Bit of a strange one.

Discussion in 'macOS Sierra (10.12)' started by Jdsydney, Dec 3, 2016.

  1. Jdsydney macrumors newbie

    Joined:
    Dec 3, 2016
    Location:
    Sydney
    #1
    Hi all,

    I have an unusual problem with my mac that withstands an OS X clean install and I have been trying to get someone at apple to look at the problem beyond an erase and install and I find myself repeating the same thing and reaching the same result.

    My mac at first appears fine after a clean install. But the following starts to occur:
    1. Dates revert to much earlier dates and times - if I send an email, the recipient receives this at the date in the past
    2. The network and blue tooth go into overdrive - and the logs of El Capitan or the less useful sierra ones show a lot of activity on my network
    3. Nearly every port is wide open when scanning my ip
    4. An update to OS X (such as to 10.12.1) and again it appears fine.
    5. Several small partitions are created on the drive - I have the disk utility data if it helps
    6. Root access is overtaken - I cannot mount or erase the new partitions
    7. Visually, my user profile is reduced to what appears to be a managed client
    8. Apps disappear from the dock, I no longer have access to run commands from terminal
    9. Downloading of data when the wifi card is greyed out and "is not detected"
    10. I remove the battery from the mac

    What is going on with this and how can I fix it?

    Help would be appreciated
    --- Post Merged, Dec 3, 2016 ---
    Diskutil activity:

    tests-MacBook-Pro:~ test2$ diskutil activity
    ***Begin monitoring DiskArbitration activity
    ***DiskAppeared ((no BSD name), DAVolumePath = 'file:///home/', DAVolumeKind = 'autofs', DAVolumeName = '<null>') Time=20161203-11:13:27.8105
    ***DiskAppeared ((no BSD name), DAVolumePath = 'file:///net/', DAVolumeKind = 'autofs', DAVolumeName = '<null>') Time=20161203-11:13:27.8125
    ***DiskAppeared ('disk0', DAVolumePath = '<null>', DAVolumeKind = '<null>', DAVolumeName = '<null>') Time=20161203-11:13:27.8132
    ***DiskAppeared ('disk0s1', DAVolumePath = '<null>', DAVolumeKind = 'msdos', DAVolumeName = 'EFI') Time=20161203-11:13:27.8138
    ***DiskAppeared ('disk0s2', DAVolumePath = 'file:///', DAVolumeKind = 'hfs', DAVolumeName = 'Macintosh HD') Time=20161203-11:13:27.8143
    ***DiskAppeared ('disk0s3', DAVolumePath = '<null>', DAVolumeKind = 'hfs', DAVolumeName = 'Recovery HD') Time=20161203-11:13:27.8148
    ***DAIdle (no DADiskRef) Time=20161203-11:13:27.8150
     
  2. Jdsydney thread starter macrumors newbie

    Joined:
    Dec 3, 2016
    Location:
    Sydney
    #2
    Diskutil showing hidden partitions
    -bash-3.2# diskutil list

    /dev/disk0 (internal, physical):

    #: TYPE NAME SIZE IDENTIFIER

    0: GUID_partition_scheme *251.0 GB disk0

    1: EFI EFI 209.7 MB disk0s1

    2: Apple_HFS Macintosh HD 17.9 GB disk0s2

    3: Apple_Boot Recovery HD 650.0 MB disk0s3

    4: Apple_HFS Untitled 232.1 GB disk0s4


    /dev/disk1 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: GUID_partition_scheme +2.1 GB disk1

    1: Apple_HFS OS X Base System 2.0 GB disk1s1


    /dev/disk2 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +5.2 MB disk2


    /dev/disk3 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk3


    /dev/disk4 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk4


    /dev/disk5 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk5


    /dev/disk6 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk6


    /dev/disk7 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk7


    /dev/disk8 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +6.3 MB disk8


    /dev/disk9 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +2.1 MB disk9


    /dev/disk10 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +1.0 MB disk10


    /dev/disk11 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +2.1 MB disk11


    /dev/disk12 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk12


    /dev/disk13 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk13


    /dev/disk14 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +1.0 MB disk14


    /dev/disk15 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +6.3 MB disk15


    /dev/disk16 (disk image):

    #: TYPE NAME SIZE IDENTIFIER

    0: untitled +524.3 KB disk16


    -bash-3.2# <<<run 3 december 2016 - showing all hidden partitions not visible in the user profile

    -bash: 3: command not found

    -bash-3.2# <<<<mounting and erasing one of these partititions produces errors as i do not have root user access (even though it appears so) For instance...

    -bash: syntax error near unexpected token `<'

    -bash-3.2# diskutil mount /dev/disk2

    Volume untitled on /dev/disk2 mounted

    -bash-3.2# dir

    -bash: dir: command not found

    -bash-3.2# ls

    .forward Library

    -bash-3.2# cd library

    -bash-3.2# ls

    .TemporaryItems Containers Keychains Safari

    Caches Cookies Preferences WebKit

    -bash-3.2# diskutil secureErase /dev/disk2

    Usage: diskutil secureErase [freespace] level MountPoint|DiskIdentifier|DeviceNode

    Securely erases either a whole disk or a volume's freespace.

    Level should be one of the following:

    0 - Single-pass zeros.

    1 - Single-pass random numbers.

    2 - US DoD 7-pass secure erase.

    3 - Gutmann algorithm 35-pass secure erase.

    4 - US DoE 3-pass secure erase.

    Ownership of the affected disk is required.

    Note: Level 2, 3, or 4 secure erases can take an extremely long time.

    -bash-3.2# diskutil secureErase 2 /dev/disk2

    Started erase on disk2 untitled

    Error: -69888: Couldn't unmount disk

    -bash-3.2# <<<<so you can see 69888 has to do with permission - as root i shouldnt recieve that error

    -bash: syntax error near unexpected token `<'

    -bash-3.2# stat

    390477728 673 crw--w---- 1 root tty 268435456 0 "Dec 3 04:20:23 2016" "Dec 3 04:20:23 2016" "Dec 3 04:20:23 2016" "Dec 31 16:00:00 1969" 131072 0 0 (stdin)

    -bash-3.2# ls -|

    >

    >

    >

    >

    >

    >
     
  3. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #3
    if the problem is with your account, an OS update may not matter. and the fact that it keeps re-occuring could suggest that the drive itself is damaged (but that's just a guess).

    try creating a test admin account, use that for a few days (obviously, you won't have access to your files, mail, etc). but at least, see how the account behaves, and if the same issues come up... just some thoughts!
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    I don't think there is anything wrong with your disk layout. The only thing off here a bit it the Untitled 232.1GB disk0s4. Did you do that in purpose?

    That Base System disk1s1 looks like you ran diskutil list while booted to Internet Recovery and the disk1s1 is a virtual recovery volume running off a disk image in RAM. All the other misc. volumes are RAM disks used by Internet Recovery and normal.

    I don't believe your issues have anything to do with this disk layout.
     
  5. bcave098 macrumors 6502

    bcave098

    Joined:
    Sep 6, 2015
    Location:
    Northern British Columbia
    #5
    1. The date and time the recipient sees is not based on your computer, but those of the email provider.

    2. What kind of activity?

    3. That could be normal. Assuming you're scanning the IP on your internal network, the macOS firewall is disabled by default.

    4. So... sounds normal.

    5. The list you have looks likely it's from recovery or Internet recovery. What appears when booted normally?

    6. Same as 5.

    7. Visually? What do you mean?

    8. Again, I'm not sure what you mean.

    9. What data?

    10. What about removing the battery?
     

Share This Page