what on earth is going on?

Joined
Oct 4, 2018
Messages
3
Reaction score
0
Points
1
okay you were right... i was in the wrong folder (these Mac's are not that user friendly)
how ever.... have you ever wondered what would happen if you changed the value in the key to something else?
like change the contents inside the blue on line 5?
View attachment 28646

No, they're user-friendly, just perhaps different from what you are used to?

Alas, you didn't answer my question, and are now asking an unanswerable question, since you cropped off the most important information in the screenshot!!! (It's great that you're making the effort to do screenshots, but they must actually show the relevant information to be useful for troubleshooting purposes.) Since you don't really understand the Mac's innards, I wouldn't go poking around doing stuff you don't understand, such as editing plist files and running terminal commands. Instead, provide detailed information (including answering questions asked of you) so that others can guide you.

Which terminal command (what you called a "command line request") did you run that solved the problem?
 
OP
D
Joined
Jul 21, 2013
Messages
153
Reaction score
0
Points
16
Your Mac's Specs
Mid 2012 MBP - 13" i5 3210M, 16GB RAM, 240GB SSD, 500GB storage (in place of optical).
It's malware!!!

I'm in the middle of helping a friend with this issue, and I think I have arrived at a disturbing conclusion: I think it's a covert key logger. This would explain why it's trying to control every application!

If you look inside the com.apple.fonts.app bundle, the info.plist file contains this URL: http://www.widestep.com/fdbck/emailstore/submit.php?application=EliteKeyloggerMac

There's also a log file and a binary file. I don't know what's in the binary, but the log file indicates regular screen shots and web history parsing, all in 2014. I don't know whether it succeeded in uploading anything.

To remove it:
First, in Terminal, run:
sudo rm /Library/LaunchAgents/com.apple.fonts.plist


Then, if the com.apple.fonts.plist process is still running, kill it in Activity Monitor or terminal.

Restart for good measure.

And of course, run an anti-malware tool, and assume you've been compromised and change passwords.



No, they're user-friendly, just perhaps different from what you are used to?

Alas, you didn't answer my question, and are now asking an unanswerable question, since you cropped off the most important information in the screenshot!!! (It's great that you're making the effort to do screenshots, but they must actually show the relevant information to be useful for troubleshooting purposes.) Since you don't really understand the Mac's innards, I wouldn't go poking around doing stuff you don't understand, such as editing plist files and running terminal commands. Instead, provide detailed information (including answering questions asked of you) so that others can guide you.

Which terminal command (what you called a "command line request") did you run that solved the problem?

im used the command in your first post... and its too late now for me to add any more detail with a screen shot, the plist is gone...
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top