I believe I have a key logger or spyware on my computer

Similar Messages

• I believe I have a key logger and/or monitor on my computer could someone help me determine if I send you my terminal info

  Here is my terminal:
  sh-3.2$ tstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
  sh: tstat: command not found
  sh-3.2$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'
  Password:
  com.microsoft.office.licensing.helper
  com.adobe.fpsaud
  sh-3.2$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
  com.microsoft.autoupdate.fba.50016
  com.microsoft.Word.24848
  com.google.Chrome.23792
  com.google.keystone.user.agent
  sh-3.2$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
  /Library/Components:
  /Library/Extensions:
  ATTOCelerityFC8.kext
  ATTOExpressSASHBA2.kext
  ATTOExpressSASRAID2.kext
  ArcMSR.kext
  CalDigitHDProDrv.kext
  HighPointIOP.kext
  HighPointRR.kext
  PromiseSTEX.kext
  SoftRAID.kext
  /Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  AudioMixEngine.framework
  NyxAudioAnalysis.framework
  PluginManager.framework
  iTunesLibrary.framework
  /Library/Input Methods:
  /Library/Internet Plug-Ins:
  Default Browser.plugin
  Flash Player.plugin
  JavaAppletPlugin.plugin
  Quartz Composer.webplugin
  QuickTime Plugin.plugin
  SharePointBrowserPlugin.plugin
  SharePointWebKitPlugin.webplugin
  flashplayer.xpt
  nsIQTScriptablePlugin.xpt
  /Library/Keyboard Layouts:
  /Library/LaunchAgents:
  com.oracle.java.Java-Updater.plist
  /Library/LaunchDaemons:
  com.adobe.fpsaud.plist
  com.microsoft.office.licensing.helper.plist
  com.oracle.java.Helper-Tool.plist
  /Library/PreferencePanes:
  Flash Player.prefPane
  JavaControlPanel.prefPane
  /Library/PrivilegedHelperTools:
  com.microsoft.office.licensing.helper
  /Library/QuickLook:
  iBooksAuthor.qlgenerator
  iWork.qlgenerator
  /Library/QuickTime:
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component
  /Library/ScriptingAdditions:
  /Library/Spotlight:
  Microsoft Office.mdimporter
  iBooksAuthor.mdimporter
  iWork.mdimporter
  /Library/StartupItems:
  /etc/mach_init.d:
  /etc/mach_init_per_login_session.d:
  /etc/mach_init_per_user.d:
  Library/Address Book Plug-Ins:
  SkypeABDialer.bundle
  SkypeABSMS.bundle
  Library/Fonts:
  Library/Input Methods:
  .localized
  Library/Internet Plug-Ins:
  Library/Keyboard Layouts:
  Library/LaunchAgents:
  com.google.keystone.agent.plist
  Library/PreferencePanes:
  Library/Services:
  .localized
  sh-3.2$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
  iTunesHelper
  Anything look funny? I am sooooooo new to this stuff I'm at a loss.
  Believe me, I am learning quickly though.
  Any and all help would be appreciated.
  ~R

  Hey Linc. I was playing around with WireShark and someone got on my computer through the printer port. I believe they setup a new user and maybe messing with my computer. I did all the steps above. Can I send you the results?
  ~kbgeorgia

• I believe I have a key logger and need help finding out.

  I've seen various threads around here with some nice people helping to locate a keylogger on various version of Mac OSX...  I'm hoping you can do the same for me!

  Open Terminal and paste this line followed by pressing enter,
  ps -A > process.txt
  the file will appear in your home folder
  open it, select all and copy, paste in a post here.

• When entering an address, I am always queried to allow forwarding or not. Does that mean I have a key-logger attached to my searches?

  When entering an address, I am always queried to allow forwarding or not. Does that mean I have a key-logger attached to my searches? The message says Firefox prohibited redirection to another page, even when I open my home page. Please advise.

  I would recommend posting in the iTunes forum: https://discussions.apple.com/community/itunes/itunes_for_mac

• I believe that I have a key logger installed on my mac

  Hello, I am pretty sure there is some sort of keylogger installed on my Mac.  Going through a divorce right now and I know for a fact that the other party is able to access my computer somehow.  I think it is a key logger because they know way too much information and have told me that they have been able to watch me writing emails.  I found the Linc Davis email with instructions on how to check the shell commands.  Can anyone please look at this and tell me if they see anything out of the ordinary?  Thanks in advance.
  Password:
  com.microsoft.office.licensing.helper
  com.macromates.auth_server
  com.adobe.fpsaud
  Keiths-MacBook-Air:~ keithnemeth$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
  com.microsoft.autoupdate.fba.10064
  Keiths-MacBook-Air:~ keithnemeth$
  Keiths-MacBook-Air:~ keithnemeth$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
  /Library/Components:
  /Library/Extensions:
  ATTOCelerityFC8.kext
  ATTOExpressSASHBA2.kext
  ATTOExpressSASRAID2.kext
  ArcMSR.kext
  CalDigitHDProDrv.kext
  HighPointIOP.kext
  HighPointRR.kext
  PromiseSTEX.kext
  SoftRAID.kext
  /Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  AudioMixEngine.framework
  EWSMac.framework
  NyxAudioAnalysis.framework
  PluginManager.framework
  iTunesLibrary.framework
  /Library/Input Methods:
  /Library/Internet Plug-Ins:
  Default Browser.plugin
  Flash Player.plugin
  GarminGpsControl.plugin
  Quartz Composer.webplugin
  QuickTime Plugin.plugin
  SharePointBrowserPlugin.plugin
  SharePointWebKitPlugin.webplugin
  flashplayer.xpt
  nsIQTScriptablePlugin.xpt
  /Library/Keyboard Layouts:
  /Library/LaunchAgents:
  /Library/LaunchDaemons:
  com.adobe.fpsaud.plist
  com.macromates.auth_server.plist
  com.microsoft.office.licensing.helper.plist
  /Library/PreferencePanes:
  Flash Player.prefPane
  /Library/PrivilegedHelperTools:
  com.macromates.auth_server
  com.microsoft.office.licensing.helper
  /Library/QuickLook:
  iBooksAuthor.qlgenerator
  iWork.qlgenerator
  /Library/QuickTime:
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component
  /Library/ScriptingAdditions:
  /Library/Spotlight:
  Microsoft Office.mdimporter
  iBooksAuthor.mdimporter
  iWork.mdimporter
  /Library/StartupItems:
  /etc/mach_init.d:
  /etc/mach_init_per_login_session.d:
  /etc/mach_init_per_user.d:
  Library/Address Book Plug-Ins:
  Library/Fonts:
  Library/Frameworks:
  EWSMac.framework
  Library/Input Methods:
  .localized
  Library/Internet Plug-Ins:
  Library/Keyboard Layouts:
  Library/LaunchAgents:
  Library/PreferencePanes:
  Library/Services:
  .localized
  Keiths-MacBook-Air:~ keithnemeth$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
  iTunesHelper, Genieo
  Keiths-MacBook-Air:~ keithnemeth$

  Knemeth16 wrote:
  Ok, but that doesn't help my situation with the key logger.
  I don't think we fully understand your objective with regard to it. Are you trying to verify it's presence or just get rid of it?
  If the former you should know that only one anti-malware vendor targets such things and it isn't very good at what it tries to do. Since almost all keyloggers and other spyware serves legitimate purposes and is commercial or hack software, it normally won't be detected. Installation requires physical access to your computer or local network, so other types of malware are not the issue here.
  Do you recognize the source of all the files listed above? There are several names that I don't recognize.
  If you simply want it gone, then shldr2thewheel has the best ideal. Even though re-installing the OS should preserve all your user files, make sure you have a complete, viable backup before you do the restore. There will probably be fragments of any keylogger that was installed, but in all probability it will have been disabled.

• Can anyone help me find out if i have a key logger on my mac?

  Hi,
  Just wondering if anyone could help me find out if i have a Keylogger installed on my computer?
  My friend has clearly been on a download website for them but i cannot tell if he actually set it up or not
  Any help would be greatly appreciated.
  Thanks

  I am running MAC OS X version 10.7.5
  yeah i password protect the system, but he was drunk and thought it would be hilarious to do.
  i am just a casual user of the computer so do not have the knowledge to see if he has installed anything.
  Where can i get a copy of the operating software to re install?
  Thanks for your help

• Can anyone please help with a review of these files to see if you might recognize a key logger or spyware program?

  com.oxsemi.driver.OxsemiDeviceType00 (1.28.13)
  at.obdev.nke.LittleSnitch (4052)
  Password:
  com.wdc.WDSmartWareServer
  com.wdc.WDDMservice
  com.sierrawireless.SwitchTool
  com.oracle.java.JavaUpdateHelper
  com.oracle.java.Helper-Tool
  com.microsoft.office.licensing.helper
  com.lacie.desktopmanager.service
  com.google.keystone.daemon
  com.adobe.fpsaud
  at.obdev.littlesnitchd
  jp.buffalo.NASPower
  com.oracle.java.Java-Updater
  com.lacie.eventsactions.launcher.agent
  com.hp.messagecenter.launcher
  com.hp.devicemonitor
  com.google.keystone.system.agent
  at.obdev.LittleSnitchUIAgent
  com.nds.pcshow.uninstall
  com.nds.pcshow
  com.facebook.videochat.thomasbrown.updater
  com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae
  com.adobe.AAM.Scheduler-1.0
  LaCie DiscRecording/LaCie DiscRecording.pkg:Contents/Library/Address Book Plug-Ins:/Library/Components:/Library/Extensions:/Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  Adobe AIR.framework
  AudioMixEngine.framework
  EWSMac.framework
  HPDeviceModel.framework
  HPPml.framework
  HPScan.framework
  HPServicesInterface.framework
  HPSmartPrint.framework
  HPSmartX.framework
  NyxAudioAnalysis.framework
  PluginManager.framework
  Snapfish.framework
  iLifeFaceRecognition.framework
  iLifeKit.framework
  iLifePageLayout.framework
  iLifeSQLAccess.framework
  iLifeSlideshow.framework
  iTunesLibrary.framework
  /Library/Input Methods: /Library/Internet Plug-Ins:
  AdobePDFViewer.plugin
  Flash Player.plugin
  JavaAppletPlugin.plugin
  Quartz Composer.webpluginQuickTime Plugin.plugin
  SharePointBrowserPlugin.plugin
  SharePointWebKitPlugin.webplugin
  Silverlight.plugin
  flashplayer.xpt
  googletalkbrowserplugin.plugin
  iPhotoPhotocast.plugin
  npgtpo3dautoplugin.plugin
  nsIQTScriptablePlugin.xpt
  o1dbrowserplugin.plugin /Library/Keyboard Layouts: /Library/LaunchAgents:
  at.obdev.LittleSnitchUIAgent.plist
  com.adobe.AAM.Updater-1.0.plist
  com.google.keystone.agent.plist
  com.hp.devicemonitor.plist
  com.hp.messagecenter.launcher.plist
  com.lacie.eventsactions.launcher.agent.plist
  com.oracle.java.Java-Updater.plist
  jp.buffalo.NASPower.plist
  jp.buffalo.NASPower_pla.plist
  /Library/LaunchDaemons:
  at.obdev.littlesnitchd.plist
  com.adobe.fpsaud.plist
  com.apple.remotepairtool.plist
  com.google.keystone.daemon.plist
  com.lacie.desktopmanager.service.plist
  com.microsoft.office.licensing.helper.plist
  com.oracle.java.Helper-Tool.plist
  com.oracle.java.JavaUpdateHelper.plist
  com.sierrawireless.SwitchTool.plist
  com.wdc.WDDMservice.plist
  com.wdc.WDSmartWareServer.plist
  /Library/PreferencePanes:Flash Player.prefPaneHP Scanjet.prefPane
  JavaControlPanel.prefPane
  /Library/PrivilegedHelperTools:.DS_StoreNasNavigator2.app
  com.microsoft.office.licensing.helper
  com.oracle.java.JavaUpdateHelper
  /Library/QuickLook:
  GBQLGenerator.qlgenerator
  iWork.qlgenerator
  /Library/QuickTime:
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component /Library/ScriptingAdditions: /Library/Spotlight:
  GBSpotlightImporter.mdimporter
  Microsoft Entourage.mdimporterMicrosoft Office.mdimporter
  iWeb.mdimporter
  iWork.mdimporter
  /Library/StartupItems:ChmodBPFHP IOLocSvc /etc/mach_init.d: /etc/mach_init_per_login_session.d: /etc/mach_init_per_user.d: Library/Address Book Plug-Ins:
  SkypeABDialer.bundle
  SkypeABSMS.bundle
  Library/Fonts:04b-08.suitArialBrush ScriptTimes New RomanVerdanaWingdingsWingdings 2Wingdings 3
  encodings.dir
  fonts.dir
  fonts.list
  fonts.scale
  Library/Frameworks:
  EWSMac.framework
  Library/Internet Plug-Ins:
  FacebookVideoCalling.bundle
  Move-Media-Player.plugin
  PlayerPlugin.bundle
  fbplugin_1_0_3.plugin Library/Keyboard Layouts: Library/LaunchAgents:
  com.adobe.AAM.Updater-1.0.plist
  com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
  com.facebook.videochat.thomasbrown.plist
  com.nds.pcshow.plist
  com.nds.pcshow.uninstall.plist
  Library/PreferencePanes:
  Opera Preferences
  TomTomHOMERunner, LDMStatusItem, apple-scc-20130209-112927

  I want to take this case to the police and need to have the program to do so. I realize that I can re-intsall the OS and take care of any spyware that way however, I would destroy any evidence that would be needed.

• How to determine if mbp has key logger or spyware

  Strange logs and possible spyware. Brand new mbp, migrated from older mbp and now wondering if i should wipe it clean and start over. Not sure what all migrated over to my new mbp.
  Most of my google questions took me to Linc Davis discussions.
  I am new to this help site and appreciate the expert advise.
  Thank you for helping!  Please let me know what logs you need to assess the situation.

  Just retrieve it like any other attribute !!!!String returnedAtts[]={"sn","givenName","distinguishedName","msDS-UserPasswordExpired"};
  searchCtls.setReturningAttributes(returnedAtts);
  Attributes attrs = sr.getAttributes();
  if (attrs != null) {
  try {
  System.out.println("Password Expired: " + attrs.get("msDS-UserPasswordExpired").get());
  .....A constructed attribute simply means that it's value is automagically constucted by the domain controller when it is explicitly requested. It is not an attribute where the value is stored in the directory.
  No need to refresh caches etc.
  The reference to refreshing the cache for .NET (and in particular ADSI) is that ADSI automagically constructs a cache for all of the persisted attributes of an object.

• Request for key-logger check -- followed instructions from old threads

  Hi everyone,
  This is my first post on this site.  I've become worried about malware installed on my computer (credit card info was stolen last week).  After reading several related posts I am hopeful that I don't actually have a key-logger installed on my computer (since I don't think anyone around me installed malicious software, and it seems unlikely a website could install it without my consent), but I would like to be sure.
  I have followed instructions posted by Linc, and generated this output in terminal:
  --------Terminal output--------
  Test 1 output:
  Test 2 output:
  com.microsoft.office.licensing.helper
  com.google.keystone.daemon
  com.adobe.fpsaud
  Test 3 output:
  com.google.keystone.system.agent
  com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae
  com.adobe.AAM.Scheduler-1.0
  Test 4 output:
  /Library/Components:
  /Library/Extensions:
  /Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  Adobe AIR.framework
  AudioMixEngine.framework
  NyxAudioAnalysis.framework
  PluginManager.framework
  Python.framework
  iTunesLibrary.framework
  /Library/Input Methods:
  /Library/Internet Plug-Ins:
  AdobePDFViewer.plugin
  AdobePDFViewerNPAPI.plugin
  AmazonMP3DownloaderPlugin101736.plugin
  CitrixICAClientPlugIn.plugin
  Flash Player.plugin
  JavaAppletPlugin.plugin
  Mathematica.plugin
  Quartz Composer.webplugin
  QuickTime Plugin.plugin
  SharePointBrowserPlugin.plugin
  SharePointWebKitPlugin.webplugin
  Silverlight.plugin
  flashplayer.xpt
  googletalkbrowserplugin.plugin
  npgtpo3dautoplugin.plugin
  nsIQTScriptablePlugin.xpt
  o1dbrowserplugin.plugin
  /Library/Keyboard Layouts:
  /Library/LaunchAgents:
  com.adobe.AAM.Updater-1.0.plist
  com.google.keystone.agent.plist
  /Library/LaunchDaemons:
  com.adobe.fpsaud.plist
  com.apple.remotepairtool.plist
  com.google.keystone.daemon.plist
  com.microsoft.office.licensing.helper.plist
  /Library/PreferencePanes:
  Flash Player.prefPane
  TeXDistPrefPane.prefPane
  /Library/PrivilegedHelperTools:
  com.microsoft.office.licensing.helper
  /Library/QuickLook:
  iWork.qlgenerator
  /Library/QuickTime:
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component
  /Library/ScriptingAdditions:
  /Library/Spotlight:
  Microsoft Office.mdimporter
  Wolfram Notebook.mdimporter
  iWork.mdimporter
  /Library/StartupItems:
  /etc/mach_init.d:
  /etc/mach_init_per_login_session.d:
  /etc/mach_init_per_user.d:
  Library/Address Book Plug-Ins:
  SkypeABDialer.bundle
  SkypeABSMS.bundle
  Library/Fonts:
  Library/Input Methods:
  .localized
  Library/Internet Plug-Ins:
  .DS_Store
  Google Earth Web Plug-in.plugin
  WebEx64.plugin
  Library/Keyboard Layouts:
  Library/LaunchAgents:
  com.adobe.AAM.Updater-1.0.plist
  com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
  com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.3D2FB447-CF7A-4D6C-B796-C91 08A0F0174.plist
  Library/PreferencePanes:
  Test 5 output:
  iTunesHelper, Dropbox, AdobeResourceSynchronizer, Popup
  --------end Terminal output--------
  I've found several other threads with different suggestions for rooting out and eliminating key-loggers. Is this step (above) sufficient, or is there more I should do?  I just read stuff on the flashback virus (on this forum) and followed some Terminal prompts.  I don't think I have it, but I do think I'm getting paranoid now.
  Thanks

  There are many, many possible ways for your credit card number to get stolen. Malware on your Mac, while possible, is the most unlikely. So unlikely that I would not consider it without a good reason.
  As to the question of how to detect a keylogger... that's very difficult. You can detect known malware fairly easily, with a good anti-virus program. However, no current Mac malware incorporates a keylogger. Most includes a backdoor of some kind, which could be used by a hacker to install a keylogger remotely, if you were infected. Alternately, someone malicious with physical access to your computer could also install a keylogger.
  Here's the issue... when you have someone consciously installing a keylogger on your machine, you can't really ever be sure you've detected it. It could be disguised as something legit. It could even replace a system component. Someone with a lot of experience might be able to locate the keylogger, using various methods. You could try to install something like Little Snitch, to intercept any transmissions that software might make... but if someone's already got a backdoor (or physical access) allowing them to install a keylogger, what's to stop them from disabling Little Snitch?
  Bottom line, there's really no reason to believe you have a keylogger on your Mac. However, if you should, at some point in the future, become convinced that you have a keylogger, the only true solution will be to erase the hard drive and reinstall everything from scratch.

• Illegal use of Key Logger

  Help! I believe an ex boyfriend of mine has placed key logger on my computer. I already read about reinstall, which I may do if I can find the original discs for my computer, however, I'd like to prove key logger is even on the computer first. He has been stalking me. Can someone answer these questions?:
  1. What key logger programs are out there for mac? Someone in a post earlier said there were only two. Is this true? I called Spector and they said the only thing I can do is hope it is their software, order their discs and do an uninstall. I hate to pay money for their discs when I don't even know if that is the software he used. Is there any way my of knowing?
  2. This guy did have the opportunity to load something on the machine and he is computer savy. Especially with Macs. He was monitoring another computer (I caught him).
  3. If I am no longer at the place where he is, is it still possible for him to continue monitoring this machine some 4 years later remotely if he did install a key logger, or do I have to be in the same house, same network, etc. It's been several years since I've seen him and I've moved since and have changed ISPs. Things have transpired that lead me to believe he may still be monitoring this computer.
  4. Is there anyway to detect that a key logger is on the machine so I can prove it to the police before I delete everything and reinstall?
  Any help is appreciated. I've spoken to a couple of apple techs who were unable to help me. I have OS X on this machine.
  Thanks.
  iMac   Mac OS X (10.3.9)  
  iMac   Mac OS X (10.3.9)  

  Hi Betty,
  Thought of something else important you should do. Depending on ex boyfriend's computer abilities, he may also know your MAC (Media Access Control) address and/or IP address. So when you erase the hard drive and reinstall OS X, follow these steps.
  1) When OS X has completed installing, it will reboot and bring you to the welcome login. You answer a few questions about your preferences, if you have an Apple ID, how you connect to the Internet and so on. After it's finished, it will finish booting to the desktop.
  2) At this point, you want to disconnect from the Internet immediately. If you have a cable or DSL modem, either unplug it, or turn it off if it has an on/off switch. This will take you Mac offline as far as any outside intruders are concerned.
  3) Open the System Preferences and click the Sharing icon. Click the Firewall tab and then click the button to turn the firewall on. Click the Advanced button on the same dialogue box. On the resulting sheet, turn on "Enable Stealth Mode". Click OK. Close the System Preferences.
  4) Turn your cable or DSL modem back on. Now update the OS and reinstall your software.
  If your ex has hacking software that he uses to access your computer remotely, having the firewall on will make it much harder for him to access your Mac. Even better, also purchase a VPN firewall enabled cable or DSL router. They're pretty cheap. Around $35 for a 5 port model. Rather than attaching the modem directly to your Mac, you plug it in to the WAN port of the router. Then you use a plain Ethernet cable from your Mac to one of the LAN ports on the router. Your Mac will see the Internet the same as before. What's different is that with a VPN firewall on the router, it's just about impossible for anyone on the outside to see your Mac, or any other computer connected to the router. All a hacker sees when they try to attack your computer is a fictitious "computer" generated by the VPN hardware.
  I've got all of the computers in my house connected to such a router. We can all use the Internet at the same time with only one actual DSL modem. As proof to how strong a VPN firewall is, when we were just using dial-up to connect, it was imperative to have some sort of firewall software on the kid's Windows box. It would stop at least 3 attacks a week. With the VPN router in place, they don't even need the software on. No one can see their computer through it.

• Possible Key Logger

  Hey guys. I have reason to believe there is a key logger on my computer. I play the game, World of Warcraft. Recently my account was broken into. They messed a lot of things up. They also had access to my e-mail.
  I changed all my passwords from computers at my college as soon as I found out. I have yet to type a password on my computer now. I just copy and paste them when I need to check my e-mail, or play the game.
  I am normally pretty safe with my computer I thought. I always have my firewall turned on. At the time, I did not have an anti virus installed however. Many times people suggest people couple key loggers with addons downloaded for the game. I think its very possible thats where it came from. I deleted all the addons for the game I had. I ran Symantec/Norton anti-virus. It didn't come up with anything, but there were quite a few files it "didnt have permission to check." Most of these seemed like normal mac files, but I am a little frightened by it. I got the noscript addon for firefox to hopefully maybe prevent it i nthe future
  I guess my question is- how can I be sure there is a key logger. What is a good way to get rid of it. Does doing an archive and install work, or should I just reformat.
  Any help is greatly appreciated. Thanks

  Do you typically run your computer as an administrator? That's really not good when "sharing" your computer with the world. Apple recommends not casually using the computer administrator account unless actually administrating. Playing games is not an administrative task, AFAIK.
  Scan your computer from MacScan website.
  Install LittleSnitch. This will alert you of a keylogger, but if there is one, it's too late. If you have a keylogger installed, presume the worst. All personal data are compromised.
  Never play games online that let others use or access your computer unless you are prepared for an intrusion.
  Your best bet is to use your TM backup and restore your system to a time prior to this event.
  And if you have been the victim of an attack, protect your identity with one of hte available services.

• How can I tell if I have key logger on my Mac

  I am not computer savy but I have reason to believe that someone has loaded a key logger program on my computer.  Can someone walk me, very patiently, through the steps to find out?

  Hi, this is very difficult to find out, but some old info to get you started.
  See these for a list of some key loggers...
  http://forums.macosxhints.com/archive/index.php/t-41204.html
  http://www.keylogger-mac.com/mac-keylogger-perfect-keylogger-for-mac-os-x.html
  http://uglypufferfish.com/2008/10/31/mac-keyloggers/

• Perfect Key Logger on Macbook pro?

  Hi,
  I have reason to believe my boyfriend has downloaded a key logger onto my computer.  I started  noticing weird programs being downloaded that had to do with unarchiving files and unencrypting text and I looked into it and found an icon that said "PKL.app".  So I googled it and perfect key logger came up.  I tried to download it myself and when I did, it would download and never open.  I know they are supposed to open the first time but then otherwise run in the background and only open with hot keys.  I have tried a couple of variations with no luck.  When I click the PKL.app icon (I saved it to my desktop after I found it) and press "open" nothing happens.  If I press "get info" it says the date it was downloaded, last time it was opened ect.  Also, within the "get info" area on the app icon there is a option to click that says "hide extensions" which is clicked and I am unable to unclick it.  He has open access to my computer and I haven't had any credit card theft or anything like that which leads me to believe it is someone that doesn't have a desire to do anything other than on my personal level.  Can someone take a look at what the terminal showed and give me any insight?  If nothing shows up does anyone know what this PKL app that I can't open is?  Also I tried removing the app and it wouldn't let me.  Here are my terminal results:
  Last login: Thu Feb 12 20:41:34 on ttys000
  (name deleted for privacy)-MacBook-Pro-2:~ (name deleted for privacy)$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
  com.zeobit.kext.Firewall (2.3.4)
  (name deleted for privacy)-MacBook-Pro-2:~ (name deleted for privacy)$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}' 
  com.zeobit.MacKeeper.AntiVirus
  com.microsoft.office.licensing.helper
  com.adobe.fpsaud
  (name deleted for privacy)-MacBook-Pro-2:~ (name deleted for privacy)$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}' 
  com.zeobit.MacKeeper.Helper
  com.spotify.webhelper
  com.google.keystone.user.agent
  com.BT.PKL
  com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae
  (name deleted for privacy)-MacBook-Pro-2:~ (name deleted for privacy)$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null 
  /Library/Components:
  /Library/Extensions:
  hp_io_enabler_compound.kext
  /Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  Adobe AIR.framework
  AudioMixEngine.framework
  NyxAudioAnalysis.framework
  PluginManager.framework
  iTunesLibrary.framework
  /Library/Input Methods:
  /Library/Internet Plug-Ins:
  AdobePDFViewer.plugin
  AdobePDFViewerNPAPI.plugin
  Flash Player.plugin
  JavaAppletPlugin.plugin
  Quartz Composer.webplugin
  QuickTime Plugin.plugin
  SharePointBrowserPlugin.plugin
  SharePointWebKitPlugin.webplugin
  Silverlight.plugin
  flashplayer.xpt
  nsIQTScriptablePlugin.xpt
  /Library/Keyboard Layouts:
  /Library/LaunchAgents:
  /Library/LaunchDaemons:
  com.adobe.fpsaud.plist
  com.apple.remotepairtool.plist
  com.microsoft.office.licensing.helper.plist
  com.zeobit.MacKeeper.AntiVirus.plist
  /Library/PreferencePanes:
  Flash Player.prefPane
  /Library/PrivilegedHelperTools:
  com.microsoft.office.licensing.helper
  /Library/QuickLook:
  iWork.qlgenerator
  /Library/QuickTime:
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component
  /Library/ScriptingAdditions:
  /Library/Spotlight:
  Microsoft Office.mdimporter
  iWork.mdimporter
  /Library/StartupItems:
  /etc/mach_init.d:
  /etc/mach_init_per_login_session.d:
  /etc/mach_init_per_user.d:
  Library/Address Book Plug-Ins:
  SkypeABDialer.bundle
  SkypeABSMS.bundle
  Library/Fonts:
  Library/Input Methods:
  .localized
  Library/Internet Plug-Ins:
  Library/Keyboard Layouts:
  Library/LaunchAgents:
  com.BT.PKL.plist
  com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
  com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.45B48A27-9871-4335-99D8-FA1 FA534FCE0.plist
  com.apple.CSConfigDotMacCert-(email deleted for privacy)SharedServices.Agent.plist
  com.google.keystone.agent.plist
  com.spotify.webhelper.plist
  com.zeobit.MacKeeper.Helper.plist
  Library/PreferencePanes:
  (name deleted for privacy)-MacBook-Pro-2:~(name deleted for privacy)$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null 
  iTunesHelper, Dropbox, AdobeResourceSynchronizer, Google Drive
  (name deleted for privacy)-MacBook-Pro-2:~ (name deleted for privacy)$

  Yes, a keylogger is installed. What you should do next depends on the circumstances.
  If you're an adult, and the keylogger was installed on your personal computer without your permission, then the computer may be evidence of a crime or a civil wrong. Consider the legal implications before you do anything. Assume that everything you've done with the computer is known to the party who installed the keylogger.
  If you just want to clean up the machine, see below.
  The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.
  If you don't know when the attack happened, or if it was too long ago for a complete rollback to be feasible, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
  When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
  Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
  Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated. Don't reinstall "MacKeeper," which is a scam.
  Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.
  That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this  after the system has been secured, not before.

• Key Logger Providing To Overseas Hacker?

  Hi,
  I have reason to believe a key logger may be installed on my MAC OS (v 10.6.8) that is providing my key strokes to someone overseas.
  This someone had physical and administrator password access to my MAC last year.
  1. How do I check if a foreign IP address has "connected" to my PC in the last "while"?
  2. How can I definitively detect key logger software?
  3. Has any key logging software been known to survive a MAC OS (v10.6.8) re-installation + Time Machine recovery?
  Cheers!

  I play an online game called Hardwood hearts/spades etc. basically under the company "Hardwood." There is a certain player that started stalking me on it a few days ago. When i created new accounts they new exactly who I was and Hardwood trys to kick them out but they have hundreds of accounts so they can never find him. Today when i went into my hardwood games the lobby was completely empty (usually has hundreds of people in it) and he was the only one that was coming up. Some of the things he was saying was pretty malicious and he said that he has three laptops he works from, i mean just really weird stuff. When I contacted Hardwood they said that he could have possible hacked into your computer some how and to change all my usernames unless i had a key logger and to remove that before i changed them. I really don't know what the heck is going on but i do know the person lives about 40 minutes away from me. lol.

• Has anyone else had MS anti key logger mess up isqlplus?

  Has anyone else had MS anti key logger mess up isqlplus?
  If you have, do you have any idea how to undo it?
  Wayne

  I'm having the same issue but with HP Photosmart 7525 and HP LaserJet P1102W.  Both worked fine until earlier this week when I "shut down and updated" my computer.  I keep deleting the printers from my computer and reinstalling them;
  they work temporarily then tell me they are "offline" when, clearly, they are not.