Keylogger Issue

Joined
Apr 25, 2009
Messages
1
Reaction score
0
Points
1
Hi there, I'm having an issue. I am certain that there is a "keylogger" on my computer at the moment. My world of warcraft password is being continually changed. Someone logged onto my account and stole all of my items. I changed my password, and they were on again today. I continue to find the password changed without my doing it.

What I'm trying to do now is figure out what the keylogger is, so that I can google it and find how to remove it.

I've installed a network monitor named Little Snitch. I'm watching it and these are the processes that have been using the internet thus far:

- ntpd (system clock synchronization)
- mDNSResponder (some network thing. contacts my ISP, charter, it looks like)
- Dropbox (? I used to use this.)
- Firefox (duh :])
- DirectoryService (don't understand what it does, seems legitimate
- Dashboard Service (desktop apps?)
- Airport Base Station Agent (wireless music from upstairs, I think)

The only thing that seems like it could possibly be sending my "keys" would be Dropbox, right? Has anyone heard of a keylogger that uses dropbox to send data? I admit I am not Mac savvy. :X Does anyone know if I can see just what is being sent/received via Dropbox? It just seems to be accessing the internet very frequently. Which makes sense, since it's for synching files, but it seems fishy (maybe I'm paranoid :X)

I'm going to attach here, as well, the results of entering the "ps -ef" command into terminal. I'm not familiar with a large portion of these, and as such it's difficult for me to tell which seem legitimate.

Code:
Sh######:~ bunkerking1214$ ps -ef
  UID   PID  PPID   C     STIME TTY           TIME CMD
    0     1     0   0   0:00.14 ??         0:00.19 /sbin/launchd
    0    10     1   0   0:01.08 ??         0:04.17 /usr/libexec/kextd
    0    11     1   0   0:00.51 ??         0:01.09 /usr/sbin/DirectoryService
    0    12     1   0   0:00.21 ??         0:00.28 /usr/sbin/notifyd
    0    13     1   0   0:00.08 ??         0:00.17 /usr/sbin/syslogd
    0    14     1   0   0:01.47 ??         0:02.61 /usr/sbin/configd
    1    15     1   0   0:00.25 ??         0:00.55 /usr/sbin/distnoted
   65    16     1   0   0:00.14 ??         0:00.24 /usr/sbin/mDNSResponder -launchd
    0    21     1   0   0:00.05 ??         0:00.12 /usr/sbin/securityd -i
    0    25     1   0   0:00.11 ??         0:00.16 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
    0    26     1   0   0:00.33 ??         0:00.74 /usr/sbin/cupsd -l
    0    27     1   0   0:00.10 ??         0:00.46 /usr/sbin/httpd -D FOREGROUND
    0    28     1   0   0:01.00 ??         0:01.00 /usr/sbin/update
    0    29     1   0   0:00.01 ??         0:00.02 /sbin/SystemStarter
    0    33     1   0   0:01.14 ??         0:02.07 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds
  501    34     1   0   0:01.04 ??         0:02.19 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
    0    35     1   0   0:00.00 ??         0:00.00 /usr/sbin/KernelEventAgent
    0    36     1   0   0:00.08 ??         0:00.14 /usr/sbin/kdcmond -n -a
    0    38     1   0   0:00.00 ??         0:00.00 /usr/libexec/hidd
    0    39     1   0   0:00.19 ??         0:00.28 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Version
    0    41     1   0   0:00.01 ??         0:00.01 /sbin/dynamic_pager -F /private/var/vm/swapfile
    0    44     1   0   0:00.07 ??         0:00.15 /usr/sbin/diskarbitrationd
    0    48     1   0   0:00.23 ??         0:00.47 /usr/sbin/blued
    0    49     1   0   0:00.01 ??         0:00.01 autofsd
    0    51     1   0   0:00.19 ??         0:00.81 /usr/libexec/ApplicationFirewall/socketfilterfw
    0    52     1   0   0:00.43 ??         0:01.17 /Library/Little Snitch/lsd
    0    57     1   0   0:00.85 ??         0:01.58 /System/Library/CoreServices/coreservicesd
    0    59    36   0   0:00.02 ??         0:00.04 /usr/sbin/krb5kdc -n -r LKDC:SHA1.8F28A77D7B20653814284A845CF99C2E37C15D28
   26    65    26   0   0:00.03 ??         0:00.11 Canon_MP610_series 105 bunkerking1214 band pass.bmp 1 Resolution=600x600dpi AP_D_InputSlot= pserrorh
   26    66    26   0   0:03.05 ??         0:04.58 Canon_MP610_series 105 bunkerking1214 band pass.bmp 1 Resolution=600x600dpi AP_D_InputSlot= pserrorh
   26    68    26   0   0:00.01 ??         0:00.02 usb://Canon/MP610%20series?serial=101FA3 105 bunkerking1214 band pass.bmp 1 Resolution=600x600dpi AP
   26    69    26   0   0:01.38 ??         0:03.56 HP_Photosmart_C5200_series 135 bunkerking1214 Microsoft Word - Disc12-101Handout.doc 1 AP_D_InputSlo
   26    70    26   0   0:00.02 ??         0:00.02 usb://HP/Photosmart%20C5200%20series?serial=MY76EBD2S704XQ 135 bunkerking1214 Microsoft Word - Disc1
   70    74    27   0   0:00.00 ??         0:00.00 /usr/sbin/httpd -D FOREGROUND
   88   108     1   0   0:24.54 ??         0:59.11 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphics.framework/Resources
   89   110     1   0   0:00.24 ??         0:00.56 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/m
    0   124     1   0   0:00.57 ??         0:00.71 /Library/StartupItems/ParallelsTransporter/llipd
    0   190     1   0   0:02.46 ??         0:11.94 /Library/StartupItems/SymAutoProtect/SymAutoProtect nodaemon
    0   264     1   0   0:00.07 ??         0:00.13 /usr/sbin/nmbd -F
  501   272     1   0   0:00.08 ??         0:00.11 /sbin/launchd
    0   284     1   0   0:00.29 ??         0:00.38 /Library/StartupItems/Parallels/pvsnatd
  501   307     1   0   0:00.23 ??         0:00.63 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/m
  501   318   272   0   0:01.40 ??         0:09.27 /Library/Little Snitch/Little Snitch Network Monitor.app/Contents/MacOS/Little Snitch Network Monito
  501   319   272   0   0:00.49 ??         0:07.74 /Library/Little Snitch/Little Snitch UIAgent.app/Contents/MacOS/Little Snitch UIAgent
  501   320   272   0   0:00.02 ??         0:00.05 /Library/PrivilegedHelperTools/RazerDeathAdderDaemon.app/Contents/MacOS/RazerDeathAdderDaemon
  501   321   272   0   0:00.03 ??         0:00.08 /Library/Application Support/Tablet/PenTabletDriver.app/Contents/MacOS/PenTabletDriver
  501   322   272   0   0:00.03 ??         0:00.08 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agen
  501   326   272   0   0:00.05 ??         0:00.17 /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
  501   327   272   0   0:00.12 ??         0:00.18 /usr/sbin/UserEventAgent -l Aqua
  501   328   272   0   0:00.00 ??         0:00.01 /usr/sbin/pboard
  501   329   272   0   0:00.90 ??         0:01.68 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framework/Support/ATSServer
  501   330   272   0   0:00.41 ??         0:01.05 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock -psn_0_57358
  501   332   272   0   0:00.01 ??         0:00.03 /Library/Application Support/Tablet/PenTabletDriver.app/Contents/Resources/TabletDriver.app/Contents
    0   333     1   0   0:00.06 ??         0:00.11 /usr/sbin/coreaudiod
  501   334   272   0   0:01.06 ??         0:01.98 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer -psn_0_77843
  501   335   272   0   0:13.03 ??         0:38.60 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder -psn_0_81940
  501   350   272   0   0:00.24 ??         0:01.54 /Library/Application Support/Norton Solutions Support/SymQuickMenu/SymQuickMenu.app/Contents/MacOS/S
    0   351   272   0   0:00.03 ??         0:00.27 /Library/Application Support/Norton Solutions Support/Norton AntiVirus/SAVDiskMountNotify.app/Conten
  501   352   272   0   0:00.04 ??         0:00.45 /Library/Application Support/Norton Solutions Support/Norton AntiVirus/ScanNotification.app/Contents
  501   355   272   0   0:00.01 ??         0:00.03 /Library/Application Support/Norton Solutions Support/Scheduler/SymSecondaryLaunch.app/Contents/MacO
  501   360   272   0   0:00.03 ??         0:00.06 /Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/MacOS/iTunesHelper -psn_0_1188
  501   361   272   0   0:00.06 ??         0:00.19 /Applications/Caffeine.app/Contents/MacOS/Caffeine -psn_0_122910
  501   362   272   0   0:01.81 ??         0:05.63 /Applications/Dropbox.app/Contents/MacOS/Dropbox -psn_0_127007
  501   363   272   0   0:00.14 ??         0:00.29 /Users/bunkerking1214/Library/PreferencePanes/Growl.prefPane/Contents/Resources/GrowlHelperApp.app/C
   -2   368     1   0   0:00.01 ??         0:00.01 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/usbmuxd -launchd
  501   458   272   0   0:16.37 ??         1:13.12 /Applications/Firefox.app/Contents/MacOS/firefox-bin -psn_0_147492
  501   470   330   0   0:00.26 ??         0:01.32 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Contents/MacOS/Dashboar
  501   471   330   0   0:00.28 ??         0:01.05 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Contents/MacOS/Dashboar
  501   508   272   0   0:00.15 ??         0:00.82 /Applications/Little Snitch Configuration.app/Contents/MacOS/Little Snitch Configuration -psn_0_1638
  501   524   272   0   0:00.08 ??         0:00.32 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn_0_188462
    0   525   524   0   0:00.02 ttys000    0:00.02 login -pf bunkerking1214
  501   526   525   0   0:00.01 ttys000    0:00.01 -bash
    0   539   526   0   0:00.00 ttys000    0:00.00 ps -ef

If there's information in there that I shouldn't be sharing online, do tell me. >.>If you see anything fishy, please post!
 
Joined
Jan 17, 2011
Messages
1
Reaction score
0
Points
1
Figure it out?

Hi,

I'm having the same problem as you - my WOW account is continually being hacked and the password changed. Did you ever figure out what your problem was - maybe mine is the same.

Thanks!
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Format the drive and do a clean install if you are that concerned about this. Good keylogger programs and not detectable!
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
It's probably not a keylogger.

Someone probably has guessed (or knows) your email account password. If they can read your email, they can always get back into your WoW account.

Reset both passwords to something different.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top