IS my Imac hacked?

Similar Messages

• Overheating iMacs (Hacked Solution)

  After 1 year and 4 months my hard drive failed. My Apple service center was full of iMacs for repair, especially the 24 inch model. The problem, I was told, was overheating. I have a new drive installed and have been investigating what solution there is available for this design problem. I buy macs because I want a computer that just works; not a science project like PCs. However, this one has turned into a bit of science project.
  The IMac has 3 internal fans, ODD 700rpm, HDD 1200rpm and CPU 1200rpm. The specs on the hard drive are operating temp. up 60 degs. centigrade. The fans can operate faster than their default speeds but, in practice, they never increase in speed from the default. The nature of the enclosure means that temps build up over time, mainly from the heat generated by the screen. I have had my hard drive up to 60 degs. c and there is no increase in fan speed.
  Unfortunately there is no solution to this problem from Apple; a firmware upgrade would be nice.
  THE SOLUTION
  This is a bit of a hack, but the best option I could find. First download software called temperature monitor
  http://www.versiontracker.com/dyn/moreinfo/macosx/19994
  Then download smcFanControl
  http://mac.softpedia.com/get/System-Utilities/smcFanControl.shtml
  Put both of these programs to run on start-up. Go to preferences on Temperature Monitor and set an alert to play a sound. I've set mine to alert me when the hard drive reaches 57 degs. When the alarm goes off I go to smcFanControl and increase the speeds on all 3 fans. By experimentation I think speeds of 900 ODD, 2000 HDD and 1500 CPU are ok. This usually brings the hard drive temp. back down to 50-52 degs. It also cools the power supply which gets up to 82 degs. back down to 65-70 degs. (82 degs. is not a temp. to reliably run a power supply ).
  I know this is a bit of hack, and hopefully Apple will take note and issue a firmware upgrade in due course.

  +. I think the simplest solution is to not use too many processor hungry apps at one time???+
  Actually I think the main causes are the combination of the time the screen is on and the room temperature. At a room temp. below about 24 degs. all is fine, but obviously in Madrid we get a bit of sun and a rise in room temp. of a few degrees sets the alarm bells ringing. Put the iMac in Sleep mode and all the internal temps come down. The 20" model may be less susceptible to this design flaw.
  I'm wondering if the big box pc type solution is best. I'd like to get a mac Pro but it is too expensive for me. Is it possible to run Mac osx on a pc box?
  It's a real shame that Apple can't step up to the plate and find a solution. The cool designs are all well and good but if the after sales support is crap it may be better to switch to a more responsive company.

• Imac hacked? Is there a fix?

  Do I need software to prevent malware on my Imac?

  Welcome to the Apple Support Communities
  We don't recommend any antivirus because OS X has got its own security systems. See > http://www.reedcorner.net/mmg
  Why do you think that your Macintosh was hacked?

• Imac hacked

  I was recently the victim of an attempted credit card fraud. I believe it was perpetrated by someone connected to a Asian run hotel I stayed at where I was asked to state my e-mail address at registration. I was clearing cookies from my imac today and was shocked to find cookies to a site "asianbookies.com". No-one who has access to my imac visited this site. Have I been hacked? How is this possible and how can I prevent this happening again?

  I was recently the victim of an attempted credit card
  fraud. I believe it was perpetrated by someone
  connected to a Asian run hotel I stayed at where I
  was asked to state my e-mail address at registration.
  You do know that the vast majority of credit card frauds are perpetuated using information obtained when the user uses the actual, physical, card? You can't get credit card info based on an email address.
  I was clearing cookies from my imac today and was
  shocked to find cookies to a site
  "asianbookies.com".
  What was in the cookie? What date did it have as having been created, when did it expire? A cookie is, no matter what some may say, NOT an attack system.
  No-one who has access to my
  imac visited this site.
  Depending on your browser and how cookies are set up on it, either someone visited the site and can't remember it, or someone visited a site on which that site has an ad, and got the cookie there.
  Have I been hacked?
  Extremely unlikely.
  How is
  this possible and how can I prevent this happening
  again?
  Set up cookies in your browser. In Safari, go to Preferences/Security and select the level of cookie acceptance you like.
  If you have .Mac you can have up to 7 email aliases. If you set those up, you can use them for online business and not reveal your actual account. Any cookies set up using those aliases are useless because, well, those accounts are not real.
  You could also use one of the free webmail systems (Gmail, Yahoo, Hotmail) and hand out those addresses to people you don't trust.

• IMac strange uploading slowing down the Internet

  Hello Everyone, I have been with Telus Internet and found the speed is very slow,and through activity monitor found something uploading constantly
  In my iMac. The technician suggests turnoff time machine but didnot work. I am not using any uploading application, does anyone know what is happening here?
  Is my iMac hacked?
  Thanks for any information!

  Hello,
  Little Snitch, stops/alerts outgoing stuff...
  http://www.obdev.at/products/littlesnitch/index.html

• IMac either or has been remotely accessed, has malicious code, is hacked and/or all of the aforementioned or something that I have not yet researched. With my health issues, my Mac keeps me from thinking about the pain and disability I have. Thank you.

  Hello,
  I'm giving it one more chance and then Mac goes into trash. My iMac is either remotely accessed, perhaps malicious code, hacked and/or all of the aforementioned. I am not savvy in these areas. Please read some of the many symptoms and if you can assist me -- I am beyond grateful.  If you want to say it is my fault because I allowed somebody to use my computer or other nonsense please do not waste my time or yours. This is serious and has been going on for a period of time that is longer then I can remember!
  I have a neighbor, lives in my apartment building, 'had' physical access to my iMac.  Shortly after this I started to have problems that beyond any nightmare I have ever heard of - whether it be Windows or Apple!  Please feel free to ask me any question(s) that might help me rid my iMac of this malicious act as the police have been useless -- say they do not have equipment to check my Mac. FBI can't b bothered.
  It is more then clear that a person(s) has access and has messed up the OS, among other terrible things.  He took over my Facebook account months ago, posted as though he was me. He also prevented me from getting back into FB and Yahoo to close those connected accounts.  Went to an Apple store, under protection of their router and removed FB/Yahoo accounts.  The pages that were showing at home turned out to be fake pages controlled by him. (Think they are called "defaced").
  Anytime I did a 7X or zero out clean install -- he was there before I even hooked up the router!!!
  It came to a point that I can no longer even get to the erase/Utility/install from my apartment so I took it to Apple more then once. Besides erase/install, I turned off ALL Sys Preferences that could alert him to Mac. The last time I received a gray Install CD and was told to take it out of the building and do another erase/install.  There is no sense of going through this until I know if/how to get rid of him.
  Also when I first sign on I ALWAYS get a 192.168.100.11.  I do NOT have a router. I then go to System Preferences to Network and click "renew DHCP" several times before I get an IP addy!  I am not savvy in this area but do feel that this is a major clue.
  Passwords have been changed, master password is not something I can access which prevents me updating, etc., etc.
  I will not bombard you with every detail as that would take several pages. I am beyond desperate. Will be happy to provide further details to serious responders only.
  Thank you.
  'REQUIRE ASSISTANCE'
  Heartfelt sympathy to the many family members, friends, people who loved Steve Jobs even though they never met him -- RIP Steve. You are missed.

  If you really believe that your system has been compromised, here's what you do:
  Disconnect your Mac from your cable modem;
  Back up any documents on your system that are important to you;
  Boot your Mac from the system installation disks that came with it (insert the disk, restart your Mac, and hold down the "c" key until you get the "spinning gear" icon);
  Choose a language and click the arrow button to continue;
  From the Utilities menu, choose Disk Utility;
  In Disk Utility, select your computer's hard drive;
  Click the "Erase" tab;
  Click the "Security Options" button and select to have it overwrite all the data on the hard drive;
  Click the "Erase" button and allow it to process;
  Once the "erase process has completed (it will take a while), reinstall Mac OS X.
  Or, if this is too much for you to accomplish on your own, take your system to an Apple Store and have them help you perform these steps. If your system was indeed compromised, this will remove any such hack. You can then set up a new user account for the computer, reinstall your applications (reinstall only from original disks or downloads from the company making the software) and documents, and reconnect to the Internet.
  Note that when you reconnect to the cable modem, you may still get an IP address starting with 198. This is normal with some cable modems and probably not a cause for concern. It will not be an indication that your system is still compromised; that will not be possible if you perform all the above steps.
  Regards.

• Security flaw update - how do you know if your iPad and iMac are compromised/hacked?

  Can anyone explain how one might know if their iPad or iMac running Mountain Lion has been Hacked.
  I always use my wifi at home which is locked.
  On my iPad,
  messages popped up two days ago that the password for my apple    me.com account was wrong. When I tried to rectify that, I ended up with Apple freezing the account.  I checked the software and it says it is up to date.
  On my iMac
  On Friday and Saturday, messages intermittently popped up about certificates for one of my email accounts on their outbound server (GoDaddy but not Time Warner). On Saturday, I installed the latest update, but I am still getting the certificate message for the GoDaddy email,
  Does this mean I was already hacked?
  Is there anything else I should do? 
  Thank you.

  Sounds like your Apple ID may have been hacked. If it gets hacked, it's entirely possible for the hacker to take control away from you entirely, by changing the password, recovery e-mail and security questions, or even enabling two-factor authentication. If they have done the latter, you'll never see your Apple ID again, as Apple absolutely will not assist in recovering an account that has had two-factor authentication enabled.
  Since you're unable to log in at this point, you'll need to contact Apple. However, keep in mind that they may not be able to help you. There's very little proof that you own an Apple ID other than the information that the hacker could have changed by now. Still, Apple is the only one who can help with this.
  Regarding the GoDaddy e-mail certificate, that's harder to say anything about. You'll probably want to contact GoDaddy support about that one. It's likely to be an issue on their end - perhaps an expired certificate, or a certificate that was compromised and has now been revoked, or a simple configuration issue.
  None of this is likely to be related to malware.

• My email is hacked, how can I do a scan on my imac?

  my email is hacked, how can I do a scan on my imac?

  My email was hacked once, but it had nothing to do with my iMac. I changed my password on my email server (I was with a cable internet provider, changed the password there) and had no more problems.

• My hotmail email has been hacked into. I've changed my password and hope this fixes the problem. Does this mean my imac software is infected. If so what should I do? Everything appears to be working ok.

  My hotmail email account has been hacked into. I've changed my email password and hope this fixes the problem.  Will my iMac system software now be infected and if so what should I do about it?  Everything appears to be working ok.   Is there a free to use software package available on the web, totally secure and reliable, which can scan my iMac for viruses and fix them if any are found.

  Unless you have installed anything, you are fine.
  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
  https://discussions.apple.com/docs/DOC-2435
  Bear in mind that from April to December 2011 there were only 58 attempted security threats to the Mac - a mere fraction compared to Windows malware:
  http://www.f-secure.com/weblog/archives/00002300.html
  (I have ClamXav set to scan incoming emails, but nothing else.)

• Has my imac been hacked?  appearance of univinted "guest" user?

  I turned off my new imac overnight.  This AM when I turned it on and started to log in there was a "new" guest user on my login screen.
  This seems pretty alarming as if somehow someone has gotten an account on my iMac that I have not authorized.
  Yesterday I activated my icloud account and tested it out some.  Could ths have something to do with this mysterious guest?
  I live in an isolated, rural area so I am doubting that someone is hacking in to my time capsule wireless system but I do have an always on satellite connection.
  Has my computer been backed?
  what should I do now?

  No, you haven't been hacked.
  This should explain:
  http://reviews.cnet.com/8301-13727_7-20119806-263/os-x-10.7.2-with-icloud-showin g-guest-user-account-at-log-in/

• Has My iMac been Hacked?

  I have a 2009 iMac running Maverick, 10.9.5. 
  My computer started behaving strangely about a week ago.  Don't remember exactly what happened but ran Disk Utilities and 'Repaired Permissions' Right after this happened, I got a notice that the Apple Desktop Remote Control software had been updated. I understand that this software may be built into the OS. I was unaware of it. I am a little concerned and wonder what software would be safe to use to ck my computer for hackers, malware, viruses, etc. I don't have any special protection on this computer. Should I?  If so, what would people advise?

  Your Mac has not been hacked, so you should stop thinking like a PC user. The only way for it to be hacked is if you specifically authorize the installation of some software or had visited a specially crafted URL designed to exploit a security vulnerability, but there are currently no such vulnerabilities.
  Something happened between the time you accessed that site and now, but hacking isn't one of those things. Just change your home page back to what you want it to be and move on with your life.

• I may have been hacked. How do I reinstall operating system of my imac 4

  I may have been hacked. How do I reinstall operating system of my imac version 10.7.5

  Install or Reinstall Lion/Mountain Lion from Scratch
  Be sure you backup your files to an external drive or second internal drive because the following procedure will remove everything from the hard drive.
  Boot to the Recovery HD:
  Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
  Erase the hard drive:
    1. Select Disk Utility from the main menu and click on the Continue button.
    2. After DU loads select your startup volume (usually Macintosh HD) from the
        left side list. Click on the Erase tab in the DU main window.
    3. Set the format type to Mac OS Extended (Journaled.) Optionally, click on
          the Security button and set the Zero Data option to one-pass. Click on
        the Erase button and wait until the process has completed.
    4. Quit DU and return to the main menu.
  Reinstall Lion/Mountain Lion: Select Reinstall Lion/Mountain Lion and click on the Install button.
  Note: You will need an active Internet connection. I suggest using Ethernet if possible
              because it is three times faster than wireless.

• PLEASE HELP! How can I tell if my Imac has been hacked?

  PLEASE HELP! How can I tell if my Imac has been hacked? I see a few people have asked this question but the responses tended to be advice on what to do once you've been hacked, not what can done to find out if you have been hacked. I have a late 2012 model imac. My sharing was off and remote logging was off. I use an external router that send wireless to about 4 consoles in the flat. I don't think I have any firewalls up (now looking like a mistake). I think I'm possibly being hacked  due to abnormal behaviour and most recently my camera was turned off all day (no LED) then I went to record something on Photo Booth, the application popped up displaying an image of me getting dressed (nightmare!) which happened hours earlier when the camera was off. This image quickly then disappeared and the camera began working normally. Very strange and alarming. Please help me. Any advice would be very much appreciated. Thanks.

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the behest of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.
  Here's a summary of what you need to do, if you choose to proceed:
  Copy a line of text in this window to the Clipboard.
  Paste into the window of another application.
  Wait for the test to run. It usually takes a few minutes.
  Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports 'com.autodesk.AutoCad com.evenflow.dropbox com.google.GoogleDrive' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */  /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1000) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/d;/(etc|Preferences)\//s/^\.\/[^/]+//p;' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| ","||kMDItem'${p[35]}'=");sub("^.."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[9]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]" "$1;b=b$1;} END { if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n  "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n  [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n  ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' ' /^ +B/{ s/.+= |(-[0-9]+)?\.s.+//g;p;} ' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' 's/0/Off/p' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil PlistBuddy whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[35]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' -i4TCP:0-1023 com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A1 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 14 3 49 5;D12 26 48 59 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  7. Launch the built-in Terminal application in any of the following ways:
  Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  8. If you see an error message in the Terminal window such as "syntax error," enter
  exec bash
  and press return. Then paste the script again.
  9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.
  11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start Time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.
  Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• I think my iMac has been hacked

  Hi, I've noticed my iMac has been running slow lately and yesterday, when I checked the devices sharing my home network from my MB Air, there was a PC connected using the same name as my iMac. Does that mean someone's hacked me? How can I sort this out?

  MacbookAir OS X version 10.8.4
  Hi guys
  I have been hacked
  since i move from snow leopard to mountain lion,i noticed that i have this unknown user in sharing screen.
  couples peoples says that i have nothing to worry but i thought someone was having access to my computer so
  i did delete this unknown user in sharing and screen but today when i go to preferences then user and groups i couldnt get there(administrator name and password were changed) and try to open  sharing and screen too but the name and password was changed to and the setting as well to all user i have no accesss to changed as i don't have the password.
  I am so upset since i changed to bloody mountain lion , i have only trouble on trouble.
  so if anyone have any clue of what can i do to have the control of my computer,please help and bear in mind that im not an expert.
  Thanks for your help

• The startup sound on the desk top imac has stopped is this a sign of hacking?

  The startup sound on my imac has stopped is this a sign of startup hacking?

  The startup chime means the Power-On Self Test (POST) has been passed successfully, and that no hardware failure or issue has been detected. There are ways to prevent it from sounding, one of them being to put your sound output to mute. You can also use a Terminal command to keep it off, but it'll reset to normal next time your restart your Mac.
  There's a neat little prefpane that keeps it off between restarts. It's called (brace yourselves) StartupSound. Available for free here.
  Could it be that you just muted your Mac?