After one of my accounts was haccked last week,...

Hello,

I've got reasons to believe a kelogger got installed in my computer and I need to find and delete it. Last Wednesday one of my Facebook contact's account got hacked and I found out about it when I started receiving weird updates from his account. I then posted on my own FB timeline about this to alert other friend's in common, and shortly after the hacker commented on my post threatening me, telling me to go check my account, that it would be hacked. That same day I received what I believe was a phishing email, supposedly from my hosting service provider, warning me that my email inbox for my --- @ ---. com email address was about to reach it's maximum mailbox quota. I didn't click on any of the links, I did open the email, but didn't react on it because I knew it was a phony email. The next day I woke up to my Amazon account being hacked. Someone changed the email linked to my account and I got another phishing email, which I opened, thanking me for contacting them, and that per my request the email --- @ ---. com (this was hyperlink) linked to my Amazon account had been changed to the new email --- @ sena. com (this was another hyperlink). I didn't click on any of the links, but I did open the email, so maybe something got installed just by opening the email?. I immediately called Amazon to regain access to my account; they mentioned seeing in the system that I got that email, which I think is very odd, and they could not explain how could someone change the email address and why wouldn't they change the password and use the account in any way. The email was missing Amazon's logo on top of the orange arrow, to I know it was not a real email. They asked me to try entering my old password with the new email, which I did and I got into my account, and only then I realized that's exactly what the hacker wanted me to do!. Fortunately I don't use the same passwords on my different accounts, and I managed to get my account blocked for the time being, while I solve the Facebook threat and my computer safety.

In the meantime, I am positive I've become a target for this person, who has not been able to do much, because since I have this suspicious I haven't typed any important password on that computer. I've been copying and pasting letter by letter so that they get ctrl + C - ctrl + V registered in the logs, and can't figure out any credential; they could however, be getting screenshots via any malware installed in my computer.

I am typing this from an old computer I haven't used for a while and I've got my other computer offline, so that no record can be sent over the net while I try to figure this thing out. Can someone help me with a way to determine if my suspicious are correct?. I've ran Avira (didn't find anything), Malwarebytes (found 4 threats and deleted them), and Bitdefender (didn't find anything).

I've been advised by a friend of mine to do a reimage after backing up all my files, that that's the only way he sees me getting rid of a keylogger if it was installed. What do you think?

Thanks in advance!

Hi Lempika:

First I would remove Avira and BitDefender, they will cause more problems.

You said you have changed your Amazon password, that is good.

You also ran Malwarebytes which is also good.

Try downloading and running EtreCheck and post a report here. It may allow someone to identify something out of the ordinary on your system.

See using EtreCheck: Using EtreCheck

Here is another link which may be helpful. Effective defenses against malware and other threats

Kim

Thank you Kim! I followed your recommendations and ran EtreCheck, here's the report:

EtreCheck version: 3.4.4 (448)

Report generated 2017-09-18 17:53:30

Download EtreCheck from https://etrecheck.com

Runtime: 3:09

Performance: Good

Click the [Lookup] links for more information from Apple Support Communities.

Click the [Details] links for more information about that line.

Problem: Other problem

Description:

I've got reasons to believe a kelogger got installed in my computer and I need to find and delete it.

Hardware Information: ⓘ

MacBook Pro (Retina, 13-inch, Early 2015)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro12,1

1 2,7 GHz Intel Core i5 (i5-5257U) CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1867 MHz ok

BANK 1/DIMM0

4 GB DDR3 1867 MHz ok

Handoff/Airdrop2: supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 405

iCloud Quota: 5.00 GB available

iCloud Status: 10 pending files

Video Information: ⓘ

Intel Iris Graphics 6100 - VRAM: 1536 MB

Color LCD 2560 x 1600

Disk Information: ⓘ

APPLE SSD SM0256G disk0: (251 GB) (Solid State - TRIM: Yes)

[Show SMART report]

EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB

(disk0s2) <not mounted> [CoreStorage Container]: 250.14 GB

Recovery HD (disk0s3 - Journaled HFS+) /Volumes/Recovery HD [Recovery]: 650 MB (82 MB free)

USB Information: ⓘ

USB30Bus

Broadcom Corp. Bluetooth USB Host Controller

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Virtual disks: ⓘ

Macintosh HD (disk1 - Journaled HFS+) / [Startup]: 249.78 GB (27.88 GB free)

Physical disk: disk0s2 250.14 GB Online

System Software: ⓘ

macOS Sierra 10.12.6 (16G29) - Time since boot: about 6 hours

Configuration files: ⓘ

/etc/hosts - Count: 146

Gatekeeper: ⓘ

Mac App Store and identified developers

Kernel Extensions: ⓘ

/Library/Extensions

[loaded] com.malwarebytes.mbam.rtprotection (3.0 - SDK 10.12) [Lookup]

Startup Items: ⓘ

TuxeraNTFSUnmountHelper: Path: /Library/StartupItems/TuxeraNTFSUnmountHelper

Startup items no longer function in OS X Yosemite or later

System Launch Agents: ⓘ

[not loaded] 6 Apple tasks

[loaded] 181 Apple tasks

[running] 95 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 42 Apple tasks

[loaded] 174 Apple tasks

[running] 102 Apple tasks

Launch Agents: ⓘ

[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2016-09-20) [Lookup]

[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a 23d420d.plist (Adobe Systems, Inc. - installed 2017-01-10) [Lookup]

[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-09-14) [Lookup]

[not loaded] com.teamviewer.teamviewer.plist (TeamViewer GmbH - installed 2016-09-20) [Lookup]

[not loaded] com.teamviewer.teamviewer_desktop.plist (TeamViewer GmbH - installed 2016-09-19) [Lookup]

Launch Daemons: ⓘ

[loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2017-01-10) [Lookup]

[loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2017-01-10) [Lookup]

[loaded] com.adobe.fpsaud.plist (? 2afb3af7 4898e928 - installed 2017-08-29) [Lookup]

[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-09-14) [Lookup]

[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-09-14) [Lookup]

[loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2016-09-19) [Lookup]

[not loaded] com.teamviewer.teamviewer_service.plist (TeamViewer GmbH - installed 2016-09-20) [Lookup]

User Launch Agents: ⓘ

[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-11) [Lookup]

[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-07-10) [Lookup]

[loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2017-09-14) [Lookup]

User Login Items: ⓘ

iTunesHelper Application (Apple, Inc. - installed 2017-09-15)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Dropbox Application

(/Applications/Dropbox.app)

Internet Plug-ins: ⓘ

AdobePDFViewerNPAPI: 17.012.20098 (installed 2017-09-14) [Lookup]

FlashPlayer-10.6: 27.0.0.130 (installed 2017-09-12) [Lookup]

AdobePDFViewer: 17.012.20098 (installed 2017-09-14) [Lookup]

QuickTime Plugin: 7.7.3 (installed 2017-08-08)

Flash Player: 27.0.0.130 (installed 2017-09-12) Cannot contact Adobe

AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 (installed 2016-09-20) [Lookup]

Safari Extensions: ⓘ

None

3rd Party Preference Panes: ⓘ

Flash Player (installed 2017-08-29) [Lookup]

Paragon NTFS for Mac ® OS X (installed 2016-12-13) [Lookup]

Tuxera NTFS (installed 2017-06-01) [Lookup]

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

124% firefox

12% WindowServer

10% kernel_task

3% hidd

2% RTProtectionDaemon

Top Processes by Memory: ⓘ

1.62 GB firefox

725 MB kernel_task

383 MB RTProtectionDaemon

232 MB mds_stores

202 MB Finder

Top Processes by Network Use: ⓘ

Input Output Process name

2 MB 226 KB firefox

171 KB 292 KB Dropbox

41 KB 20 KB mDNSResponder

25 KB 33 KB cloudd

15 KB 16 KB apsd

Top Processes by Energy Use: ⓘ

91.60 firefox

7.94 WindowServer

4.54 mds

2.48 cloudd

Virtual Memory Information: ⓘ

2.63 GB Available RAM

17 MB Free RAM

5.37 GB Used RAM

2.62 GB Cached files

12 MB Swap Used

Software installs: ⓘ

Adobe Flash Player: (installed 2017-09-12)

Malwarebytes for Mac: (installed 2017-09-14)

Bitdefender Virus Scanner: 3.8 (installed 2017-09-14)

Adobe Acrobat Reader DC (17.012.20098): (installed 2017-09-14)

Install information may not be complete.

Diagnostics Information: ⓘ

2017-09-15 18:48:14 Adobe Photoshop CC 2015.app Crash [Open]

最後更新：2017-09-19 00:08:43

After one of my accounts was haccked last week,...

上一篇： external hard drive refusing to format on my mac

下一篇： manually sync music

相關內容

熱門內容

最新內容