Was I hacked...?

e93to

macrumors 6502a
Original poster
Jan 23, 2015
826
184
Toronto
I saw some peculiar messages on Console ("digest-service"). I've done some research into these messages, and gathered that they are related to sharing servers, host, etc. I don't have my iMac set up to be accessible or shared with other computers on a server. I don't have any shared folder set up with my iMac either.

Furthermore, I don't have my screen sharing or remote desktop enabled, but I saw these on Console:

2/23/20 8:52:34.009 PM com.apple.launchd[1]: (com.apple.RemoteDesktop.agent) Unknown key: ProcessType
2/23/20 8:52:34.009 PM com.apple.launchd[1]: (com.apple.screensharing.agent) Unknown key: ProcessType

2/23/20 8:52:38.598 PM com.apple.launchd.peruser.501[264]: (com.apple.screensharing.agent) Unknown key: ProcessType
2/23/20 8:52:38.598 PM com.apple.launchd.peruser.501[264]: (com.apple.screensharing.MessagesAgent) Unknown key: ProcessType

2/23/20 8:51:51.704 PM com.apple.launchd[1]: (com.apple.RemoteDesktop.PrivilegeProxy) Unknown key: ProcessType
2/23/20 8:52:34.009 PM com.apple.launchd[1]: (com.apple.RemoteDesktop.agent) Unknown key: ProcessType
2/23/20 8:52:38.598 PM com.apple.launchd.peruser.501[264]: (com.apple.RemoteDesktop.agent) Unknown key: ProcessType


I have a reason to believe there is a party interested in hacking into my computer...

Here is a screenshot of the messages:

Screen Shot 2020-02-23 at 9.47.12 PM.png


Screen Shot 2020-02-23 at 9.54.32 PM.png


Screen Shot 2020-02-23 at 10.10.54 PM.png


Screen Shot 2020-02-23 at 10.33.20 PM.png
 
Last edited:

e93to

macrumors 6502a
Original poster
Jan 23, 2015
826
184
Toronto
Those are all normal messages. There's no evidence of being hacked there.
Thank you for your reply.

But I don't have remote access or screen-sharing set up with any other computer. Furthermore, this is a personal computer I use at home. So I thought it was weird to see "digest-service" messages, which are apparently about shared server.
 

xgman

macrumors 601
Aug 6, 2007
4,980
764
to be sure:

Turn off screen sharing on your Mac
  1. On your Mac, choose Apple menu > System Preferences, then click Sharing. Open Sharing preferences for me.
  2. Deselect the Screen Sharing checkbox.
 

DeltaMac

macrumors G4
Jul 30, 2003
10,278
2,702
Delaware
Also, assuming that you don't use sharing in any form, you could make sure that no items in that sharing pane are checked.
 

e93to

macrumors 6502a
Original poster
Jan 23, 2015
826
184
Toronto
to be sure:

Turn off screen sharing on your Mac
  1. On your Mac, choose Apple menu > System Preferences, then click Sharing. Open Sharing preferences for me.
  2. Deselect the Screen Sharing checkbox.

Everything is off in sharing.
 

e93to

macrumors 6502a
Original poster
Jan 23, 2015
826
184
Toronto
I found these on system log:

Feb 27 23:26:27 Qs-iMac sharingd[336]: [Warning] Failed IDSDaemonRequestConnection, no reply
"com.apple.private.alloy.screensharing",
"com.apple.private.alloy.screensharing",
"com.apple.private.alloy.screensharing",
"com.apple.private.alloy.screensharing",
Feb 27 23:26:44 Qs-iMac sharingd[336]: 23:26:44.904 : BTLE scanning started
Feb 27 23:26:44 Qs-iMac sharingd[336]: 23:26:44.905 : Scanning mode Contacts Only
Feb 27 23:26:44 Qs-iMac sharingd[336]: 23:26:44.906 : BTLE scanner Powered On
"com.apple.private.alloy.screensharing",
Feb 27 23:26:55 Qs-iMac sharingd[336]: [Accounts] Failed to update account with identifier A5FF090C-0D5A-4C91-B334-DACD5674959C, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
"com.apple.private.alloy.screensharing",



Does this mean someone tried to access screen-sharing?
 

e93to

macrumors 6502a
Original poster
Jan 23, 2015
826
184
Toronto
Etrecheck.

EtreCheck version: 3.4.4 (448)


Report generated 2020-03-01 21:40:17


Download EtreCheck from
https://etrecheck.com


Runtime: 7:52


Performance: Below Average






Click the [Lookup] links for more information from Apple Support Communities.


Click the [Details] links for more information about that line.


Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.


Click the [Clean up] link to delete unused files.





Problem: No problem - just checking





Hardware Information:


iMac (21.5-inch, Late 2012)


[Technical Specifications] - [User Guide] - [Warranty & Service]


iMac - model: iMac13,1


1 2.7 GHz Intel Core i5 (i5-3330S) CPU: 4-core


8 GB RAM Upgradeable - [Instructions]


BANK 0/DIMM0


4 GB DDR3 1600 MHz ok


BANK 1/DIMM0


4 GB DDR3 1600 MHz ok


Handoff/Airdrop2: supported


Wireless: en1: 802.11 a/b/g/n





Video Information:


NVIDIA GeForce GT 640M - VRAM: 512 MB


iMac 1920 x 1080





Disk Information:


APPLE HDD ST1000LM024 disk0: (1 TB) (Rotational)


[Show SMART report]


(disk0s1) <not mounted> [EFI]: 210 MB


Macintosh HD (disk0s2 - Journaled HFS+) / [Startup]: 897.63 GB (373.31 GB free)


(disk0s3) <not mounted> [Recovery]: 650 MB


disk0s4 (disk0s4 - Journaled HFS+) /Volumes/disk0s4 : 101.58 GB (101.37 GB free)





USB Information:


USB20Bus


hub_device


hub_device


Apple Inc. BRCM20702 Hub


Apple Inc. Bluetooth USB Host Controller


Apple, Inc. Keyboard Hub


Areson USB Device


Apple Inc. Apple Keyboard


USB20Bus


hub_device


Apple Inc. FaceTime HD Camera (Built-in)


USB30Bus





Thunderbolt Information:


Apple Inc. thunderbolt_bus





System Software:


OS X El Capitan 10.11.6 (15G22010) - Time since boot: about 9 hours





Configuration files:


/etc/sysctl.conf - File exists but not expected





Gatekeeper:


Mac App Store and identified developers





Possible adware:


Unknown file: /Library/LaunchAgents/com.avid.avidlink.plist


/Applications/Avid/Avid Link/Avid Link.app/Contents/MacOS/Avid Link --trayonly



One possible adware file found. [Remove/Report]





Clean up:


/Library/LaunchDaemons/PACESupport.plist


/System/Library/Extensions/PACESupportFamily.kext/Contents/Resources/paceload


Executable not found!


/Library/LaunchDaemons/com.avid.interplay.editorbroker.plist


./RunAvidEditorBroker.bash /Applications/Avid/EditorTranscode/DBScript 0


Executable not found!


/Library/LaunchDaemons/com.avid.interplay.editortranscodestatus.plist


./AvidEditorTranscodeStatusMac.bash /Applications/Avid/EditorTranscode/rnc-central 0


Executable not found!


3 orphan files found. [Clean up]





Kernel Extensions:


/System/Library/Extensions


[not loaded] com.Avid.driver.AvidDX (5.9.0 - SDK 10.8) [Lookup]





Startup Items:


PACESupport: Path: /Library/StartupItems/PACESupport


Startup items no longer function in OS X Yosemite or later





System Launch Agents:


[not loaded] 6 Apple tasks


[loaded] 155 Apple tasks


[running] 79 Apple tasks





System Launch Daemons:


[not loaded] 47 Apple tasks


[loaded] 149 Apple tasks


[running] 95 Apple tasks





Launch Agents:


[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2020-02-27) [Lookup]


[not loaded] com.adobe.GC.AGM.plist (Adobe Systems, Inc. - installed 2020-03-01) [Lookup]


[loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2020-03-01) [Lookup]


[failed] com.avid.avidlink.plist (? 2e2ada7 15ffc5e0 - installed 2020-02-28) [Lookup]


[loaded] com.avid.backgroundservicesmanager.plist (? 133f6fbb c38555fb - installed 2020-02-28) [Lookup]


[loaded] com.avid.dmfsupportsvc.plist (? b3310ad0 6f309a10 - installed 2020-02-28) [Lookup]


[loaded] com.avid.interplay.dmfservice.plist (? aac1ddaa fbb3db32 - installed 2020-02-28) [Lookup]


[loaded] com.avid.interplay.editortranscode.plist (? 3be95b8d 28f7d725 - installed 2020-02-28) [Lookup]


[loaded] com.avid.transcodeserviceworker.plist (? ab3f9dad 9e3339db - installed 2020-02-28) [Lookup]


[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2020-02-28) [Lookup]





Launch Daemons:


[failed] PACESupport.plist (? ab6b5614 0 - installed 2013-02-01) [Lookup] - /System/Library/Extensions/PACESupportFamily.kext/Contents/Resources/paceload: Executable not found!


[loaded]
com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2017-12-16) [Lookup]


[loaded] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2020-03-01) [Lookup]


[loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2020-01-27) [Lookup]


[loaded] com.autodesk.adlm.plist (Shell Script f68231d7 - installed 2016-07-08)


[running] com.autodesk.backburner_manager.plist (? 7756993a 34b1737a - installed 2014-02-06) [Lookup]


[running] com.autodesk.backburner_server.plist (? d65be064 5d033543 - installed 2014-02-06) [Lookup]


[loaded] com.autodesk.backburner_start.plist (Shell Script 2fc05dde - installed 2014-02-06) [Lookup]


[running] com.autodesk.dl_mpd.plist (? 2de868c4 d4304323 - installed 2014-04-30) [Lookup]


[running] com.autodesk.sw_bwmgr.plist (? bcd98cea a41bb4d3 - installed 2014-04-30) [Lookup]


[running] com.autodesk.sw_dbd.plist (? 8eaac8bb cf252828 - installed 2014-04-30) [Lookup]


[running] com.autodesk.sw_ifffs.plist (? 81f984ce 52b00805 - installed 2014-04-30) [Lookup]


[running] com.autodesk.sw_probed.plist (? 2d8f959a b46a5349 - installed 2014-04-30) [Lookup]


[running] com.autodesk.sw_server.plist (Apple, Inc. - installed 2016-07-08)


[loaded] com.autodesk.sw_start.plist (Shell Script 1586a21a - installed 2014-04-30) [Lookup]


[running] com.autodesk.wiretapgateway.plist (? 3e3ecb48 5b5b2a19 - installed 2014-04-30) [Lookup]


[failed] com.autodesk.wiretapgateway_start.plist (Shell Script 6032547e - installed 2014-04-30) [Lookup]


[loaded] com.avid.AMCUninstaller.plist (? 9ab338b5 c8796551 - installed 2020-02-26) [Lookup]


[loaded] com.avid.bsd.shoetoolv120.plist (Avid Technology Inc - installed 2020-02-28) [Lookup]


[running] com.avid.hub.service.plist (Avid Technology Inc - installed 2017-11-09) [Lookup]


[running] com.avid.interplay.editorbroker.plist (? dbf8b72b 0 - installed 2020-02-28) [Lookup] - ./RunAvidEditorBroker.bash: Executable not found!


[running]
com.avid.interplay.editortranscodestatus.plist (? ed44ae64 0 - installed 2020-02-28) [Lookup] - ./AvidEditorTranscodeStatusMac.bash: Executable not found!


[running]
com.avid.transport.client.plist (Avid Technology Inc - installed 2017-11-09) [Lookup]


[loaded] com.bombich.ccchelper.plist (Bombich Software, Inc. - installed 2017-08-23) [Lookup]


[loaded] com.malwarebytes.HelperTool.plist (Malwarebytes Corporation - installed 2020-02-28) [Lookup]


[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2020-02-28) [Lookup]


[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2020-02-28) [Lookup]


[loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e afb3bef0 - installed 2010-08-25) [Lookup]


[running] com.ni.ServiceLocator.plist (National Instruments - installed 2015-06-17) [Lookup]


[running] com.paceap.eden.licensed.plist (PACE Anti-Piracy, Inc. - installed 2020-02-28) [Lookup]





User Launch Agents:


[loaded] com.adobe.ARM.[...].plist (? 560d19c8 982a8b77 - installed 2015-11-06) [Lookup]


[loaded] com.adobe.ARM.[...].plist (? 881a4a1c b30b9bfc - installed 2020-02-27) [Lookup]


[loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2020-03-01) [Lookup]


[loaded] com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.DAAB6AC1-40E1-4143-8E61-8ADD3A4EC743.plist (Apple, Inc. - installed 2020-02-26)


[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2020-02-26) [Lookup]


[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2020-02-26) [Lookup]


[loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2020-02-26) [Lookup]


[loaded] com.valvesoftware.steamclean.plist (? 33bfe4b1 7ce0c9ef - installed 2019-05-10) [Lookup]





User Login Items:


myPassword Application


(/Applications/myPassword.app)


iTunesHelper Application (Apple, Inc. - installed 2020-02-26)


(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)


HyperDock Helper Application


(~/Library/PreferencePanes/HyperDock.prefpane/Contents/Resources/HyperDock Helper.app)


Fantastical Application


(/Applications/Fantastical.app)


Backup and Sync from Google Application


(/Applications/Backup and Sync.app)


Dropbox Application


(/Applications/Dropbox.app)


Jumpcut Application


(/Applications/Jumpcut.app)


SteadyTune Application


(/Applications/SteadyTune.app)


aLaunch Application


(/Applications/aLaunch.app)


CrossOver CD Helper Application


(/Applications/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)


PopClip Application


(/Applications/PopClip.app)


Amphetamine Application


(/Applications/Amphetamine.app)


Bandwidth+ Application


(/Applications/Bandwidth+.app)


iTranslate Application


(/Applications/iTranslate.app)


Rapid Note Application


(/Applications/Rapid Note.app)


ExpressionsinBar Application


(/Applications/ExpressionsinBar.app)


HazelHelper Application


(~/Library/PreferencePanes/Hazel.prefPane/Contents/MacOS/HazelHelper.app)


Backup and Sync from Google Application


(/Applications/Backup and Sync.app)


Meteorologist Classic Application


(/Applications/Meteorologist Classic.app)


MacGameStore Helper Application


(~/Library/Application Support/MacGameStore.com/Helper/MacGameStore Helper.app)


RSS Reader Application


(/Applications/RSS Reader.app)


OneDrive Application


(/Applications/OneDrive.app)


OneDrive Launcher SMLoginItem - Hidden (Apple, Inc. - installed 2020-02-26)


(/Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app)


aLaunchLoginHelper SMLoginItem - Hidden (? 0 - installed 2014-01-03)


(/Applications/aLaunch.app/Contents/Library/LoginItems/aLaunchLoginHelper.app)


StartAtLoginHelper SMLoginItem - Hidden (Apple, Inc. - installed 2016-10-12)


(/Applications/Rapid Note.app/Contents/Library/LoginItems/StartAtLoginHelper.app)





Internet Plug-ins:


AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 (installed 2020-02-27) [Lookup]


FlashPlayer-10.6: 32.0.0.330 (installed 2020-02-23) [Lookup]


QuickTime Plugin: 7.7.3 (installed 2020-02-26)


AdobePDFViewerNPAPI: 11.0.13 (installed 2015-11-06) [Lookup]


AdobePDFViewer: 11.0.13 (installed 2015-11-06) [Lookup]


Flash Player: 32.0.0.330 (installed 2020-02-23) [Lookup]


Default Browser: 601 (installed 2016-07-08)


LV150HelperLauncher: 15.0.0 (installed 2015-06-17) [Lookup]





User internet Plug-ins:


Picasa: 1.0 (installed 2015-10-13) [Lookup]





3rd Party Preference Panes:


Flash Player (installed 2020-01-27) [Lookup]


Hazel (installed 2014-04-08) [Lookup]


HyperDock (installed 2015-09-29) [Lookup]


MenuMeters (installed 2014-10-22) [Lookup]





Time Machine:


Skip System Files: NO


Mobile backups: OFF


Auto backup: NO - Auto backup turned off


Volumes being backed up:


Macintosh HD: Disk size: 897.63 GB Disk used: 524.31 GB


Destinations:


Q BACK-UP [Local]


Total size: 1.60 TB


Total number of backups: 69


Oldest backup: 8/23/15, 1:04 AM


Last backup: 2/28/20, 5:36 PM


Size of backup disk: Adequate


Backup size 1.60 TB > (Disk used 524.31 GB X 3)





Q's iMac Backup [Local]


Total size: 499.76 GB


Total number of backups: 2


Oldest backup: 3/21/19, 8:44 PM


Last backup: 3/21/19, 8:44 PM


Size of backup disk: Too small


Backup size 499.76 GB < (Disk used 524.31 GB X 3)





Top Processes by CPU:


155% AvidAppManHelper


12% socketfilterfw


3% Google Chrome Helper (Renderer)


3% Google Chrome Helper (Renderer)


3% kernel_task





Top Processes by Memory:


789 MB kernel_task


498 MB Google Chrome Helper (Renderer)


408 MB softwareupdated


320 MB Google Chrome Helper (Renderer)


243 MB Google Chrome





Top Processes by Energy Use:


14.66 WindowServer


14.06 socketfilterfw


13.66 Google Chrome Helper (Renderer)


7.42 Google Chrome


5.84 Google Chrome Helper (GPU)





Virtual Memory Information:


1.91 GB Available RAM


267 MB Free RAM


6.09 GB Used RAM


1.65 GB Cached files


0 B Swap Used





Software installs:


Adobe Flash Player: (installed 2020-02-23)


KakaoTalk: 2.7.1 (installed 2020-02-26)


iBoostUp: 7.9 (installed 2020-02-26)


Leaf: 5.1.5 (installed 2020-02-26)


LINE: 5.22.0 (installed 2020-02-26)


Physics 101: 9.0.2 (installed 2020-02-26)


Statistics Pro: 1.4 (installed 2020-02-26)


Bitdefender Virus Scanner: 3.15 (installed 2020-02-26)


ReaditNews: 2.5 (installed 2020-02-26)


Hancom Office HWP 2014 VP Viewer: 10.30.3 (installed 2020-02-26)


Amphetamine: 5.0 (installed 2020-02-26)


RSS Reader: 2.1.5 (installed 2020-02-26)


iTranslate: 1.4.7 (installed 2020-02-26)


MathStudio: 7.3.2 (installed 2020-02-26)


OpusDomini: 2.7.1 (installed 2020-02-26)


OneDrive: 19.012.0121 (installed 2020-02-26)


SketchBook: 8.7.0 (installed 2020-02-26)


Stave'n'Tabs: 4.5.2 (installed 2020-02-26)


Deflection: 4.2.5 (installed 2020-02-26)


Hivebench: 4.3 (installed 2020-02-26)


elucidaid: 2.1.6 (installed 2020-02-26)


Life Journal: 1.2 (installed 2020-02-26)


Roadmap Planner: 2.7 (installed 2020-02-26)


Opus One: 1.8.1 (installed 2020-02-26)


Speedtest: 1.10 (installed 2020-02-26)


OmniPlan: 3.7.3 (installed 2020-02-26)


"Avid Link": 19.4.0.501 (installed 2020-02-26)


Sibelius: (installed 2020-02-26)


Adobe Acrobat XI Pro (11.0.23): (installed 2020-02-27)


License Support: (installed 2020-02-28)


Avid Cloud Client Services: 2.4.0 (installed 2020-02-28)


"Avid Link": 19.10.0.921 (installed 2020-02-28)


Media Composer: 19.12.0.53599 (installed 2020-02-28)


"Avid Link": 20.1.0.1090 (installed 2020-02-28)


License Support: (installed 2020-02-28)


Avid Cloud Client Services: 2.4.0 (installed 2020-02-28)


Media Composer: 2018.11.0.49905 (installed 2020-02-28)


Avid Cloud Client Services: 2.4.0 (installed 2020-02-28)


Avid Application Manager: 2018.6.18515 (installed 2020-02-28)


XPand II: (installed 2020-02-28)


First Avid Loopmasters 1.0: (installed 2020-02-28)


Pro Tools | First: (installed 2020-02-28)


"Avid Link": 19.4.0.501 (installed 2020-02-28)


Sibelius: (installed 2020-02-28)


Malwarebytes for Mac: (installed 2020-02-28)


iBoostUp: 8.0 (installed 2020-03-01)





Install information may not be complete.





Diagnostics Information:


2020-02-28 13:33:29 BitdefenderVirusScanner.app High CPU use [Open] [Details]


2020-02-28 12:54:44 Hub Crash [Open]


Cause: abort() called


*** error for object 0x7f96e1d28dc8: incorrect checksum for freed object - object was probably modified after being freed.


2020-02-28 00:40:25 AvidMediaComposer.app Crash [Open]


Cause: dyld: launch, loading dependent libraries
 
Last edited by a moderator:

RogerWilco6502

macrumors 65816
Jan 12, 2019
1,160
1,050
I found these on system log:
...
Feb 27 23:26:44 Qs-iMac sharingd[336]: 23:26:44.904 : BTLE scanning started
Feb 27 23:26:44 Qs-iMac sharingd[336]: 23:26:44.905 : Scanning mode Contacts Only
Feb 27 23:26:44 Qs-iMac sharingd[336]: 23:26:44.906 : BTLE scanner Powered On
This looks like it's related to AirDrop, so no worries there

I found these on system log:

Feb 27 23:26:27 Qs-iMac sharingd[336]: [Warning] Failed IDSDaemonRequestConnection, no reply
"com.apple.private.alloy.screensharing",
"com.apple.private.alloy.screensharing",
"com.apple.private.alloy.screensharing",
"com.apple.private.alloy.screensharing",
...
"com.apple.private.alloy.screensharing",
Feb 27 23:26:55 Qs-iMac sharingd[336]: [Accounts] Failed to update account with identifier A5FF090C-0D5A-4C91-B334-DACD5674959C, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
"com.apple.private.alloy.screensharing",



Does this mean someone tried to access screen-sharing?
Most likely not. While I'm not certain, it could be the VNC service runs even when screen sharing isn't enabled. If that is the case, these messages are likely from that.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.