 0
33fedd0 stream 0 0 0 33fee58 0 0
33fee58 stream 0 0 0 33fedd0 0 0
2dda330 stream 0 0 0 2dda3b8 0 0
2dda3b8 stream 0 0 0 2dda330 0 0
2dda550 stream 0 0 0 2dda5d8 0 0
2dda5d8 stream 0 0 0 2dda550 0 0
2dda7f8 stream 0 0 0 2dda770 0 0
2dda770 stream 0 0 0 2dda7f8 0 0
2dda880 stream 0 0 0 2dda990 0 0
2dda990 stream 0 0 0 2dda880 0 0
2ddaa18 stream 0 0 0 2ddaaa0 0 0
2ddaaa0 stream 0 0 0 2ddaa18 0 0
2ddac38 stream 0 0 2eead40 0 0 0 /var/tmp/launchd/sock
2ddacc0 stream 0 0 2eeae60 0 0 0 /private/var/run/cupsd
2ddad48 stream 0 0 2eeaf80 0 0 0 /var/run/usbmuxd
2ddae58 stream 0 0 2eeb0a0 0 0 0 /var/run/asl_input
2ddaf68 stream 0 0 2eeb130 0 0 0 /var/run/portmap.socket
2ddaee0 stream 0 0 2eeb1c0 0 0 0 /var/run/mDNSResponder
33fe908 dgram 0 0 0 2dda088 2dda088 0
2dda088 dgram 0 0 0 33fe908 33fe908 0
34133b8 dgram 0 0 0 2ddadd0 0 33fe5d8
48345d8 dgram 0 0 0 4834660 4834660 0
4834660 dgram 0 0 0 48345d8 48345d8 0
33fe5d8 dgram 0 0 0 2ddadd0 0 4834f68
3438000 dgram 0 0 0 4834ee0 4834ee0 0
4834ee0 dgram 0 0 0 3438000 3438000 0
4834f68 dgram 0 0 0 2ddadd0 0 3438330
3438220 dgram 0 0 0 33feb28 33feb28 0
33feb28 dgram 0 0 0 3438220 3438220 0
2dda660 dgram 0 0 0 3438660 3438660 0
3438660 dgram 0 0 0 2dda660 2dda660 0
3438330 dgram 0 0 0 2ddadd0 0 3413f68
33fed48 dgram 0 0 0 34382a8 34382a8 0
34382a8 dgram 0 0 0 33fed48 33fed48 0
3413f68 dgram 0 0 0 2ddadd0 0 3413198
3413198 dgram 0 0 0 2ddadd0 0 3438d48
34132a8 dgram 0 0 0 3413220 3413220 0
3413220 dgram 0 0 0 34132a8 34132a8 0
3438d48 dgram 0 0 0 2ddadd0 0 2dda220
2dda220 dgram 0 0 0 2ddadd0 0 2dda110
3413110 dgram 0 0 0 3413dd0 3413dd0 0
3413dd0 dgram 0 0 0 3413110 3413110 0
33fe110 dgram 0 0 0 3438ee0 3438ee0 0
3438ee0 dgram 0 0 0 33fe110 33fe110 0
2dda110 dgram 0 0 0 2ddadd0 0 33febb0
3413000 dgram 0 0 0 3413bb0 3413bb0 0
3413bb0 dgram 0 0 0 3413000 3413000 0
3438cc0 dgram 0 0 0 33fe550 33fe550 0
33fe550 dgram 0 0 0 3438cc0 3438cc0 0
33febb0 dgram 0 0 0 2ddadd0 0 33fecc0
33fecc0 dgram 0 0 0 2ddadd0 0 3413550
3413550 dgram 0 0 0 2ddadd0 0 2dda908
3438dd0 dgram 0 0 0 3438bb0 3438bb0 0
3438bb0 dgram 0 0 0 3438dd0 3438dd0 0
2dda908 dgram 0 0 0 2ddadd0 0 0
2ddadd0 dgram 0 0 2eeb010 0 34133b8 0 /var/run/syslog
jlos1 is offline   1 Reply With Quote
Old Jun 2, 2011, 10:30 PM   #25
ksuchomel
macrumors newbie
 
Join Date: Jun 2011
_mdnsresponder part of MAC

_mdnsresponder is part of the MAC install. Go to this link for more info: http://support.apple.com/kb/HT3789
ksuchomel is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
My Mac is hacked to the point where it is unusable - How do I stop it? Mr,mac Wasteland 34 Dec 16, 2013 03:40 PM
Have I been hacked? appleseedeater OS X 5 Jun 12, 2013 04:19 PM
Mac hacked Eak456 MacBook 14 Mar 1, 2013 04:55 PM
Am I being hacked? stubeeef Mac OS X Server, Xserve, and Networking 19 Dec 2, 2012 10:18 AM
Mac being Hacked? immobilus OS X 10.8 Mountain Lion 4 Oct 25, 2012 02:53 PM

Forum Jump

All times are GMT -5. The time now is 04:55 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC