PDA

View Full Version : Please HELP! Is there definitely logKext on my MAc?



marlas1978
09-03-2017, 04:33 AM
Hello Everyone!

A complete newcomer to the forum! So please be gentle.

Hppe you guys can help me here...

I have reason to believe that a keylogger is installed on my Mac. And I reckon I know who put it there. But I am not certain. Have been looking around online to try and find some answers and still unsure of a couple of things.

I was suspicious so I started looking for evidence. If I open console, and look at the system log, there are many, many lines like this:

Aug 26 12:24:23 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10569]): Service exited with abnormal code: 1
Aug 26 12:24:23 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:33 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10573]): Service exited with abnormal code: 1
Aug 26 12:24:33 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:43 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10579]): Service exited with abnormal code: 1
Aug 26 12:24:43 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:53 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10581]): Service exited with abnormal code: 1
Aug 26 12:24:53 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:25:03 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10585]): Service exited with abnormal code: 1
Aug 26 12:25:03 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:25:13 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10589]): Service exited with abnormal code: 1

In amongst a whole load of other processes - none of which I really understand.

To me it seems pretty sure that LogKext is installed and running. So my questions are:

i) Is that right? Or can it be something else.
ii) Is it correct that it can only have got there through the deliberate act of someone with access to the computer? I mean, could it have been dwonloaded and installed maliciiously (malware?) in the background without me realising?
iii) I read in numerous places that keyloggers are usually very hard to detect. However, I found this evidence quite quickly and easily - so is that really the case then?
iv) Is there any way of knowing when it was installed on my mac?
v) Likewise, is there any way of knowing when it was last accessed (to view/download the log). Tried to access it myslef - but it is password protected (the person that put it there would have known my admin password).
vi) I think I managed to uninstall it using the 'LogKextUninstall.command' (I think it was successful as I no longer see the same outputs as above in the system log. Is there a way to check that it gone for sure?

Sorry. thats a lot of question I have just realised! Hope someone out there has some of the answers.

Many Thanks in advance

Marlas.
Mac Book Pro
Sierra 10.12.5

pigoo3
09-03-2017, 10:18 AM
Try installing & running the App "Malwarebytes"...see if this helps.

- Nick

Slydude
09-03-2017, 01:06 PM
Generally, well done key loggers are very difficult to detect. If it were eddy they'd be virtually useless. What behavior are you seeing that makes you think you have picked up a keylogger?