Prev: Migration Assistant -- from Leopard to Tiger --- can it be done?
Next: iMac manual
From: Jerry Lenstein on 17 Mar 2010 18:45
I have a friend who is convinced that his MacBookPro has been
hacked and is being accessed by "outside sources".

First off, this person used to run Windows and claimed the same
thing despite several highly knowledgeable people, including
myself, looking over the Windows system, re-installing clean etc
and finding nothing wrong.

Keep this in mind when reading the stuff below because this is
pretty much the same complaints I got with Windows, as well as
with a Linux LIVE CD.
Keep that in mind.

I am *not* a Mac person so I am asking for advice here.
This is what this person is telling me.
Please advise because I am pulling my hair out.
FWIW I have been a computer professional for 30+ years and have
never heard anything like this in my entire life, not even with
Windows.

Connection is broadband BTW.
Router has been swapped to 2 different brands.
MacBook is less than 6 months old and up to date AFAIK.

Here is what he is telling me and I would like to know, honestly,
what you guys think.

Keep in mind, I was getting a lot of the same kind of stuff from
this person, not exactly, but similar, with the Windows machine
and the Linux machine. Same machine dual boot.

I saw nothing wrong.

The stuff below is from emails.

If there is a better group for this please point me that way!!

What do you think?


***************************Here is what I am being told********


Tonights login log starts with:

Dasboardadvisory.plist (My note: dashboard is a widget thing that
sits
on dock at bottom of desktop)

Bluetooth (my note: I set all communication things to inactive--
haven't set up Internet yet)

CUPS (my note: yes I know this is normal process, but it also has
a
built in http server that can be logged on through port 80 just
like
any other URL. It will also open a port through firewall & listen
for
info. )

These 3 things show up in log before I got the sign on screen
(that
shows up later in log).

After sign on screen in log is:

Kextload: /System/Library/Extensions/msdosfs.kext loaded
successfully

Kext files will load into memory as needed. I just logged on and
didn't do anyhing. Especially anything to do with Microsoft dos
which
is what that is. And there also now gets a name in WINS box & had
WORKGROUP put in also. I NEVER set up to share & especialy not
with
windows (hence my remark I said to apple employee when I bought
MacBook ) I know it was not there before.


I know abou cups. I have seen what the log said on it when I got
MacBook. It has different stuff in it now. So does my system
profiler.
I thought I copied everything it said when I got mac but I can't
find
it. Network locations on my mac has tons of stuff in it where I
could
swear it was empty before. Stephs old MacBook has that location
empty
(it's using Internet with belkin wireless when I use magic Jack).

Apple talk keeps starting up. That's a part of airport express
router
to connect printer. And in system profiler network, locations one
thing under Bluetooth says SMB: Workgroup: (& name I had put in)
SMB
is samba. Also under Bluetooth network location are setting that
you
would see under dial up modem (which I don have) like disconnect
on
idle (no), disconnect on logout (no).

Under network utility section for information about Ethernet and
airport wireless card, my Ethernet shows with Vendor: NVIDIA
Model:
MCP79-1 (& link status: not reported--should say inactive like
airport
as I turned both to inactive).

Why does my graphics card show as Ethernet card? This same thing
happened on other computers.

System profiler, network, volumes says /home & /net mounted from
map
auto_home & map-hosts respectively. Both as automounted (when I
turn
computer on) & both autofs as type.

Yesterday I saw a new quest folder that was just created. Couldn't
access it but it has a size of file on info. It should be zero or
small # cause I had it off and empty.

I have intego firewall and virus barrier. It also came with a
program
called washing machine that you use to clean out cookies cache and
downloads. I cleaned stuff out the other nite (hadn't been online,
but
didn't do it the last timei was--only safari "clean"). The next
morning there was stuff in there to clean---Internet explorer
cookies
and cache, & firefox too. Wireless is turned off and is always off
unless I'm online--I hadn't been). Cleaned it and it was back the
next
day ( sizes were different so it is not what I deleted just
returning,
these were new).

I'm also apparently using a tablet with this MacBook as I was with
the
desktops. Even though I don't have one.

As far as crossing over onto different operating systems & it
can't be
done, I think it can be done. VNC uses the RFB protocol to
remotely
control another computer.

RFB (Remote Framebuffer Protocol) is a simple protocol for remote
access to graphical user interfaces. Because it works at the
framebuffer level, it is applicable to windowing systems &
applications, including X11, windows & Macintosh. It's also used
in
any derivatives of VNC.

VNC would be a virtual (software only) version of the network
computer. A VNC connection can be estabished as a LAN connection
if
VPN is utilized as a proxy.

I had tons of proxy stuff on desktop.

Don't know if going to apple. I also deleted some stuff. Not that
it
would matter. I was going to reset PRAM & NVRAM as per
instructions on
support.apple. Some things that PRAM contains are apple talk,
virtual
memory, start up disk (I keep getting I'm starting from a network
disk), Ram disk. Disk cache, fonts, printer stuff & port stuff.

I did try to set up the free printer (when I bought MacBook) last
June
but could only get scan to work. Tried again in February 2010 &
same
thing. Uninstalled software both times. I find it odd that this
problem on all computers has connections to printer and me being a
print server. Even when I don't have a printer (2nd desktop I
never
connected one to it, but one was running--spooler). This new free
printer does not have fax, but I turned on MacBook yesterday & I
had a
fax icon on top bar of desktop next to my wireless icon.

There is also something with time servers consistent with all the
computers. Which I always set to not check time automatically.




Here is more:

Settings changing, verizon folder (don't have anything verizon),
strange icons & folders. Again with printer stuff running & fax
(icon
now placed on top bar on desktop I didn't put there). Samba, cups,
I'm
set up as a server. Remote desktop stuff in logs & virtual system.
Says I'm using my Ethernet connection & it now has Nvidia as
vendor.
My Ethernet is set to inactive(disabled).

Same on oher machines, graphics cards doing screwy connecting,
remote
desk, server, print, fax, loopback, fonts, virtual system. I again
on
this one use IPV6 even though I set that to not use.

I looked through logs and the earlier ones from when I got it
mention
none of the bullshit I see now. I also apparently have clam xav,
firefox, and Internet explorer. Even though I never saw an icon
for
them & I never had clam xav on this computer. I have net barrier
x5 on
it since I got it. Thefirewall is set up to not allow incoming or
server & I had set denied to files that didn't need to connect
out.
And the virus scan skips over files but as you said it remembers
stuff. But looking at scan logs it says that each file only
scanned
partially. Or it says I stopped it when I didn't. He'll I'm
sitting
here waiting two hours for it to finish but I guess it was only
going
through the motions.


**************End of Emails*******************

Is there a problem here?

TIA

Jerry
From: nospam on 17 Mar 2010 19:23
In article <i0wjf91vl808.1dfth9e5rs641$.dlg(a)40tude.net>, Jerry Lenstein
<jsteineritsfake(a)email.net> wrote:

> I have a friend who is convinced that his MacBookPro has been
> hacked and is being accessed by "outside sources".

does he wear a tinfoil hat?

> First off, this person used to run Windows and claimed the same
> thing despite several highly knowledgeable people, including
> myself, looking over the Windows system, re-installing clean etc
> and finding nothing wrong.

imagine that.

> Keep this in mind when reading the stuff below because this is
> pretty much the same complaints I got with Windows, as well as
> with a Linux LIVE CD.
> Keep that in mind.

i think you know the answer.

> I am *not* a Mac person so I am asking for advice here.
> This is what this person is telling me.
> Please advise because I am pulling my hair out.

my advice is let someone else deal with him. :)

> FWIW I have been a computer professional for 30+ years and have
> never heard anything like this in my entire life, not even with
> Windows.

like i said, i think you know the answer.

> Connection is broadband BTW.
> Router has been swapped to 2 different brands.
> MacBook is less than 6 months old and up to date AFAIK.
>
> Here is what he is telling me and I would like to know, honestly,
> what you guys think.

i think he's a lunatic.

> Keep in mind, I was getting a lot of the same kind of stuff from
> this person, not exactly, but similar, with the Windows machine
> and the Linux machine. Same machine dual boot.
>
> I saw nothing wrong.
>
> The stuff below is from emails.
>
> If there is a better group for this please point me that way!!

one of the psychology groups or maybe rec.drugs.psychadelic

> What do you think?

don't even waste your time with him. no matter what you say he is not
going to believe it.

> ***************************Here is what I am being told********

> Kextload: /System/Library/Extensions/msdosfs.kext loaded
> successfully
>
> Kext files will load into memory as needed. I just logged on and
> didn't do anyhing. Especially anything to do with Microsoft dos
> which
> is what that is.

it's the microsoft file system, aka fat32 & ntfs. it's supposed to load.

> I know abou cups. I have seen what the log said on it when I got
> MacBook. It has different stuff in it now. So does my system
> profiler.

can he provide the initial log and current log so that the exact
differences can be seen? somehow i doubt it.

> I thought I copied everything it said when I got mac but I can't
> find
> it.

imagine that.

> Network locations on my mac has tons of stuff in it where I
> could
> swear it was empty before.

what 'tons of stuff' might that be? only one location is active and if
it was something other than what works with his isp, the alleged
outsiders would not be able to connect, so it would be rather stupid
for an outsider to screw with it.

> Stephs old MacBook has that location
> empty
> (it's using Internet with belkin wireless when I use magic Jack).
>
> Apple talk keeps starting up. That's a part of airport express
> router
> to connect printer.

nope. appletalk is not used at all unless the user explicitly enables
it.

> Why does my graphics card show as Ethernet card? This same thing
> happened on other computers.

provide a screen shot.

> Yesterday I saw a new quest folder that was just created. Couldn't
> access it but it has a size of file on info. It should be zero or
> small # cause I had it off and empty.
>
> I have intego firewall and virus barrier.

no need, and can cause more problems than it solves.

> There is also something with time servers consistent with all the
> computers. Which I always set to not check time automatically.

why would anyone not want it to check time automatically?

> Says I'm using my Ethernet connection & it now has Nvidia as
> vendor.

nvidia ethernet? that's a new one.

> My Ethernet is set to inactive(disabled).

i think his brain is set to inactive.

> **************End of Emails*******************
>
> Is there a problem here?

yes.

he is under the influence of some sort of mind altering substance.

i can't think of any other explanation.
From: Moshe on 17 Mar 2010 19:45
On Wed, 17 Mar 2010 16:23:22 -0700, nospam wrote:

> In article <i0wjf91vl808.1dfth9e5rs641$.dlg(a)40tude.net>, Jerry Lenstein
> <jsteineritsfake(a)email.net> wrote:
>
>> I have a friend who is convinced that his MacBookPro has been
>> hacked and is being accessed by "outside sources".
>
> does he wear a tinfoil hat?

:)
I hear ya....


>> First off, this person used to run Windows and claimed the same
>> thing despite several highly knowledgeable people, including
>> myself, looking over the Windows system, re-installing clean etc
>> and finding nothing wrong.
>
> imagine that.

I wish I was :(
This person is driving me crazy.

>> Keep this in mind when reading the stuff below because this is
>> pretty much the same complaints I got with Windows, as well as
>> with a Linux LIVE CD.
>> Keep that in mind.
>
> i think you know the answer.

I do.
I'm just looking for some confirmation from others to assure me
that *I* am not going nuts.

>> I am *not* a Mac person so I am asking for advice here.
>> This is what this person is telling me.
>> Please advise because I am pulling my hair out.
>
> my advice is let someone else deal with him. :)

Haha!

Two people have. on the Windows/Linux box.
They reached the same conclusion you and I have.

I told this person to take the Mac to Apple as it's still under
warranty.
He refuses, claiming the Apple techs are "idiots".
His words not mine and not my opinion at all.


>> FWIW I have been a computer professional for 30+ years and have
>> never heard anything like this in my entire life, not even with
>> Windows.
>
> like i said, i think you know the answer.

Yep... :(


>> Connection is broadband BTW.
>> Router has been swapped to 2 different brands.
>> MacBook is less than 6 months old and up to date AFAIK.
>>
>> Here is what he is telling me and I would like to know, honestly,
>> what you guys think.
>
> i think he's a lunatic.

So do I...

But is there *any way* he could *possibly* be right?
He seems normal in every other aspect of life.


>> Keep in mind, I was getting a lot of the same kind of stuff from
>> this person, not exactly, but similar, with the Windows machine
>> and the Linux machine. Same machine dual boot.
>>
>> I saw nothing wrong.
>>
>> The stuff below is from emails.
>>
>> If there is a better group for this please point me that way!!
>
> one of the psychology groups or maybe rec.drugs.psychadelic

You owe me a beer :)


>> What do you think?
>
> don't even waste your time with him. no matter what you say he is not
> going to believe it.

Bingo....
That's exactly the responses I am getting.



>> ***************************Here is what I am being told********
>
>> Kextload: /System/Library/Extensions/msdosfs.kext loaded
>> successfully
>>
>> Kext files will load into memory as needed. I just logged on and
>> didn't do anyhing. Especially anything to do with Microsoft dos
>> which
>> is what that is.
>
> it's the microsoft file system, aka fat32 & ntfs. it's supposed to load.


Ok Thanks.


>> I know abou cups. I have seen what the log said on it when I got
>> MacBook. It has different stuff in it now. So does my system
>> profiler.
>
> can he provide the initial log and current log so that the exact
> differences can be seen? somehow i doubt it.

Me too, but I will ask.


>> I thought I copied everything it said when I got mac but I can't
>> find
>> it.
>
> imagine that.


Yea.


>> Network locations on my mac has tons of stuff in it where I
>> could
>> swear it was empty before.
>
> what 'tons of stuff' might that be? only one location is active and if
> it was something other than what works with his isp, the alleged
> outsiders would not be able to connect, so it would be rather stupid
> for an outsider to screw with it.

That's what I said.
My response was "exactly *what* are these people *doing* with all
this *stuff* ?
Are bank accounts, credit cards, etc being hacked?
Are you noticing huge amounts of traffic like you are being used
as a bot?
Etc.
I get no for everything.


>> Stephs old MacBook has that location
>> empty
>> (it's using Internet with belkin wireless when I use magic Jack).
>>
>> Apple talk keeps starting up. That's a part of airport express
>> router
>> to connect printer.
>
> nope. appletalk is not used at all unless the user explicitly enables
> it.

He is claiming it enabled itself.


>> Why does my graphics card show as Ethernet card? This same thing
>> happened on other computers.
>
> provide a screen shot.

Bingo....
Refuses.


>> Yesterday I saw a new quest folder that was just created. Couldn't
>> access it but it has a size of file on info. It should be zero or
>> small # cause I had it off and empty.
>>
>> I have intego firewall and virus barrier.
>
> no need, and can cause more problems than it solves.

Not familiar with them.
Could you explain?
TIA


>> There is also something with time servers consistent with all the
>> computers. Which I always set to not check time automatically.
>
> why would anyone not want it to check time automatically?

He is saying they are doing this on their own even after he checks
the box to say don't check.

>> Says I'm using my Ethernet connection & it now has Nvidia as
>> vendor.
>
> nvidia ethernet? that's a new one.

Yea.
I know there are Nvidia chipset boards in the Intel world though.
What chipset does the Macbook Pro use?


>> My Ethernet is set to inactive(disabled).
>
> i think his brain is set to inactive.

Haha!

Actually it's quite active to come up with all this stuff!

>> **************End of Emails*******************
>>
>> Is there a problem here?
>
> yes.
>
> he is under the influence of some sort of mind altering substance.
>
> i can't think of any other explanation.

I have to wonder.
From: nospam on 17 Mar 2010 20:26
In article <ivjsjet3g1to$.1nkn3o1pjplmt.dlg(a)40tude.net>, Moshe
<goldee_loxnbagels(a)gmail.com> wrote:

> I told this person to take the Mac to Apple as it's still under
> warranty.
> He refuses, claiming the Apple techs are "idiots".
> His words not mine and not my opinion at all.

some of them may not be the brightest bulbs but even the most idiotic
apple tech cannot hold a candle to this guy.

> But is there *any way* he could *possibly* be right?

realistically, no.

> He seems normal in every other aspect of life.

somehow i doubt that.

> >> I have intego firewall and virus barrier.
> >
> > no need, and can cause more problems than it solves.
>
> Not familiar with them.
> Could you explain?
> TIA

there's already a built in firewall and there is no mac malware in the
wild other than what a user deliberately installs *and* provides the
admin password.

any mac anti-virus utility at best will do nothing (because there's
nothing to find), and worst will false alarm and potentially cause all
sorts of problems.

for instance, one version of norton quarantined the virtual memory swap
files, which needless to say, did not end well. one version of intego
had a root exploit that actually made it *easier* to hack.

other problems include completely filling the hard drive with thousands
of small files and even preventing admin users from authenticating,
which means the user can no longer install any system updates (even a
security update) nor could they uninstall the problematic software. the
only solution is a full reinstall.

> >> There is also something with time servers consistent with all the
> >> computers. Which I always set to not check time automatically.
> >
> > why would anyone not want it to check time automatically?
>
> He is saying they are doing this on their own even after he checks
> the box to say don't check.

if the box is not checked, it's not checking, but unless he has a
packet log, how does he really know?

> I know there are Nvidia chipset boards in the Intel world though.
> What chipset does the Macbook Pro use?

depends which model. the current ones are nvidia 9400m and 9600m gt.

<http://www.apple.com/macbookpro/specs.html>

one possible solution is lock down his system and give him a *non*
admin account with parental controls enabled so he can only run the
apps he needs.

there's also an app called little snitch that will ask for confirmation
for any outgoing network activity. then he'll know which apps are
connecting to where. not that it will help any.
From: Jolly Roger on 17 Mar 2010 20:30
In article <i0wjf91vl808.1dfth9e5rs641$.dlg(a)40tude.net>,
Jerry Lenstein <jsteineritsfake(a)email.net> wrote:

> Kextload: /System/Library/Extensions/msdosfs.kext loaded
> successfully

This is the normal part of Mac OS X that allows Mac OS X to access MSDOS
formatted disks. There is no problem to solve.

--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR
 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Migration Assistant -- from Leopard to Tiger --- can it be done?
Next: iMac manual