Results 1 to 4 of 4

Thread: Keylogger Issue

  1. #1


    Member Since
    Apr 25, 2009
    Posts
    1
    Exclamation Keylogger Issue
    Hi there, I'm having an issue. I am certain that there is a "keylogger" on my computer at the moment. My world of warcraft password is being continually changed. Someone logged onto my account and stole all of my items. I changed my password, and they were on again today. I continue to find the password changed without my doing it.

    What I'm trying to do now is figure out what the keylogger is, so that I can google it and find how to remove it.

    I've installed a network monitor named Little Snitch. I'm watching it and these are the processes that have been using the internet thus far:

    - ntpd (system clock synchronization)
    - mDNSResponder (some network thing. contacts my ISP, charter, it looks like)
    - Dropbox (? I used to use this.)
    - Firefox (duh :])
    - DirectoryService (don't understand what it does, seems legitimate
    - Dashboard Service (desktop apps?)
    - Airport Base Station Agent (wireless music from upstairs, I think)

    The only thing that seems like it could possibly be sending my "keys" would be Dropbox, right? Has anyone heard of a keylogger that uses dropbox to send data? I admit I am not Mac savvy. :X Does anyone know if I can see just what is being sent/received via Dropbox? It just seems to be accessing the internet very frequently. Which makes sense, since it's for synching files, but it seems fishy (maybe I'm paranoid :X)

    I'm going to attach here, as well, the results of entering the "ps -ef" command into terminal. I'm not familiar with a large portion of these, and as such it's difficult for me to tell which seem legitimate.

    Code:
    Sh######:~ bunkerking1214$ ps -ef
      UID   PID  PPID   C     STIME TTY           TIME CMD
        0     1     0   0   0:00.14 ??         0:00.19 /sbin/launchd
        0    10     1   0   0:01.08 ??         0:04.17 /usr/libexec/kextd
        0    11     1   0   0:00.51 ??         0:01.09 /usr/sbin/DirectoryService
        0    12     1   0   0:00.21 ??         0:00.28 /usr/sbin/notifyd
        0    13     1   0   0:00.08 ??         0:00.17 /usr/sbin/syslogd
        0    14     1   0   0:01.47 ??         0:02.61 /usr/sbin/configd
        1    15     1   0   0:00.25 ??         0:00.55 /usr/sbin/distnoted
       65    16     1   0   0:00.14 ??         0:00.24 /usr/sbin/mDNSResponder -launchd
        0    21     1   0   0:00.05 ??         0:00.12 /usr/sbin/securityd -i
        0    25     1   0   0:00.11 ??         0:00.16 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
        0    26     1   0   0:00.33 ??         0:00.74 /usr/sbin/cupsd -l
        0    27     1   0   0:00.10 ??         0:00.46 /usr/sbin/httpd -D FOREGROUND
        0    28     1   0   0:01.00 ??         0:01.00 /usr/sbin/update
        0    29     1   0   0:00.01 ??         0:00.02 /sbin/SystemStarter
        0    33     1   0   0:01.14 ??         0:02.07 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds
      501    34     1   0   0:01.04 ??         0:02.19 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
        0    35     1   0   0:00.00 ??         0:00.00 /usr/sbin/KernelEventAgent
        0    36     1   0   0:00.08 ??         0:00.14 /usr/sbin/kdcmond -n -a
        0    38     1   0   0:00.00 ??         0:00.00 /usr/libexec/hidd
        0    39     1   0   0:00.19 ??         0:00.28 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Version
        0    41     1   0   0:00.01 ??         0:00.01 /sbin/dynamic_pager -F /private/var/vm/swapfile
        0    44     1   0   0:00.07 ??         0:00.15 /usr/sbin/diskarbitrationd
        0    48     1   0   0:00.23 ??         0:00.47 /usr/sbin/blued
        0    49     1   0   0:00.01 ??         0:00.01 autofsd
        0    51     1   0   0:00.19 ??         0:00.81 /usr/libexec/ApplicationFirewall/socketfilterfw
        0    52     1   0   0:00.43 ??         0:01.17 /Library/Little Snitch/lsd
        0    57     1   0   0:00.85 ??         0:01.58 /System/Library/CoreServices/coreservicesd
        0    59    36   0   0:00.02 ??         0:00.04 /usr/sbin/krb5kdc -n -r LKDC:SHA1.8F28A77D7B20653814284A845CF99C2E37C15D28
       26    65    26   0   0:00.03 ??         0:00.11 Canon_MP610_series 105 bunkerking1214 band pass.bmp 1 Resolution=600x600dpi AP_D_InputSlot= pserrorh
       26    66    26   0   0:03.05 ??         0:04.58 Canon_MP610_series 105 bunkerking1214 band pass.bmp 1 Resolution=600x600dpi AP_D_InputSlot= pserrorh
       26    68    26   0   0:00.01 ??         0:00.02 usb://Canon/MP610%20series?serial=101FA3 105 bunkerking1214 band pass.bmp 1 Resolution=600x600dpi AP
       26    69    26   0   0:01.38 ??         0:03.56 HP_Photosmart_C5200_series 135 bunkerking1214 Microsoft Word - Disc12-101Handout.doc 1 AP_D_InputSlo
       26    70    26   0   0:00.02 ??         0:00.02 usb://HP/Photosmart%20C5200%20series?serial=MY76EBD2S704XQ 135 bunkerking1214 Microsoft Word - Disc1
       70    74    27   0   0:00.00 ??         0:00.00 /usr/sbin/httpd -D FOREGROUND
       88   108     1   0   0:24.54 ??         0:59.11 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphics.framework/Resources
       89   110     1   0   0:00.24 ??         0:00.56 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/m
        0   124     1   0   0:00.57 ??         0:00.71 /Library/StartupItems/ParallelsTransporter/llipd
        0   190     1   0   0:02.46 ??         0:11.94 /Library/StartupItems/SymAutoProtect/SymAutoProtect nodaemon
        0   264     1   0   0:00.07 ??         0:00.13 /usr/sbin/nmbd -F
      501   272     1   0   0:00.08 ??         0:00.11 /sbin/launchd
        0   284     1   0   0:00.29 ??         0:00.38 /Library/StartupItems/Parallels/pvsnatd
      501   307     1   0   0:00.23 ??         0:00.63 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/m
      501   318   272   0   0:01.40 ??         0:09.27 /Library/Little Snitch/Little Snitch Network Monitor.app/Contents/MacOS/Little Snitch Network Monito
      501   319   272   0   0:00.49 ??         0:07.74 /Library/Little Snitch/Little Snitch UIAgent.app/Contents/MacOS/Little Snitch UIAgent
      501   320   272   0   0:00.02 ??         0:00.05 /Library/PrivilegedHelperTools/RazerDeathAdderDaemon.app/Contents/MacOS/RazerDeathAdderDaemon
      501   321   272   0   0:00.03 ??         0:00.08 /Library/Application Support/Tablet/PenTabletDriver.app/Contents/MacOS/PenTabletDriver
      501   322   272   0   0:00.03 ??         0:00.08 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agen
      501   326   272   0   0:00.05 ??         0:00.17 /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
      501   327   272   0   0:00.12 ??         0:00.18 /usr/sbin/UserEventAgent -l Aqua
      501   328   272   0   0:00.00 ??         0:00.01 /usr/sbin/pboard
      501   329   272   0   0:00.90 ??         0:01.68 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/ATSServer
      501   330   272   0   0:00.41 ??         0:01.05 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock -psn_0_57358
      501   332   272   0   0:00.01 ??         0:00.03 /Library/Application Support/Tablet/PenTabletDriver.app/Contents/Resources/TabletDriver.app/Contents
        0   333     1   0   0:00.06 ??         0:00.11 /usr/sbin/coreaudiod
      501   334   272   0   0:01.06 ??         0:01.98 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer -psn_0_77843
      501   335   272   0   0:13.03 ??         0:38.60 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder -psn_0_81940
      501   350   272   0   0:00.24 ??         0:01.54 /Library/Application Support/Norton Solutions Support/SymQuickMenu/SymQuickMenu.app/Contents/MacOS/S
        0   351   272   0   0:00.03 ??         0:00.27 /Library/Application Support/Norton Solutions Support/Norton AntiVirus/SAVDiskMountNotify.app/Conten
      501   352   272   0   0:00.04 ??         0:00.45 /Library/Application Support/Norton Solutions Support/Norton AntiVirus/ScanNotification.app/Contents
      501   355   272   0   0:00.01 ??         0:00.03 /Library/Application Support/Norton Solutions Support/Scheduler/SymSecondaryLaunch.app/Contents/MacO
      501   360   272   0   0:00.03 ??         0:00.06 /Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/MacOS/iTunesHelper -psn_0_1188
      501   361   272   0   0:00.06 ??         0:00.19 /Applications/Caffeine.app/Contents/MacOS/Caffeine -psn_0_122910
      501   362   272   0   0:01.81 ??         0:05.63 /Applications/Dropbox.app/Contents/MacOS/Dropbox -psn_0_127007
      501   363   272   0   0:00.14 ??         0:00.29 /Users/bunkerking1214/Library/PreferencePanes/Growl.prefPane/Contents/Resources/GrowlHelperApp.app/C
       -2   368     1   0   0:00.01 ??         0:00.01 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd
      501   458   272   0   0:16.37 ??         1:13.12 /Applications/Firefox.app/Contents/MacOS/firefox-bin -psn_0_147492
      501   470   330   0   0:00.26 ??         0:01.32 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Contents/MacOS/Dashboar
      501   471   330   0   0:00.28 ??         0:01.05 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Contents/MacOS/Dashboar
      501   508   272   0   0:00.15 ??         0:00.82 /Applications/Little Snitch Configuration.app/Contents/MacOS/Little Snitch Configuration -psn_0_1638
      501   524   272   0   0:00.08 ??         0:00.32 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn_0_188462
        0   525   524   0   0:00.02 ttys000    0:00.02 login -pf bunkerking1214
      501   526   525   0   0:00.01 ttys000    0:00.01 -bash
        0   539   526   0   0:00.00 ttys000    0:00.00 ps -ef
    If there's information in there that I shouldn't be sharing online, do tell me. >.>If you see anything fishy, please post!

  2. #2


    Member Since
    Jan 17, 2011
    Posts
    1
    Figure it out?
    Hi,

    I'm having the same problem as you - my WOW account is continually being hacked and the password changed. Did you ever figure out what your problem was - maybe mine is the same.

    Thanks!

  3. #3

    harryb2448's Avatar
    Member Since
    Nov 28, 2007
    Location
    Nambucca Heads Australia
    Posts
    21,852
    Specs:
    Imac 27" Retina 3.3GHz, 512GB Flash, 16GB memory, OS X.11.4.
    Format the drive and do a clean install if you are that concerned about this. Good keylogger programs and not detectable!
    Hang on to those original install discs like grim death! Using OS X.7 or later make a bootable USB thumb drive before running Installer!

  4. #4


    Member Since
    Mar 30, 2004
    Location
    USA
    Posts
    4,744
    Specs:
    12" Apple PowerBook G4 (1.5GHz)
    It's probably not a keylogger.

    Someone probably has guessed (or knows) your email account password. If they can read your email, they can always get back into your WoW account.

    Reset both passwords to something different.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. keylogger
    By stereoscopic in forum Security Awareness
    Replies: 16
    Last Post: 05-09-2015, 09:56 AM
  2. Keylogger need help!
    By kierandice in forum OS X - Operating System
    Replies: 3
    Last Post: 03-08-2011, 11:48 AM
  3. Possible keylogger?
    By leingod in forum OS X - Operating System
    Replies: 2
    Last Post: 09-29-2010, 03:23 AM
  4. Do I have a keylogger?
    By Nordic in forum OS X - Operating System
    Replies: 6
    Last Post: 03-19-2010, 01:04 PM
  5. Keylogger
    By jsloan10 in forum OS X - Apps and Games
    Replies: 1
    Last Post: 12-09-2006, 02:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •