Keyloggers

Similar Messages

• What should I use to scan for Trojans or Keyloggers?

  I've heard conflicting conversations about not using anti-virus or that OS X has built in protection, but I wanted to know what the best way to check for Trojans or Keyloggers is so I can give my computer a looking-over before backing it up.
  I'm using OS X 10.6.8

  Conversations?  There have been a few of those.
  I'm not aware of a tool that's particularly reliable about detecting malware, nor one that might (for instance) catch hardware keyloggers.
  The usual questions around your situation apply; I don't know how you use the system, nor what exposures or risks you might have or might face.  For instance, how sensitive is your information, who has had access, and what are the circumstances associated with the access, and what's been loaded onto the system? 
  If you're incautious or blasé about your computing practices and fond of downloading from torrents or acquiring cracked software or downloads from sketchy sites, then the anti-malwaretools generally won't save you.
  In general: just back it up, back it up regularly, and keep various copies of the backups offline or remote, or both.  Backups and caution are among the best available anti-malware tools.
  If you're fond of installing random stuff and particularly of entering your administrative password when prompted — that password is the proverbial keys to the security kingdom, to your address book, etc — or if your login passwords have been compromised (or have kids around that install all sorts of Free Stuff! and Free Games!), then change all your passwords, and install Little Snitch or equivalent, or implement and use network perimeter monitoring.  These monitoring tools catch (unexpected) outbound network connections, such as that Facebook watering hole attack.
  Better still: upgrade to 10.7 or 10.8 as your hardware permits, as 10.6 is rather old and lacking some of the newer capabilities here, such as Gatekeeper.  Disable the Java web start plug-in to disable Java (and don't install Java after you upgrade to 10.7 or 10.8), and remove Adobe Flash Player, and disable the "open safe attachments" setting.  And if you're (necessarily, or otherwise) paranoid, install Little Snitch or network perimeter monitoring.
  If you feel obligated to use a malware scanner (the hit rates on the malware-scanning tools are far from great, and the implementations of most aren't that much different from the malware itself in terms of how the scanning software can insinuate itself into the system and can sometimes then trigger issues with stability and operations), then ClamAV is the usual recommendation around the forums.  OS X Server includes that, and there are various discussions around getting ClamAV going on OS X client.
  Once your operating system software has been compromised, the usual path is a wipe and reinstall, or a wipe and install of a backup prior to the breach, followed by steps to prevent a reoccurance.  Decontamination of a system is difficult, at best.  If your hardware has been compromised, you're in deep sneakers. 
  If you want to be or need to be paranoid due to the information involved or folks that have had unfettered access to your system hardware, then check for dongles or other unexpected external devices, and start replacing your equipment. The "better grade" keyloggers can be stored in USB devices, and can be mounted within your hardware.  The better-grade gear can be difficult to locate, short of disassembly.  Also check your local network, as it's feasible to monitor traffic there, whether within a modem, or within a device added to your network.
  Again, how paranoid you wanr or need be here depends highly on what you've been up to, and who might be after you, and a whole host of other details...

• Keyloggers/Virus?

  Hi there,
  I have a few questions.  My windows PC is connected to my router.  However, my PC has viruses/keyloggers on it.  If I let my Mac on my network, will the Mac get a virus/keylogger?  Is it possible?
  Also, is Sophos a good anti-virus software and do you recommend getting it?

  Yes, the PC has the password access to the router and can perform a DNS change, directing your Mac to a fake site to install software with your help.
  Take the PC offline, reset your router and update it's firmware using the Mac,
  Don't let the PC have the admin password to the router EVER, not your Mac either in a permanent fashion (as a keychain)
  Give all devices ONLY guest access to the router, this way they can't make changes through malware or malicious person.
  Setting up a wifi router
  there is really only one secure way left to make sure your not hacked. WEP and WPA are both cracked. A too small of a password is easily brute forced by new graphics based cracking software and worldwide botnets.
  1: Update your router firmware. For Airport it's easy, just use Software Update and/or update in Airport Utility.
  2: WPA2 (AES) Personal easier (or Enterprise)
  3: 2 - Random 20+ letter, number, character, symbol, case passwords. One for the Admin use of the router only, kept off the machine and locked in a safe, the other for Internet Access only used on all devices.  A password this strong will take until the next Big Bang to crack, perhaps a quarter of that as technology improves. Certainly not in your lifetime.
  4: MAC address filtering and invisible networks are no match for hackers. Don't bother.
  5: Rotate the Internet Access password to keep people you don't want back on, from coming back. Once they have the password it's logged permanently into their machines. They could delete it, but most don't know they can or won't.
  Use the Mac to clean up and reset the router properly, then allow both only Guest access to the router for Internet access only.
  Clean up the PC or take it to someone who can or just recover files and trash it.

• Does anybody have any experience with keyloggers and a good program to detect one on your mac? I think I may have one.

  So yesterday I found out that my email address password had been changed. I don't remember doing this, but it is possible I changed it a while back and considering I keep my email constantly logged in. But at the same time, two of my apps were trying to access their "store". I play a game called League of Legends, which has an online store, and it randomly came up with the message "Could not connect to Maestro" (credit card). Then, Itunes (which I rarely use) came up with "sorry, we could not continue with your purchase". I think it's very strange that all of this happened at the same time, but hopefully it's a case of a forgotten password and two games bugging/crashing. I scanned my entire computer with iantivirus and it hasn't found anything, but I've heard keyloggers can be a bit hard to detect. Does anybody have any experience with keyloggers and if so, what program did you use to detect and destroy it?

  If you think that a keylogger has been installed the only safe thing you can do is erase your drive and reinstall.
  I don't think that is the case however.

• Delete/prevent keyloggers:  I need to block highly IT sophisticated person(s) highly motivated to know my movements, plans, communication from accessing my communications.  Can I avoid reinstalling the OS?  That would not block future intrusions.

  I have exchanged email with this person, so my IPS is known?  There is no visible device attached to my laptop.  A keylogger could be installed electronically? 
  I have not given my password or key to my home, but there might have been entry/direct access to my laptop (any place can be entered if there is sufficient skill and motivation).  I cannot lock up my laptop every time I leave home, but I always log out before leaving. 
  It seems that something like Zemantec would be ideal, but apparently it is only available for Windows.  Is there something suitable for Mac?  There are keylogger apps specifically for Mac, so what are the anti keylogger apps?  I have spent hours searching this matter, but reviews conflict, and product information is not entirely clear.
  What would be the advantage of installing OS X.8?  I don't understand Apple's explanation of the advantages of Gatekeeper.  I would reinstall the OS or upgrade the OS at this time only if there were considerable protection from keyloggers. 
  I am sending this from a different computer that I have access to only twice per week, so I do not want to discuss what makes me think that someone has installed a keylogger . . . . and I am not looking for reassurances that I should not worry about it.  I am looking for factual information, so I can make a decision based on what is possible/feasible, including the possibility that there is nothing I can do about it, or that I should not send some kinds of information from my laptop (extremely inconvenient!). 
  I hope an IT sophisticate who is patient with an IT illiterate can help.

  There are essentially three ways that a malicious hacker can "get into" your system (whether we're talking about keyloggers, malware, whatever)
  - physical access
  - persuading you to install software which gives them access (this could be disguised as something else)
  - obtaining remote access by "hacking in through the internet"
  Unless you have a file-sharing tunnel set up through your router, and your computer's file sharing is turned on, and you have no password (all these things seem unlikely based on your email), the third option is so unlikely that you can effectively ignore it. Having said that, if you have not checked those things recently, you should do so.  Post back if you want help figuring out how to do that.
  The latest versions of OS X are always recommended for people who are concerned with security. Not only because of the major features like Gatekeeper (prevents non-signed code from running, which effectively stops you accidentally running a malicious script) and XProtect (built in malware-checking), but because of the other security patches to the operating system and compatibility with third-party components like Java and Flash, which actually tend to have more known vulnerabilities.
  Wiping the hard drive and reinstalling OS X, preferably updating to the latest version, turning on FileVault (the current version requires OS X 10.7 or later), seetting a strong login password, and setting a firmware password, would go a long way to setting a good level of security on your machine. Write down the passwords and hide them somewhere that you'll remember, or keep them on your person if you feel secure doing that.
  Having said all that, if you don't trust the physical security of your house, then all this is largely academic.
  Matt

• Safe keyboard - protection against keyloggers when typing in username and password.

  In addition to the banking protection that pop ups every time browsing to a banking site, there could be a protection against keyloggers (e.g safe keyboard) that pop ups every time doing online shopping and banking. A safe keyboard could protect from malware that trys to spy out user names and passwords. Regards.  

  Hello, Sorry also for reply. But do you know any good software with protection against keyloggers?? And here I also mean something like: -> Good software - trusted software. -> Good protection - without a lot of false-positives or prevented valid actions (such as - it's not hard.. "block all" and user should to think... allow it or not).... but also with protection against "valid" keyloggers too (such as valid remote administrator tools, business keyloggers and other... which can be "valid" for any security-software and be ignored). also... like example.. software... which able to detect Microsoft Windows 10 Technology Preview default "keylogger".  With other meanings... potentially F-Secure should to detect any malicious  "keyloggers" (which able to collect and transfer it) as Trojan-files. Or any other malicious, suspicious.... spyware, riskware or other. Related with sample. It's mean - if here keylogger - F-Secure should to prevent/detect it before... And if here to add something specific against keyloggers. It's should be totally cool and powerful. And not just as "something about protection against keyloggers". Which already long time in use as default part of protection. Sorry for reply again. I just mean... that some of other Security Companies... have security feature as "protection against keyloggers" - but it's not always work best (such as protection... and such as worry-free for user)... or just part of "default steps", which F-Secure already have. With target attacks.. potentially on current time without good examples as one security suite (which will be not always too much angry).

• Programs to catch for keyloggers and other non-OS specific malware

  Just curious:
  Despite Mac's strength against malicious software, there are some things that are not affected by hardware, such as keyloggers and the like.
  What type of software is there that can protect against this or detect it for Macs?
  Thanks

  kp606,
  The Mac's strength against malicious software has nothing to do with Apple's hardware, but rather OS X. Keep in mind that Apple's current hardware is now exactly the same as any other manufacturer's.
  There are keyloggers that will run in OS X, but the only way to have them running on your machine is to install them yourself. In order to install any of these applcations and have them run in a manner that would put other accounts on your machine at risk, one would have to install them as an admin user, and this would necessitate authenticating as such.
  In other words, you are your own best protection against malicious software. Just don't install it.
  There are many people researching potential vulnerabilities in OS X which would allow a non-admin user to install and run malicious software, either locally or over a network (or the internet). As soon as potential vulnerabilities are found, they are reported, and Apple soon after releases an update to "plug the hole." Note that there are no known cases of these vulnerabilities ever being exploited.
  Scott

• Security. Keyloggers, Monitoring Software, iSight

  I'm pretty sure that my roommates installed something on my computer. I have heard full conversations about things that I have done online, someone has been reading my email for a while now, and It seems that they can see my desktop, also I have been doing thing in my computer to make sure they have done it. I'm 100% sure that there is something installed that makes them see my screen, and I'm scared that they also have control of the iSight of my MacBook Pro. I just wanna uninstall the software and avoid having to restore the computer. I'm no longer living with them cause of this and some other problems. It seems that they can only see things while we were in the same network.
  Thanks,
  PID TTY TIME CMD
  1 ?? 0:03.53 /sbin/launchd
  10 ?? 0:00.80 /usr/libexec/kextd
  11 ?? 0:01.89 /usr/sbin/notifyd
  12 ?? 0:05.91 /usr/sbin/syslogd
  14 ?? 0:01.12 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g
  15 ?? 0:00.22 /usr/sbin/cupsd -l
  16 ?? 0:00.03 /usr/sbin/cron
  17 ?? 0:12.44 /usr/sbin/update
  18 ?? 0:00.01 /sbin/SystemStarter
  21 ?? 0:00.53 /usr/sbin/securityd -i
  23 ?? 0:26.44 /System/Library/Frameworks/CoreServices.framework/Fram
  24 ?? 0:00.47 /usr/sbin/mDNSResponder -launchd
  25 ?? 1:37.35 /System/Library/CoreServices/loginwindow.app/Contents/
  26 ?? 0:00.01 /usr/sbin/KernelEventAgent
  28 ?? 0:00.01 /usr/libexec/hidd
  29 ?? 0:03.72 /System/Library/Frameworks/CoreServices.framework/Vers
  31 ?? 0:00.02 /sbin/dynamic_pager -F /private/var/vm/swapfile
  33 ?? 0:00.66 /usr/sbin/diskarbitrationd
  34 ?? 0:07.36 /usr/sbin/DirectoryService
  36 ?? 0:24.46 /usr/sbin/configd
  39 ?? 0:00.03 autofsd
  41 ?? 0:12.86 /usr/libexec/ApplicationFirewall/socketfilterfw
  43 ?? 0:04.73 /usr/sbin/distnoted
  48 ?? 0:01.78 /usr/sbin/blued
  49 ?? 0:04.11 /System/Library/CoreServices/coreservicesd
  53 ?? 8:35.35 /System/Library/Frameworks/ApplicationServices.framewo
  79 ?? 0:00.32 /System/Library/StartupItems/NMPCCardDaemonVMC/NMPCCar
  81 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosA
  82 ?? 0:00.29 /Library/Application Support/Sophos Update Manager/Sop
  85 ?? 0:03.83 /System/Library/StartupItems/NMPPPMonitor/nmpppstatsd
  90 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosA
  94 ?? 1:32.20 /Library/Application Support/Sophos Anti-Virus/InterCh
  108 ?? 0:03.19 /sbin/launchd
  114 ?? 0:12.11 /Applications/Vodafone Mobile Connect/Vodafone Mobile
  116 ?? 0:00.51 /Library/Application Support/Vodafone/NovamediaDiskSup
  117 ?? 0:00.39 /System/Library/CoreServices/AirPort Base Station Agen
  121 ?? 0:03.59 /System/Library/CoreServices/Spotlight.app/Contents/Ma
  122 ?? 0:00.42 /usr/sbin/UserEventAgent -l Aqua
  125 ?? 0:00.00 /usr/sbin/pboard
  126 ?? 0:32.98 /System/Library/CoreServices/Dock.app/Contents/MacOS/D
  127 ?? 0:42.09 /System/Library/Frameworks/ApplicationServices.framewo
  128 ?? 0:00.74 /usr/sbin/coreaudiod
  130 ?? 0:25.91 /System/Library/CoreServices/SystemUIServer.app/Conten
  131 ?? 1:11.04 /System/Library/CoreServices/Finder.app/Contents/MacOS
  141 ?? 0:00.15 /Library/Application Support/Sophos Anti-Virus/SophosU
  144 ?? 0:00.27 /Applications/iTunes.app/Contents/Resources/iTunesHelp
  145 ?? 0:01.82 /Library/Application Support/EyeTV/EyeTV Helper.app/Co
  146 ?? 0:00.97 /Applications/Microsoft AutoUpdate.app/Contents/MacOS/
  151 ?? 0:03.91 /System/Library/PrivateFrameworks/MobileDevice.framewo
  154 ?? 0:00.12 /Users/Alonso/Library/Caches/Cleanup At Startup/CrossO
  156 ?? 0:00.37 /System/Library/Frameworks/InstantMessage.framework/iC
  349 ?? 0:48.66 /System/Library/CoreServices/Dock.app/Contents/Resourc
  350 ?? 1:04.48 /System/Library/CoreServices/Dock.app/Contents/Resourc
  351 ?? 0:00.90 /System/Library/CoreServices/Dock.app/Contents/Resourc
  352 ?? 0:05.17 /System/Library/CoreServices/Dock.app/Contents/Resourc
  398 ?? 0:00.32 /System/Library/Services/AppleSpell.service/Contents/M
  2744 ?? 0:07.57 /System/Library/Frameworks/CoreServices.framework/Fram
  3325 ?? 0:08.56 /System/Library/Frameworks/ApplicationServices.framewo
  3525 ?? 0:00.16 /System/Library/Frameworks/CoreServices.framework/Fram
  3566 ?? 0:00.20 /System/Library/CoreServices/System Events.app/Content
  3569 ?? 0:28.52 /Applications/Safari.app/Contents/MacOS/Safari -psn0
  3574 ?? 0:00.67 /System/Library/Frameworks/PubSub.framework/Versions/A
  3575 ?? 0:00.03 /usr/sbin/ocspd
  3576 ?? 0:00.86 /System/Library/Frameworks/SyncServices.framework/Vers
  3628 ?? 0:07.01 /System/Library/CoreServices/Software Update.app/Conte
  3631 ?? 0:00.07 /System/Library/PrivateFrameworks/DiskManagement.frame
  3632 ?? 0:00.07 /System/Library/PrivateFrameworks/Install.framework/Re
  3634 ?? 0:00.06 /System/Library/Frameworks/QuickLook.framework/Resourc
  3647 ?? 0:00.20 /Applications/Utilities/Terminal.app/Contents/MacOS/Te
  3649 ttys000 0:00.23 login -pf Alonso
  3650 ttys000 0:00.01 -bash
  3660 ttys000 0:00.01 ps -A

  PID TTY TIME CMD
  1 ?? 0:04.01 /sbin/launchd
  10 ?? 0:00.81 /usr/libexec/kextd
  11 ?? 0:02.07 /usr/sbin/notifyd
  12 ?? 0:06.68 /usr/sbin/syslogd
  14 ?? 0:01.29 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
  15 ?? 0:00.23 /usr/sbin/cupsd -l
  16 ?? 0:00.04 /usr/sbin/cron
  17 ?? 0:14.63 /usr/sbin/update
  18 ?? 0:00.01 /sbin/SystemStarter
  21 ?? 0:00.57 /usr/sbin/securityd -i
  23 ?? 0:29.66 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Support/mds
  24 ?? 0:00.48 /usr/sbin/mDNSResponder -launchd
  25 ?? 1:39.29 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
  26 ?? 0:00.01 /usr/sbin/KernelEventAgent
  28 ?? 0:00.01 /usr/libexec/hidd
  29 ?? 0:04.27 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/Support
  31 ?? 0:00.02 /sbin/dynamic_pager -F /private/var/vm/swapfile
  33 ?? 0:00.70 /usr/sbin/diskarbitrationd
  34 ?? 0:08.00 /usr/sbin/DirectoryService
  36 ?? 0:26.91 /usr/sbin/configd
  39 ?? 0:00.03 autofsd
  41 ?? 0:14.22 /usr/libexec/ApplicationFirewall/socketfilterfw
  43 ?? 0:05.21 /usr/sbin/distnoted
  48 ?? 0:01.78 /usr/sbin/blued
  49 ?? 0:04.48 /System/Library/CoreServices/coreservicesd
  53 ?? 9:22.88 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphic s.framework/Resources/WindowServ
  79 ?? 0:00.32 /System/Library/StartupItems/NMPCCardDaemonVMC/NMPCCardDemonVMC
  81 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosAntiVirus.app/Contents/MacOS/SophosAntiVirus
  82 ?? 0:00.32 /Library/Application Support/Sophos Update Manager/SophosUpdateManager.app/Contents/MacOS/SophosUpdateManager
  85 ?? 0:04.43 /System/Library/StartupItems/NMPPPMonitor/nmpppstatsd
  90 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosAutoUpdate.app/Contents/MacOS/SophosAutoUpdate
  94 ?? 1:35.39 /Library/Application Support/Sophos Anti-Virus/InterCheck.app/Contents/MacOS/InterCheck
  108 ?? 0:03.63 /sbin/launchd
  114 ?? 0:13.92 /Applications/Vodafone Mobile Connect/Vodafone Mobile Connect.app/Contents/Resources/Specific/Mac_SwapperDemon.
  116 ?? 0:00.53 /Library/Application Support/Vodafone/NovamediaDiskSupressor
  117 ?? 0:00.41 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent -launchd
  121 ?? 0:04.39 /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
  122 ?? 0:00.43 /usr/sbin/UserEventAgent -l Aqua
  125 ?? 0:00.00 /usr/sbin/pboard
  126 ?? 0:34.30 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock -psn040970
  127 ?? 0:42.66 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/ATSServer
  128 ?? 0:00.79 /usr/sbin/coreaudiod
  130 ?? 0:27.48 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer -psn049164
  131 ?? 1:12.00 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder -psn053261
  141 ?? 0:00.16 /Library/Application Support/Sophos Anti-Virus/SophosUIServer.app/Contents/MacOS/SophosUIServer -psn065552
  144 ?? 0:00.28 /Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/MacOS/iTu nesHelper -psn069649
  145 ?? 0:02.06 /Library/Application Support/EyeTV/EyeTV Helper.app/Contents/MacOS/EyeTV Helper -psn073746
  146 ?? 0:01.00 /Applications/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemo
  151 ?? 0:03.91 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/u sbmuxd -launchd
  154 ?? 0:00.13 /Users/Alonso/Library/Caches/Cleanup At Startup/CrossOver CD Helper.app/Contents/MacOS/CrossOver CD Helper -psn
  156 ?? 0:00.41 /System/Library/Frameworks/InstantMessage.framework/iChatAgent.app/Contents/Mac OS/iChatAgent -psn098328
  349 ?? 0:52.24 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
  350 ?? 1:07.21 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
  351 ?? 0:00.97 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
  352 ?? 0:05.52 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
  398 ?? 0:00.84 /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell -psn0172074
  2744 ?? 0:08.43 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker MDS
  3325 ?? 0:08.56 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/ATSServer
  3851 ?? 0:52.89 /Applications/Safari.app/Contents/MacOS/Safari -psn0803012
  3991 ?? 0:00.16 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker MDS
  3993 ?? 0:24.01 /System/Library/CoreServices/Software Update.app/Contents/MacOS/Software Update -psn0815303
  3995 ?? 0:00.06 /System/Library/PrivateFrameworks/DiskManagement.framework/Resources/DiskManage mentTool -uuid BF77035C-C895-484
  4018 ?? 0:00.02 /System/Library/CoreServices/SecurityAgent.app/Contents/Resources/authorization host
  4019 ?? 0:00.33 /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent
  4021 ?? 0:00.00 (suapphelper)
  4022 ?? 0:00.17 /System/Library/CoreServices/System Events.app/Contents/MacOS/System Events -psn0823497
  4026 ?? 0:00.44 /System/Library/Frameworks/SyncServices.framework/Versions/Current/Resources/Sy ncServer.app/Contents/MacOS/Sync
  4040 ?? 0:00.35 /System/Library/Frameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.ap p/Contents/MacOS/PubSubAgent
  4089 ?? 0:00.06 /System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Content s/MacOS/quicklookd
  4091 ?? 0:00.79 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn0843982
  4092 ttys000 0:00.06 login -pf Alonso
  4093 ttys000 0:00.01 -bash
  4107 ttys000 0:00.00 ps -A

• Does the OS X firewall protect from wireless keyloggers?

  I'm trying to ensure security while using public wireless networks. Does anyone know if the built-in firewall in OS X prevents access by keylogger software which might be trying to get info from my computer wirelessly?
  Thanks!

  Here's a recently published article that should be right on target:
  http://www.macdevcenter.com/pub/a/mac/2006/06/20/wireless-security.html

• Help Needed for Internet Security Driving Test!

  Hi I came up with a few basic rules for family and friends
  that I put together in order to try to prevent them from
  continually installing spyware, toolbars, keyloggers and viruses on
  their computers (and as a result, to try to prevent them from
  continually calling me and asking for my help and advice when they
  did this and things went wrong).
  To all intents and purposes the rules worked well - for a
  while. I set it up as a simple RTF document and I added this to the
  start up folder of Windows XP, so that it started every time the PC
  started. However, over time some of them simply learned to ignore
  the rules and to close the RTF document as soon as it opened
  without paying any attention to it at all - and then they went
  about their merry business of installing spyware, keyloggers and
  viruses etc. just as they had in the past.
  So OK, I have to admit I found this deeply frustrating - but
  I also realise that this is the same position that many of us geeks
  are in in that on the whole, most average everyday computer users
  don't have a clue about Internet security.
  Now however things have become a lot more serious for me, as
  I have been asked by a local charity to administer a total of 60
  machines over 2 different sites - and I have also been asked if I
  could provide some form of training with regard to basic personal
  Internet security.
  With this in mind I came up with the idea of an interactive
  CDROM, or Flash based Internet security driving test/tutorial that
  basically covers all of the scenarios I touch on in my rules.
  This tutorial would cover basic things like, if you got an
  email from a representative ex President of an African country
  offering you a share in millions of dollars of stolen money, or if
  you got an email from your bank asking you to verify your security
  details and so on, what would you do? Additionally it would cover
  such things as the abundance of viruses that infest many of the
  porn sites on the net, the way that many games on the Internet that
  are listed as being 'free' (particularly those which are in
  executable file format) are often just vehicles for more spyware
  and viruses also - and about the dangers of chat lines, of spoof
  security warnings on web sites and so on.
  I have included my list of rules below which should hopefully
  give you an idea of what I'm trying to do. Be warned though, the
  wording is deliberately harsh and perhaps a little extreme (and as
  a result maybe not entirely 100% accurate) but you must realize
  that I am, or was trying to give myself the easiest time possible
  and the least possible problems. So you may well find things you
  disagree with in it - but overall if someone followed these rules,
  they probably would be less likely to run into problems than
  someone who did not follow them might.
  The thing is however that (as I said) I would like to
  formalise these rules somewhat in the format of some kind of
  interactive tutorial/web security driving test. Unfortunately I
  have no experience with flash - and little knowledge of HTML or
  anything like that. I also know that the language for these rules
  isn't quite right, in that it probably isn't suitable for a formal
  office type environment.
  I had in mind that the tutorial would show some realtime
  examples of some of the things I have been talking about (which I
  assume would only be possible in Flash?) or perhaps rather like a
  readers digest multiple choice type thing, with screenshots
  depicting the various scenarios in question. (Like a screenshot of
  a flash animation on a web page saying 'You have won a prize!!!'
  What would you do? a) click on the ad, b, ignore it, or c) phone
  all of your family and friends informing them of your good fortune
  before doing anything.' etc.
  So I was wondering, are there any good hearted charitable
  souls out there who might be willing to help out to put a tutorial
  like this together?
  Again I remind you that it really is for a charity
  (specifically the Depaul Trust in the UK, which helps young
  vulnerable people find secure accommodation, provides educational
  opportunities and helps them to find employment). The requirement
  would be that all staff and students pass the Internet security
  test before being granted Internet access.
  I know this might be time consuming - but again all I can do
  is appeal to the sense of kindness and helpfulness of this
  community and hope that someone who does have some experience in
  these maters might be willing to help.
  Alternatively could anyone suggest a simple easy to use
  software package that would allow a relative n00b like me to put
  together a tutorial like this on my own? Or perhaps it is possible
  that some free online tutorial like this already exists?
  In any case, any help at all would be appreciated.
  PS,
  Here are the rules I have that I referred to above.
  http://download305.mediafire.com/b6ndmljht1bg/29bbnnbz2uz/internet+rules.rtf

  Dennis, when I look at the subject three clips (EI 1250, EI 640, and EI 320, respectively, and in that order) as presented in the camera, I see exactly what I have expected all along -- three different-brightness images that are progressively brighter from the EI 1250 exposure to the EI 320 exposure.   So, am mystified why when I open these images (clips), say, in RAW Viewer, wherein I have thought that I would see the same progressive brightness differences allowing me to experiment with reducing brightness to deal with noise reduction, all three of the images present completely alike in brightness.

• Is there a keylogger or tracker on my computer?

  Hi, I have reason to belive there might be some sort of spying software/keylogger installed on my computer without my consent. I am 18 and the laptop I'm using was purchased for me by my mother about a year or two ago. She's one of those paranoid mothers who logged all my aim chats and stuff as a child and I'm afraid she is still set in those ways. I think, however, at 18 I deserve my privacy on my computer. Sometimes when I'm talking to her she likes to joke that she should go through my laptop and see what I'm drawing (I do alot of art on my laptop that I don't like to show people cause I'm self-concious about my work.) and when I tell her she couldn't get on if she tried she makes this mocking face like she knows something I don't. This has made me very paranoid as I really don't like the idea of her snooping through my files and stuff. Shes always boasting about how good she is with computers, but I once made up a bunch of computer gibberish non-sense and she tried to look like she knew what I was talking about...So maybe she is just bluffing? I was looking though /Library/LaunchDaemons and found the .plist file relating to the program Undercover which moniters your laptop in case it's stolen, sends screenshots and takes photos with the webcam. I never installed this program. I DID install the program PREY just in case someone ran off with my laptop in Starbucks or something. What I want to know is if there are any other keyloggers or trackers installed on my computer so I can get rid of them. I ran some commands in terminal and these were my results-
  new-host-4:~ KellieCruz$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
  com.metakine.handsoff.driver (2.0.8)
  com.rogueamoeba.InstantOn (6.0.2)
  com.rogueamoeba.InstantOnCore (6.0.2)
  com.manycamllc.driver.ManyCamDriver (0.0.9)
  com.protech.NoSleep (1.3.3)
  com.Cycling74.driver.Soundflower (1.6.2)
  com.cleverandson.driver.XAerial (1.0.0)
  new-host-4:~ KellieCruz$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'
  com.oracle.java.Java-Updater
  com.oracle.java.Helper-Tool
  com.autodesk.backburner_server
  com.autodesk.backburner_manager
  org.tcpdump.chmod_bpf
  org.gpgtools.gpgmail.uuid-patcher
  com.torch.update.agent
  com.orbicule.uclocator
  com.metakine.handsoff.daemon
  com.macpaw.CleanMyMac2.Agent
  com.luthresearch.scservice
  com.disc-soft.DAEMONTools.PrivilegedHelper
  com.daz3d.content_management_service
  com.autodesk.backburner_start
  com.adobe.fpsaud
  new-host-4:~ KellieCruz$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
  com.macpaw.CleanMyMac2Helper.diskSpaceWatcher
  com.macpaw.CleanMyMac2Helper.trashWatcher
  com.macpaw.CleanMyMac2Helper.scheduledScan
  com.tuneupmedia.TuneUpHelper
  org.gpgtools.macgpg2.updater
  org.gpgtools.macgpg2.shutdown-gpg-agent
  org.gpgtools.macgpg2.fix
  org.gpgtools.Libmacgpg.xpc
  org.gpgtools.gpgmail.user-uuid-patcher
  org.gpgtools.gpgmail.enable-bundles
  com.wacom.wacomtablet
  com.wacom.pentablet
  com.protech.NoSleep
  com.metakine.handsoff.agent
  com.spotify.webhelper
  com.google.keystone.user.agent
  com.divx.agent.postinstall
  com.akamai.single-user-client
  com.adobe.AAM.Scheduler-1.0
  new-host-4:~ KellieCruz$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
  /Library/Components:
  /Library/Extensions:
  /Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  Adlm.framework
  Adobe AIR.framework
  AudioMixEngine.framework
  DivX Toolkit.framework
  Libmacgpg.framework
  NyxAudioAnalysis.framework
  PluginManager.framework
  TSLicense.framework
  WacomMultiTouch.framework
  iTunesLibrary.framework
  /Library/Input Methods:
  /Library/Internet Plug-Ins:
  AdobeAAMDetect.plugin
  DirectorShockwave.plugin
  DivXBrowserPlugin.plugin
  Flash Player.plugin
  Flip4Mac WMV Plugin.plugin
  JavaAppletPlugin.plugin
  OVSHelper.plugin
  Quartz Composer.webplugin
  QuickTime Plugin.plugin
  Silverlight.plugin
  Unity Web Player.plugin
  Unused
  WacomNetscape.plugin
  WacomTabletPlugin.plugin
  flashplayer.xpt
  nsIQTScriptablePlugin.xpt
  /Library/Keyboard Layouts:
  /Library/LaunchAgents:
  com.adobe.AAM.Updater-1.0.plist
  com.metakine.handsoff.agent.plist
  com.oracle.java.Java-Updater.plist
  com.protech.NoSleep.plist
  com.wacom.pentablet.plist
  com.wacom.wacomtablet.plist
  org.gpgtools.Libmacgpg.xpc.plist
  org.gpgtools.gpgmail.enable-bundles.plist
  org.gpgtools.gpgmail.patch-uuid-user.plist
  org.gpgtools.macgpg2.fix.plist
  org.gpgtools.macgpg2.shutdown-gpg-agent.plist
  org.gpgtools.macgpg2.updater.plist
  /Library/LaunchDaemons:
  com.adobe.SwitchBoard.plist
  com.adobe.fpsaud.plist
  com.apple.remotepairtool.plist
  com.autodesk.backburner_manager.plist
  com.autodesk.backburner_server.plist
  com.autodesk.backburner_start.plist
  com.daz3d.content_management_service.plist
  com.disc-soft.DAEMONTools.PrivilegedHelper.plist
  com.macpaw.CleanMyMac2.Agent.plist
  com.metakine.handsoff.daemon.plist
  com.oracle.java.Helper-Tool.plist
  com.torch.update.agent.plist
  org.gpgtools.gpgmail.patch-uuid.plist
  /Library/Mail/Bundles:
  GPGMail.mailbundle
  /Library/PreferencePanes:
  Flash Player.prefPane
  Flip4Mac WMV.prefPane
  GPGPreferences.prefPane
  JavaControlPanel.prefPane
  MacFUSE.prefPane
  NoSleep.prefPane
  PenTablet.prefPane
  WacomTablet.prefPane
  /Library/PrivilegedHelperTools:
  com.disc-soft.DAEMONTools.PrivilegedHelper
  com.macpaw.CleanMyMac2.Agent
  /Library/QuickLook:
  iWork.qlgenerator
  /Library/QuickTime:
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component
  DivX Decoder.component
  DivX Encoder.component
  Flip4Mac WMV Advanced.component
  Flip4Mac WMV Export.component
  Flip4Mac WMV Import.component
  ManyCamVDig_RGB.component
  ManyCamVDig_YCbCr.component
  MayaIFF.component
  /Library/ScriptingAdditions:
  Adobe Unit Types.osax
  XtraFinder.osax
  /Library/Services:
  GPGServices.service
  /Library/Spotlight:
  Microsoft Office.mdimporter
  iWork.mdimporter
  /Library/StartupItems:
  Sudochmod
  /etc/mach_init.d:
  /etc/mach_init_per_login_session.d:
  /etc/mach_init_per_user.d:
  com.adobe.SwitchBoard.monitor.plist
  Library/Address Book Plug-Ins:
  SkypeABDialer.bundle
  SkypeABSMS.bundle
  YMsgrCallABPlugin.bundle
  YMsgrMsnABPlugin.bundle
  YMsgrSmsABPlugin.bundle
  YMsgrYimABPlugin.bundle
  Library/Fonts:
  rough_typewriter.otf
  rough_typewriter_X_bold.otf
  rough_typewriter_bold_itl.otf
  rough_typewriter_italic.otf
  Library/Input Methods:
  .localized
  Library/Internet Plug-Ins:
  BlueStacks Install Detector.plugin
  SOEWebInstaller.plugin
  Library/Keyboard Layouts:
  Library/LaunchAgents:
  com.adobe.AAM.Updater-1.0.plist
  com.akamai.single-user-client.plist
  com.divx.agent.postinstall.plist
  com.google.keystone.agent.plist
  com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist
  com.macpaw.CleanMyMac2Helper.scheduledScan.plist
  com.macpaw.CleanMyMac2Helper.trashWatcher.plist
  com.spotify.webhelper.plist
  Library/PreferencePanes:
  AkamaiNetSession.prefPane
  Growl.prefPane
  Perian.prefPane
  teleport.prefPane
  Library/QuickTime:
  AC3MovieImport.component
  Perian.component
  Library/Services:
  ToastIt.service
  new-host-4:~ KellieCruz$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
  iTunesHelper, Speech Startup, XtraFinder, iAntiVirus, BambooCore
  Does any of this look funny to you? Are there any other tests/programs/comands I can run to do a more thorough check? Sorry if this seems like a silly issue but my privacy matters to me. I don't do anything horrible on my computer but I also don't think I should be being watched 24/7 like a child.

  Hi Linc,
  I had the same question as everyone else. Here is my output. Do you know if I have tracking software installed? Thank you so much for your time/help. Your expertise is much appreciated!
  Last login: Thu Feb 19 14:11:14 on console
  sarahcomputer-3:~ Sarah$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' 
  sarahcomputer-3:~ Sarah$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)
  |edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
  WARNING: Improper use of the sudo command could lead to data loss
  or the deletion of important system files. Please double-check your
  typing when using sudo. Type "man sudo" for more information.
  To proceed, enter your password, or type Ctrl-C to abort.
  Password:
  com.vmware.launchd.vmware
  com.google.keystone.daemon
  com.carbonite.daemon
  com.adobe.fpsaud
  cn.com.zte.PPPMonitor.plist
  cn.com.zte.MessageCenter.plist
  sarahcomputer-3:~ Sarah$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
  com.bittorrent.uTorrent.32592
  org.mozilla.firefox.37520
  com.box.sync.88912
  org.videolan.vlc.37696
  com.microsoft.Word.28368
  com.microsoft.entourage.database_daemon.29424
  com.vmware.fusionStartMenu.41040
  com.box.Box-Local-Com-Server.88560
  com.Box.Box-Edit.88384
  com.skype.skype.31536
  com.yahoo.messenger3.32944
  com.google.GoogleDrive.65856
  com.vmware.fusionDaemon.39808
  com.microsoft.autoupdate.fba.39456
  jp.co.canon.cijscannerregister.41216
  com.evernote.EvernoteHelper
  com.hp.help.tocgenerator
  com.google.keystone.system.agent
  com.divx.update.agent
  com.divx.dms.agent
  com.carbonite.carbonitestatus
  com.carbonite.carbonitealerts
  cn.com.zte.usbswapper.plist
  com.citrixonline.GoToMeeting.G2MUpdate
  sarahcomputer-3:~ Sarah$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
  /Library/Components:
  /Library/Extensions:
  ATTOCelerityFC8.kext
  ATTOExpressSASHBA2.kext
  ATTOExpressSASRAID2.kext
  ArcMSR.kext
  BJUSBLoad.kext
  CIJUSBLoad.kext
  CalDigitHDProDrv.kext
  HighPointIOP.kext
  HighPointRR.kext
  PromiseSTEX.kext
  SoftRAID.kext
  /Library/Frameworks:
  AEProfiling.framework
  AERegistration.framework
  Adobe AIR.framework
  AudioMixEngine.framework
  DivX Toolkit.framework
  DivXInstallerUtilities.framework
  HPSmartPrint.framework
  MacFUSE.framework
  NyxAudioAnalysis.framework
  OSXFUSE.framework
  PluginManager.framework
  Snapfish.framework
  TSLicense.framework
  iTunesLibrary.framework
  /Library/Input Methods:
  /Library/Internet Plug-Ins:
  Default Browser.plugin
  DirectorShockwave.plugin
  DivX Web Player.plugin
  Flash Player.plugin
  Flip4Mac WMV Plugin.plugin
  Flip4Mac WMV Plugin.webplugin
  Google Earth Web Plug-in.plugin
  OVSHelper.plugin
  OfficeLiveBrowserPlugin.plugin
  Quartz Composer.webplugin
  QuickTime Plugin.plugin
  Silverlight.plugin
  flashplayer.xpt
  googletalkbrowserplugin.plugin
  iPhotoPhotocast.plugin
  nsIQTScriptablePlugin.xpt
  o1dbrowserplugin.plugin
  /Library/Keyboard Layouts:
  /Library/LaunchAgents:
  cn.com.zte.usbswapper.plist
  com.carbonite.launchd.carbonitealerts.plist
  com.carbonite.launchd.carbonitestatus.plist
  com.divx.dms.agent.plist
  com.divx.update.agent.plist
  com.google.keystone.agent.plist
  com.hp.help.tocgenerator.plist
  /Library/LaunchDaemons:
  cn.com.zte.MessageCenter.plist
  cn.com.zte.PPPMonitor.plist
  com.adobe.fpsaud.plist
  com.carbonite.launchd.carbonitedaemon.plist
  com.google.keystone.daemon.plist
  com.vmware.launchd.vmware.plist
  /Library/PreferencePanes:
  Carbonite.prefPane
  Flash Player.prefPane
  Flip4Mac WMV.prefPane
  Perian.prefPane
  /Library/PrivilegedHelperTools:
  Google Drive Icon Helper
  com.box.sync.bootstrapper
  com.box.sync.iconhelper
  /Library/QuickLook:
  GBQLGenerator.qlgenerator
  VMware Fusion QuickLook.qlgenerator
  iBooksAuthor.qlgenerator
  iWork.qlgenerator
  /Library/QuickTime:
  AC3MovieImport.component
  AppleIntermediateCodec.component
  AppleMPEG2Codec.component
  Perian.component
  /Library/ScriptingAdditions:
  /Library/Spotlight:
  GBSpotlightImporter.mdimporter
  Microsoft Office.mdimporter
  iBooksAuthor.mdimporter
  iWork.mdimporter
  /Library/StartupItems:
  HP Trap Monitor
  /etc/mach_init.d:
  /etc/mach_init_per_login_session.d:
  /etc/mach_init_per_user.d:
  Library/Address Book Plug-Ins:
  SkypeABDialer.bundle
  SkypeABSMS.bundle
  YMsgrCallABPlugin.bundle
  YMsgrMsnABPlugin.bundle
  YMsgrSmsABPlugin.bundle
  YMsgrYimABPlugin.bundle
  Library/Components:
  MindVision
  Library/Fonts:
  Library/Frameworks:
  EWSMac.framework
  Library/Input Methods:
  .localized
  Library/Internet Plug-Ins:
  CitrixOnlineWebDeploymentPlugin.plugin
  Google Earth Web Plug-in.plugin
  Library/Keyboard Layouts:
  Library/LaunchAgents:
  com.apple.SafariBookmarksSyncer.plist
  com.citrixonline.GoToMeeting.G2MUpdate.plist
  Library/PreferencePanes:
  Library/Services:
  .localized
  sarahcomputer-3:~ Sarah$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
  iTunesHelper, VMware Fusion Helper, Skype, Jacquie Lawson London Advent Calendar, Google Drive, uTorrent, Dropbox, Yahoo! Messenger, Skype, Box Sync, Box Edit, Box Local Com Server
  sarahcomputer-3:~ Sarah$

• How to force iOS to ask for S/MIME private key password every time?

  Hi, I am using S/MIME signing and encryption on my iOS devices and I am very surprised that the system does not require password for encrypting, decrypting or signing a message when using my cell phone. Everyone with access to it (be it a thief who saw my unlock code or somebody I know personally) will be able to send/read all encrypted messages. That is a deal breaker for me and I hope I am not the only one.
  So the question is: I need to be asked for a password everytime I (a) read encrypted message, (b) send a signed message or (c) send an encrypted message.
  How can I do that?
  I imported my key via iPhone configuration utility, but I was unable to find an option for that.

  By revealing your unlock code your device is already compromised. Just like revealing your computers login password. Once the computer is compromised, any number of things can be done which render the certificate password useless. Keyloggers can be installed, the kernel can be patched to steal DPAPI keys, etc. Real software companies like Apple and Microsoft don't entertain security through obscurity.

• Help me catch my hacker...please!

  Hi. I have an old Mac Pro 1,1 (2007 I believe), OSX 10.7.5 that has been hacked. I have read some of the questions here so I'll try to include all the necessary info. some of the things that have happened are that a new admin user account is on my computer where I have never created any other account and was using my admin account solely which I now know is not smart. I see the new account at the login screen although it tries to look like it is my account, same icon, but it thankfully can't shut down or restart the computer. I am the sole user of my computer and no one else has access to it physically. also, I can no longer throw anything into the trash. Everything just gets moved somewhere as I can see this from the dialog box that pops up. Also, I have to enter a password just to throw anything away(!), but the trash bin always remains empty so nothing ever makes it there but is obviously going elsewhere. The other thing is all my files are now locked and password protected which of course I didn't do. So, hopefully this all shows my computer has indeed been hacked. In fact, I do know who has done this and he's hacked my iphone as well. He currently lives in another country and when I did wipe my phone and enable location services I started getting ads for the nearest major city of that country where he lives and he is the only person I know who lives in that country. I have other info too as to how I know who it is but won't go into it here. He is some guy I used to know who somehow thinks I'm responsible for him losing his job which is completely preposterous. I know he's gone after my finances but thus far has not been able to access them. My email, which I never check on my home computer or phone anymore, will even on my home computer keep trying to connect to paypal. When I've logged into AppleID on my phone to download apps he has changed my AppleID password & security questions but I was fortunately able to change it and get back into it. He put security questions I would never use like asking something about dates and I never remember dates.
  Anyway, I really need to catch this guy as I have info that he has done this to others as well. I know I could just wipe my machine but that is not something I want to do. While my mac tech guy is normally great he doesn't even believe a mac can have a virus and wants to debate that so for him to believe my computer could have been hacked is impossible so he wouldn't help me. I have contacted a couple other techs I know but one was PC-oriented and the other who does some work on macs said he didn't have enough mac experience when I told him the litany of things happening on my computer and phone. So, I am turning to the good people of this forum to help me do this myself as I know you guys are great from past experience with minor computer issues.
  What I've done so far, mostly from reading these forums: I ran EtreCheck and the only thing that came up looking off was a version of Adobe Flash Player I downloaded that EtreCheck says was a mismatch in their red type. I believe that is how the hacker got his software on my computer. I made visible all the users/accounts and nothing looked funny but a lot of this stuff is greek to me as I have never used the Terminal before. I did find a root user and so disabled that. I have looked through all the Processes, and ran that 5-step terminal thing you guys recommend here that shows preferences & launch agents, etc. and looked and looked but see nothing off. I unfortunately had my computer rather wide open before and so now have done all the normal user things to tighten my security and have Little Snitch and Avast Security on my computer. Oh, I did find the Genio-L bug through MacScan and deleted that. My computer had been running at a crawl but is now faster. Also, I had read something about hackers getting access through Bluetooth and saw besides my keyboard and mouse (my modem is wired so I don't have WiFi) some third item listed. I deleted it as it looked suspicious with very little info on it compared to my other devices. (I forgot to take a screenshot of it.) I have also made all files visible through the Terminal. I was looking around in the Private/Etc files but I don't really know what i'm looking at. Also, I found 3 applications that were loading automatically on login so I deleted them: Adobe Resource Synchronizer, Optimism Agent (Optimism software I have) and FontExplorer.
  Anyway, I would love recommendations for how to find this hacking software which I'm assuming can be found through the Terminal. I did try to use Deeper but when I tried to get it to show all the IP addresses for the users on the login page it had an applescript error come up. It said:
  FSPathMakeRef (/System/Library/CoreServices/HelpViewer.app) failed with error -43. (1)
  i'm sure this guy probably has some pretty sophisticated hacking software, which I understand can even be parental control software. I have reason to believe he has put a keylogger on my computer. So, if there is a way to catch this guy please, please give me some tips but do explain everything really simply & step by step as I know nothing about using the Terminal despite the few things I've done. I was reading under the ssh and it says something about -x being used to disable keyloggers from forwarding info. I do seem to have the applicaton X11 on my computer which I never noticed before. There was also something under ssh about ~# which can list all forwarded connections. Of course I don't know how or where to do these things but if you guys think it would help then I'd totally appreciate directions on how to do these things.
  Sorry for writing an essay but I may not be able to get back to this computer for 3-4 days so wanted to give plenty of info for the questions you guys usually ask. Thanks in advance for any and all help!

  I went ahead and repaired the permissions and the disk itself didn't need any repairs. I still really don't want to wipe my HD, and haven't yet, because I want to catch this guy. can you guys give me a code to enter into the Terminal to show all hidden admin users? I tried something I found on these forums to unhide all 500users but i'm not sure if it was for Lion. (btw, the descriptions for this forum are off. i have a silver tower, it's definitely a mac pro 1,1 and am running Lion 10.7.5) anyway, the terminal said in response:
  sudo: /private/etc/sudoers is mode 0446, should be 0440.
  this response was before I repaired the permissions.
  to address Kurt's question of why i'm convinced I have a hacker I didn't share everything in my OP partly because it was already so long and party because some info I don't feel comfortable sharing online. suffice it to say I have solid knowledge that I've been hacked. I was 99.9% sure of who it was and when the location-based ad on my iphone came up for the country this person currently lives in I knew I was right. think of it like this, if you knew one person who lived in Latvia and suspected he was for sure the person who hacked your computer/phone because you know he's done it to others you know, and suddenly your phone in the US starts getting ads for the nearest major city to where the person lives in Latvia, right after you enabled location-based ads, you'd be pretty sure you suspect the right person. as to how I know this is for sure a hacking I am not comfortable going into on a public forum. suffice it to say, I know without a shadow of a doubt. obviously, the fact that I have an additional admin account on my computer when I live alone and no one, and I mean no one, has physical access to my computer is quite a good indicator.
  just earlier today I had additional problems on my iphone 4. (in the last week I've reset the settings several times whenever I have like one or two bars for my connection which is definitely not normal. resetting the settings seems to be really helping the connection.) this morning I was reading on safari (on the NPR site) and suddenly my phone goes black and the same screen I see when my phone is resetting shows up (all-black screen with white horizontal progress bar). something was being reset so I immediately tried to turn off the phone and it wouldn't turn off, but it did not let the progress bar continue with whatever was happening as long as I held the power button down. then after awhile of doing this, the screen suddenly went back to my usual NPR page. I immediately turned off my phone and will reset it when I turn it back on.
  so, my question is how protect my phone? I have erased it previously, but don't want to do that again as I can't risk logging into Apple ID on it again, to download apps, as last time I did that my Apple ID password & security question as got changed and I had a hard time getting back into it. what I have done so far is to use a password, set a restrictions password and I have turned off most locations settings and limited ad tracking. when this all started awhile ago the app I use the most, a newspaper, suddenly popped up with a survey that it tried to force me to click on and take. there was no option not to take the survey and the website address it showed ended in .xyz as if that is a real legitimate site. what I did was close the app and delete it as I knew this had nothing to do with this major newspaper app. it was directly after that that the location-based ad in this guy's country started coming up. so, how the heck can I keep this guy off my phone now? I still want to catch him and am hoping I can somehow do that either on my computer or phone. no one should be allowed to do this to another person. it's been a nightmare. again thanks for any and all help.

• I followed previous keylogger detection instructions from an older post - how do I interpret the results that appeared in Terminal?

  I have a Macbook pro that I suspect my exhusband installed keylogger software on.  I followed the keylogger detection instructions posted on an older post, but I do not know how to interpret the Terminal results.  What should I be looking for in the strings that result?

  You don't have an off-the-shelf commercial keylogger installed. I can't rule out a well-hidden rootkit. That would only be possible If the attacker is a computer expert, or if he had help from an expert. If you suspect that, you'll either have to consult an expert yourself or (less expensively) erase your hard drive, reinstall OS X and all your other software from known-good copies, and restore only your documents and settings from a backup.
  I should add that there are hardware keyloggers on the market that don't install any software at all. The cheap ones can't be accessed remotely, but with enough money you can buy pretty much anything. A highly motivated attacker could plant listening devices in your home, your car, or your office.

• Multiple people using same admin account boot each other out

  Hello,
  One of our clients has a number of trainers that need to use the same admin email address to log in and export reports.  It seems like only one person can be logged into the account at a time, which makes sense - but this will cause the trainers that get booted from the CMS to lose their work.  Then there will be confusion over whether or not it's safe to log back in because they will boot the person out that just booted them.
  Is there a way to lock the login for an admin email so that if Person A is logged into the CMS, Person B won't be able to log into the CMS with the login until Person A logs out?
  If that isn't an option, is there a way to display on a web page whether or not the admin login is in use?  We just need some kind of automated way to mitigate this.  We can't have a shared doc where people can checkout the login because with the number of trainers, people are bound to mess up that kind of manual process.
  Any ideas are appreciated.
  Thanks

  This is 100% a security feature and a must. One of the biggest security issues at a company is when people share passwords. Some of the biggest stories of "hacking" out there in the web - most are not actual true hacks but people gaining access based on bad passwords, keyloggers on someones machine or moreover sharing logins etc.
  Change why and how your doing this with any client ASAP!