- Joined
- Sep 3, 2017
- Messages
- 1
- Reaction score
- 0
- Points
- 1
Hello Everyone!
A complete newcomer to the forum! So please be gentle.
Hppe you guys can help me here...
I have reason to believe that a keylogger is installed on my Mac. And I reckon I know who put it there. But I am not certain. Have been looking around online to try and find some answers and still unsure of a couple of things.
I was suspicious so I started looking for evidence. If I open console, and look at the system log, there are many, many lines like this:
Aug 26 12:24:23 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10569]): Service exited with abnormal code: 1
Aug 26 12:24:23 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:33 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10573]): Service exited with abnormal code: 1
Aug 26 12:24:33 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:43 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10579]): Service exited with abnormal code: 1
Aug 26 12:24:43 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:53 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10581]): Service exited with abnormal code: 1
Aug 26 12:24:53 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:25:03 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10585]): Service exited with abnormal code: 1
Aug 26 12:25:03 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:25:13 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10589]): Service exited with abnormal code: 1
In amongst a whole load of other processes - none of which I really understand.
To me it seems pretty sure that LogKext is installed and running. So my questions are:
i) Is that right? Or can it be something else.
ii) Is it correct that it can only have got there through the deliberate act of someone with access to the computer? I mean, could it have been dwonloaded and installed maliciiously (malware?) in the background without me realising?
iii) I read in numerous places that keyloggers are usually very hard to detect. However, I found this evidence quite quickly and easily - so is that really the case then?
iv) Is there any way of knowing when it was installed on my mac?
v) Likewise, is there any way of knowing when it was last accessed (to view/download the log). Tried to access it myslef - but it is password protected (the person that put it there would have known my admin password).
vi) I think I managed to uninstall it using the 'LogKextUninstall.command' (I think it was successful as I no longer see the same outputs as above in the system log. Is there a way to check that it gone for sure?
Sorry. thats a lot of question I have just realised! Hope someone out there has some of the answers.
Many Thanks in advance
Marlas.
Mac Book Pro
Sierra 10.12.5
A complete newcomer to the forum! So please be gentle.
Hppe you guys can help me here...
I have reason to believe that a keylogger is installed on my Mac. And I reckon I know who put it there. But I am not certain. Have been looking around online to try and find some answers and still unsure of a couple of things.
I was suspicious so I started looking for evidence. If I open console, and look at the system log, there are many, many lines like this:
Aug 26 12:24:23 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10569]): Service exited with abnormal code: 1
Aug 26 12:24:23 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:33 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10573]): Service exited with abnormal code: 1
Aug 26 12:24:33 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:43 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10579]): Service exited with abnormal code: 1
Aug 26 12:24:43 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:24:53 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10581]): Service exited with abnormal code: 1
Aug 26 12:24:53 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:25:03 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10585]): Service exited with abnormal code: 1
Aug 26 12:25:03 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Aug 26 12:25:13 Ians-MBP-2 com.apple.xpc.launchd[1] (com.fsb.logKext[10589]): Service exited with abnormal code: 1
In amongst a whole load of other processes - none of which I really understand.
To me it seems pretty sure that LogKext is installed and running. So my questions are:
i) Is that right? Or can it be something else.
ii) Is it correct that it can only have got there through the deliberate act of someone with access to the computer? I mean, could it have been dwonloaded and installed maliciiously (malware?) in the background without me realising?
iii) I read in numerous places that keyloggers are usually very hard to detect. However, I found this evidence quite quickly and easily - so is that really the case then?
iv) Is there any way of knowing when it was installed on my mac?
v) Likewise, is there any way of knowing when it was last accessed (to view/download the log). Tried to access it myslef - but it is password protected (the person that put it there would have known my admin password).
vi) I think I managed to uninstall it using the 'LogKextUninstall.command' (I think it was successful as I no longer see the same outputs as above in the system log. Is there a way to check that it gone for sure?
Sorry. thats a lot of question I have just realised! Hope someone out there has some of the answers.
Many Thanks in advance
Marlas.
Mac Book Pro
Sierra 10.12.5