My site has been hacked. Any tools available to locate and remove "Code injection"?

Similar Messages

• I just recieved a notification that says "your iphone has been hacked. All your photo's and calls are compremised"..... Should I be worried?

  Hi all,
  I just recieved a notification that says "your iphone has been hacked. All your photo's and calls are compremised"..... Should I be worried or is this a very pathetic attempt of a hacker? Please advise as soon as possible. Below is a screen shot.
  Thank you for your help.

  Is your phone jailbroken? If not, just ignore/delete the message...it's a Flash SMS, & nothing but spam. If your phone is not jailbroken, you have nothing to worry about.

• Connection has timed out on my mac. I think my e-commerce site has been hack

  It is really slow I get the same message for both. I own a Mac and have never had to change settings before like a firewall or connection issue. I can connect to any site accept my very own. Is this the work of a hacker?

  Temporarily disabling the Anti-Virus/Firewall software on the computer should rectify the network connect timed out issue.

• Passcode has been change, how can I now access and reset code without losing everything!

  Unable to get into settings,  code was change, how to access and reset code without losing apt's? Is the only way is to completely erase and start new?

  Sorry, but you cannot. If you have a current backup in iTunes then you can restore it.
  Locked Out, Forgot Lock or Restrictions Passcode, or Need to Restore Your Device: Several Alternative Solutions
  A
  1. iOS- Forgotten passcode or device disabled after entering wrong passcode
  2. iPhone, iPad, iPod touch: Wrong passcode results in red disabled screen
  3. Restoring iPod touch after forgotten passcode
  4. What to Do If You've Forgotten Your iPhone's Passcode
  5. iOS- Understanding passcodes
  6. iTunes 10 for Mac- Update and restore software on iPod, iPhone, or iPad
  7. iOS - Unable to update or restore
  Forgotten Restrictions Passcode Help
              iPad,iPod,iPod Touch Recovery Mode
  You will need to restore your device as New to remove a Restrictions passcode. Go through the normal process to restore your device, but when you see the options to restore as New or from a backup, be sure to choose New.
  You can restore from a backup if you have one from BEFORE you set the restrictions passcode.
  Also, see iTunes- Restoring iOS software.

• Any way to easily locate and remove duplicate photos?

  I recently went to Italy and loaded my digital photos into iPhoto. My wife loaded the same CF card so I now have hundreds of duplicates. Any ideas on how to find the duplicates other than looking at each photo individually?

  bob
  Check out Duplicate Annihilator
  Regards
  TD

• HT201441 I am from Kosovo, in Kosovo there isn't any apple store, I took my phone to fix in a shop and they changed my Icloud, my phone is now deactivated accidentally but the shops password has been hacked. I dont know what to do about it.

  I am from Kosovo, in Kosovo there isn't any apple store, I took my phone to fix in a shop and they changed my Icloud, my phone is now deactivated accidentally but the shops password has been hacked. I dont know what to do about it. If there was an apple store here i could take my phone there and fix it but i dont know what to do since i can't find the Icloud password. My phone remains deactivated. The people from mobi shop dont take the responisibility they say its not their fault the Icloud got hacked. Please help me because Iphones are very expensive here I had to work alot to get one. And when i finally got one it doesnt work.

  Well we know whose fault it is but we cant do anything about it because of the hackers but i was hoping someone could help me in some other way. if i send You the apple id and everything could the apple stores there do anything about my problem. Cuz in kosovo i can never fix it.

• Is there any way to check out if my iphone has been hack?

  is there any way to check out if my iphone has been hack?

  Restore it in iTunes,
  Backing Up, updating, and restoring your iPhone and iPod touch software

• Safari has been hacked by Syrian military....any one else with this ?

  Safari has been hacked by Syrian military of my iPAD....ANYONE ELSE HAVE THIS?

  I Was using safari on my iPad Air when i opened an article in macworld a prompt showed telling me that i was hacked by syrian electronic army then when i pressed ok it brought me to a logo/pic of a birdie in middle eastern look. What is this? What is the extent of the hack if indeed its true?

• My email has been hacked by an adware sending me 12 ads per day.  How can I block those ads?

  My email has been hacked by an adware sending me 12 ads per day.  How can I block those ads?

  Helpful Links Regarding Malware Problems
  If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and The Safe Mac » Adware Removal Tool. Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
  An excellent link to read is Tom Reed's Mac Malware Guide.
  Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
  See these Apple articles:
    Mac OS X Snow Leopard and malware detection
    OS X Lion- Protect your Mac from malware
    OS X Mountain Lion- Protect your Mac from malware
    OS X Mavericks- Protect your Mac from malware
    About file quarantine in OS X
  If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)
  From user Joe Bailey comes this equally useful advice:
  The facts are:
  1. There is no anti-malware software that can detect 100% of the malware out there.
  2. There is no anti-malware that can detect anything targeting the Mac because there
       is no Mac malware in the wild, and therefore, no "signatures" to detect.
  3. The very best way to prevent the most attacks is for you as the user to be aware that
       the most successful malware attacks rely on very sophisticated social engineering
       techniques preying on human avarice, ****, and fear.
  4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on
      your computer is intended to entice you to install their malware thinking it is a
      protection against malware.
  5. Some of the anti-malware products on the market are worse than the malware
      from which they purport to protect you.
  6. Be cautious where you go on the internet.
  7. Only download anything from sites you know are safe.
  8. Avoid links you receive in email, always be suspicious even if you get something
      you think is from a friend, but you were not expecting.
  9. If there is any question in your mind, then assume it is malware.

• My apple ID has been hacked so I had to create a new account, how can I get my old account back??

  My apple ID has been hacked so I had to create a new account, how can I get my old account back?? My iPhone and iPad are linked to the account i lost

  freedone wrote:
  Great! Yes mysterious is best way to describe internet eh lol. It could be that I have asked other questions that had absoulutely no relevance to the current q,  onto previous questions. So I am going to look thru them all..
  I did say m i s c h i e v o u s  didn't I? Mysterious it is though too.
  Regarding the latter, I have some tips for searching... (WARNING: I don not have a high opinion of the Forum Search abilities)
  Discussion Search
  https://discussions.apple.com/search.jspa?type=discussion&q=Great!&author=%2Fpeo ple%2F946207&sort=updatedAsc
  The above is what is called "Space Search"
  I used the first word of you above post " Great! " with a couple of filters applied - found this thread and one other
  If you can think of any term you may have used, it may be of some benefit to use this search
  ELSE
  I am VERY fond of Google "Site Search" for all of Apple.Com and its subdomains...
  a mere search for your username with quotes no brackets [ "freedone" ] yielded 313 results - but there IS another username "freedoneb" that may take up some of that real estate
  https://www.google.com/?gws_rd=ssl#safe=off&q=%22freedone%22+site:discussions.ap ple.com

• How can i tell if my iphone 4 has been hacked into?

  Here is the situation.....a friend of mine is in a bad marriage. She found out her husband bugged her laptop and her phone and is finding out all of her conversations. The other day, we were all at a buffet restaurant and he was sitting at the table with us, without thinking anything of it, I left my purse with my phone at the table while all but him went up to the bar. Later on that night, I was in the car with another friend and we were talking in detail about our friends situation. The next day my friend whom I was talking to in the car, checked her answering machine, and our conversation was on her machine. I checked my call log AND detailed billing from AT&T  thinking I may have butt dialed her house, but there is no record of me calling her house. The same with her, she as no record of calling her house and her home phone does not have caller ID. This guy is very tech savy and is the manager of 4 AT&T stores. Is it possible for him to have hacked into my phone and put some sort of bug in it? If this is possible, is it also possible for my phone to be able to record our conversation without a call being placed? If it is possible, how can I tell if my phone has been hacked?
  Thanks

  It would be extremely difficult for someone to be able to grab your iPhone out of your purse and hack into it without having a laptop computer with him with which to jailbreak the iPhone and time to work on it. I can't say it would be impossible, though. I'd suggest as a precaution you perform a Restore on your iPhone; if it restores successfully that would clear any jailbreak and remove any hack.
  http://support.apple.com/kb/ht1212
  Regards.

• I believe my BlackBerry has been HACKED

  This may sound crazy. I've been using Blackberry for 7 years and have never encountered something like this. I woke up to my alarm last week and as I reached for it I noticed a messaged had popped up on my screen that said "Your phone has been hacked" with an exclamation mark inside a Triangle beside it. I read the msg at the same moment I touched my phone to turn off my alarm and the message disapearred. Rubbing my eyes I thought I was seeing things.
  Last night Microsoft outlook mailed me to inform me my account had been accessed from another country. I changed ALL my passwords immediately and ONLY entered the new passwords into my Blackberry to re-sync my accounts. An hour ago I just got an email from a different email account saying my other email had been accessed. But the ONLY place I'd entered the NEW password for this other email account had been on my blackberry. Whoever accessed my other account already had my NEW password, and the only place I entered that new password was on my blackberry device.
  I now believe the message I saw on my phone that morning was actually there and I don't know what to do! Is it possible for a Blackberry to display that message to a user? Please help!

  If the messages are in your email, these are very common scams.
  If you have a popup directly on your desktop of the Blackberry phone when not running an application this is very strange. This should never happen!  If it is in an email, then it is obvious it is email content. If the popup is in a software then it is the software that is the problem.
  If I was to see a popup on the desktop of a Blackberry device, I would wipe the phone and re-install the operating system. Using the Link software backup the user files first. If your data is not important you can skip the backup. First make sure your phone is synced with some type of service to preserve your email addresses.  You can re-install the OS using the Link software. This is sort of a long process, but not too difficult to do.
  I know a lot of people including myself who get these scams.  I just hope you never answered to any of these, and NEVER clicked on any links and fill out their forms. 
  With your Blackberry phone, as long you use original Blackberry software and NEVER follow instrcutions from Scam email you should be safe. If you ever filled out any of these Scam forms you very quickly must change your passwords.
  With your phone or computer NEVER open any emails, and especially attachments unless you are sure the source is safe.
  The email services, financial services, operating systems services, and distributors will never send you emails asking about passwords and personal information.  The only time you would receive an email from any of these services is if you solicited to have an email from them.
  If you are installing Android software be cautious. Many Android programs can be a security issue with the phone. The whole idea of the Blackberry phone is for the security. Using Android software does add some risk.
  I have been told the safest download sites are 1mobile and Amazon for Android programs to be used on the Blackberry phone. But, there are no absolute guarantees. 
  When I first got my Passport, I tried an Android software that looked interesting to me.  I downloaded it from the Google server for Android programs. The phone started to work very slow, and the program was displaying banners on the screen when I was using the program. It was a free chess game. I tried to uninstall this game and it would not go out!  I had a backup from before I installed this program. The best I could do to get rid of it was to wipe the phone and re-install the OS. This fixed it.
  I hope all this helps you out. I am a user like anyone else, and when i have time I participate in these groups. In my family we have a lot of Blackberry phones. We like this phone a lot.
  Jerry G.

• My hotmail email has been hacked into. I've changed my password and hope this fixes the problem. Does this mean my imac software is infected. If so what should I do? Everything appears to be working ok.

  My hotmail email account has been hacked into. I've changed my email password and hope this fixes the problem.  Will my iMac system software now be infected and if so what should I do about it?  Everything appears to be working ok.   Is there a free to use software package available on the web, totally secure and reliable, which can scan my iMac for viruses and fix them if any are found.

  Unless you have installed anything, you are fine.
  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
  https://discussions.apple.com/docs/DOC-2435
  Bear in mind that from April to December 2011 there were only 58 attempted security threats to the Mac - a mere fraction compared to Windows malware:
  http://www.f-secure.com/weblog/archives/00002300.html
  (I have ClamXav set to scan incoming emails, but nothing else.)

• PLEASE HELP! How can I tell if my Imac has been hacked?

  PLEASE HELP! How can I tell if my Imac has been hacked? I see a few people have asked this question but the responses tended to be advice on what to do once you've been hacked, not what can done to find out if you have been hacked. I have a late 2012 model imac. My sharing was off and remote logging was off. I use an external router that send wireless to about 4 consoles in the flat. I don't think I have any firewalls up (now looking like a mistake). I think I'm possibly being hacked  due to abnormal behaviour and most recently my camera was turned off all day (no LED) then I went to record something on Photo Booth, the application popped up displaying an image of me getting dressed (nightmare!) which happened hours earlier when the camera was off. This image quickly then disappeared and the camera began working normally. Very strange and alarming. Please help me. Any advice would be very much appreciated. Thanks.

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the behest of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.
  Here's a summary of what you need to do, if you choose to proceed:
  Copy a line of text in this window to the Clipboard.
  Paste into the window of another application.
  Wait for the test to run. It usually takes a few minutes.
  Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports 'com.autodesk.AutoCad com.evenflow.dropbox com.google.GoogleDrive' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */  /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1000) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/d;/(etc|Preferences)\//s/^\.\/[^/]+//p;' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| ","||kMDItem'${p[35]}'=");sub("^.."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[9]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]" "$1;b=b$1;} END { if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n  "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n  [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n  ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' ' /^ +B/{ s/.+= |(-[0-9]+)?\.s.+//g;p;} ' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' 's/0/Off/p' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil PlistBuddy whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[35]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' -i4TCP:0-1023 com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A1 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 14 3 49 5;D12 26 48 59 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  7. Launch the built-in Terminal application in any of the following ways:
  Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  8. If you see an error message in the Terminal window such as "syntax error," enter
  exec bash
  and press return. Then paste the script again.
  9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.
  11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start Time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.
  Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• My email has been hacked

  My partner and I both have btconnect email addresses and we've just become aware that someone is reading our emails other than us.  If I send a message to him I will receive a "read receipt" on it even though he hasn't opened it (it says it's been read in Monrovia and Reykjavik ... ), and the same applies if he sends one to me.  I've just gone in and changed my password and also my recovery information (ie the security question), but even after I'd done that he still recevied a read receipt for a message I hadn't opened.  Anyone any ideas please???  To my knowledge my account is not being used to send spam messages out - no-one has notified me of this, anyway, so far!

  Without apology - here is a paste of an earlier thread from me:
  An increased number of incidents are being reported on the web regarding the continued hacking of BTYahoo accounts with payload outcomes that vary:
  Account passwords are being hacked and being modified without proper authority
  account security questions being modified without proper authority
  addresses on web-mail contacts lists being systematically sent fake emails seeking assistance in the form of money
  the deletion of the web-mail contact list afterwards
  modification of the BTYahoo email settings that hijack “respond to” email addresses
  modification of contact email address to one that links to the hijacker thereby informing them of subsequent attempts to modify the password.
  users being unable to receive or send emails
  accounts appearing to be re-hijacked after corrective action has been taken.
  If users contact BT and correct the account access issues, they may believe that the problem has been resolved.
  However if the additional modifications to the account email settings remain uncorrected, emails will be re-directed and simply notify the hijacker that amendments  to the account have been attempted, giving them the opportunity to restore their counterfeit settings.
  The hijackers achieve this by setting up similar email addresses to the original but instead of the address being in the familiar @btinternet.com domain it will not infrequently appear to be in the @live.com domain.
  The hijacker will previously have established another stand-off email address and make that the sole point of contact for any new counterfeits they create, thus preventing the hacked account owner from pursuing missing emails via live.com.
  Therefore it is imperative that users follow a rigid and vigorous regime with BT and Yahoo.
  Re-establish access to the original account and any affected sub-accounts with BT.
  BEFORE re-setting the passwords and the security questions to the account it is absolutely essential that “respond to” and “forward to” email addresses are set to a valid address that you recognise and that belong to you.
  reset the user passwords and security questions
  notify Yahoo that you are seeking restoration of your contact list from compromised accounts at the earliest opportunity – they have a short window where this can be done. 
  These attacks are sometimes delivered via links to fake sites, news items or to fake BT updates and when users click on links these fake sites invite them to provide BT passwords or can link into BT if other windows or tabs are open on BT’s web email.
  However equal numbers of hacks appear to happen without user intervention and questions may still exist about hacking happening at BT/Yahoo server level. Only in July 2012 were reports made about the posting online of details of 450,000 user accounts and passwords allegedly stolen from a Yahoo server.
  In short, these attacks are not unreasonably sophisticated with hackers having to pre-prepare their “catch all” email addresses before they make their attack and create and use the front line diversion addresses.
  It may be the case that there is more than one tier of “catch-all” addresses in place before the attacks happen.
  Jac-95 also wrote an excellent fix for this problem:
  Ignore the flaming - take the steps outlined aboved.
  +++###+++
  If you feel the problem is solved, please don't forget to come back and confrm the fix or post any other solution. It helps those who really need it to judge whether it works or not.
  Also, mark the thread solved