Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

adamvk

macrumors 65816
Original poster
I get this every time I boot.

What do I do?

Screenshot2009-08-31at65728AM.png


(Running 10.6)
 
Anyone?

I also noticed my Mac has been running incredibly slow lately...
 
My cursory Google search says that's a keylogger...

It's not a standard part of OSX, and is likely causing compatibility problems with Snow Leopard.

You'll need to be running an administrator account and will be asked to enter the password for it, for the following.

You should be able to get rid of it by running the .command file at the root of your hard drive, LogKextUninstall.command. If you can't find it, try running it through Terminal.app with the following command:
sh /LogKextUninstall.command

If that still doesn't work (file not found or similar), try downloading the file located here (from the sidebar, view raw file), or just copying all the commands in it to the Terminal window.
 
I'm running Snow Leopard so I think so.

Unless you are on an XServe (server), Snow Leopard should by default boot into 32-bit mode (though you still get the advantage of accessing more than 4GB of RAM and the ability to run applications in 64-bit mode).

You need to hold down the 6 and the 4 keys during boot to force SL to boot in 64-bit mode.

You can check what kernel you are using by choosing:

About This Mac
More Info
Software
64-bit Kernel and Extensions


If the last says Yes, you are in 64-bit. If it says No, you are in 32-bit.

If you are in 32-bit mode, then the problem would not be a 32-bit kext issue.
 
I get this every time I boot.

What do I do?

Screenshot2009-08-31at65728AM.png


(Running 10.6)

Let me ask because it's not clear if you know what this is. It appears to be a key logger where all keystrokes done on your Mac is recorded and often transmitted somewhere else.

Did you knowingly install this tool? If so, you'll need to get a Snow Leopard-compatible version from whereever you got it.

If you didn't knowingly install it originally, then your Mac may have been taken over by crackers ("hackers") up to no good -- stealing usernames/passwords, bank info, identity info, etc.

Just making sure you know what this is.
 
Let me ask because it's not clear if you know what this is. It appears to be a key logger where all keystrokes done on your Mac is recorded and often transmitted somewhere else.

Did you knowingly install this tool? If so, you'll need to get a Snow Leopard-compatible version from whereever you got it.

If you didn't knowingly install it originally, then your Mac may have been taken over by crackers ("hackers") up to no good -- stealing usernames/passwords, bank info, identity info, etc.

Just making sure you know what this is.

O wow. Thanks. I never did install a keylogger on my Mac. Is something I really should be worried about?

Also I am running 32-bit, I checked.
 
Well that is nice that Snow Leopard breaks malware. 😎

This site has some information on the file.

So any idea on how I can get rid of it?

edit: I used spotlight to find it and got rid of it.

2nd edit: I tried to empty the trash but I couldn't because the file is "still in use." I checked the Activity Monitor and it didn't appear there. Any ideas?

Thanks
 
Follow this very carefully, as incorrect execution of this command can be VERY BAD.

1. Open up Terminal.app.
2. Type 'sudo rm -rf ' (without the quotes - but with the space at the end). DO NOT PRESS RETURN YET.
3. Now open up the Trash and DRAG the file you're trying to delete to the active Terminal window. The full line should now read something like 'sudo rm -rf /Users/your_username/.Trash/logKext.kext'.
4. Make sure this is the file you really want to delete, and the line looks exactly like that, aside from your username being different. Press Control-C if it's not correct (or just quit Terminal.app) and try again.
5. Press return and enter your password if it's all correct.
6. Reboot.

This will forcibly remove the file you moved to the trash (presumably the kext - the core of this particular keylogger) only. I do not know what else might be on your system related to this kext or possible trojan.
 
P.S. For the OP, It's a VERY good idea to change all passwords for stuff you accessed from that Mac right now. 🙂

Starting with your own login password to the Mac. But don't forget to include any websites (including MR!) such as banks or anywhere you've visited from that Mac that required an user/password.

Sure, it's an hassle, but it beats not being sure if the bad guys already knows this stuff and could be abusing it, leaving you holding the bag in a situation that sometimes takes many years to clean up (e.g. identity theft).

If you want to easily generate decent random passwords, install MacPorts:

http://www.macports.org/install.php

Then run Terminal.app and do:

$ sudo port install makepasswd
$ makepasswd --chars=8

Voila. That will generate a random password of 8 characters that is of reasonable strength and will not be trivial to brute-force. It generates a new random password every time you run the makepasswd command.
 
Ok, Thanks for advice, and I will try the terminal command later today when I get back.

As for the passwords, luckily all of my passwords are saved so I never type them in, the problem is that who knows when the keylogger thing started. Also I'm very happy because I never check my banking information on my computer, I ALWAYS do that on my phone or iPod.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.