Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Macbook Air OS X - possible vm installed by hacker / suspect processes

dylib virtual machine rootkit hacker stalker applecamin screenreader dock.extra

  • Please log in to reply

#1
Jasminejayes

Jasminejayes

    New Member

  • Member
  • Pip
  • 2 posts

Hello,

 

I'm not sure if i'm paranoid and losing my mind or if i'm being messed with.  I've had to do a clean restall on my macbook air twice in the last couple of weeks, and my macbook pro 15" 2013 started systematically wiping files from itself right in front of my eyes after i deleted a rather suspect looking dual(core something.. it wasn't the standard process in all macs, it was along those lines though).  I generally do research about a process etc before deleting it so it wasn't a process required to run the whole machine.  

 

The above, amongst various other nuisances has made me start to think that somebody has installed a virus / malware / virtual machine / something bizarre on my computer and set it up so that it boots from the vm right from the start.  Is there someway to find this out 100%

 

I have some odd processes running at times (at least, they are to me and I am at my wits end researching each individual one).  Ones running at the moment that I don't like the look of are:  

 

remoteservices (Parent process shows "???") user id 501  

libxpc.dylib (yes i'm aware its a dynamic library but i seem to have issues with all the dylib i have)

com.apple.ViewBridge (currently there is a NSXPCSharedListener resume + 16 that just occured

Weibo.iaplugin (what is this, is it of any importance?)

unorm8_bgra.dylib

CoreAudio seems to run at the strangest times

SecCodeWrapper ?? 

libsystem.malloc.dylib

 

my notification center appears to be "calling out to an observer" 

 

AppleVAFramework

CoreWiFi

LibScreenReader

 

Also states:  VM Region Summary:  ReadOnly portion of Libraries: 265.mM etc etc  and the region type and virtual data stored.  

 

PLEASE SOMEBODY HELP ME!! I'm tired of reinstalling, I have a macbook pro, macbook air, ipad and iphone and each of these decides currently has an issue leading me to believe they're somehow all related.  

 

 


  • 0

Advertisements


#2
iEscape

iEscape

    Member

  • Member
  • PipPip
  • 35 posts
Hi,

Check adware / malware on a Mac with Malwarebytes Anti-Malware for Mac >> previously Adware Medic.
  • 0

#3
Jasminejayes

Jasminejayes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

I have, I should have mentioned that I have had Adware Medic for ages and when i did my clean reinstall i downloaded Malware Bytes straight up.. but it found nothing.  I also have fasttasks running and i'm currently testing out Esets however the network trafficking setup appears to be a little over my head, I have tested out little snitch with its similar network filtering to see if i could figure out what the issue was but unless i get someone who knows what they are doing to set it up for me, its going to take a lot of research and trial and error and im too impatient for that and end up blocking anything that sounds suspect


  • 0

#4
iEscape

iEscape

    Member

  • Member
  • PipPip
  • 35 posts
Hi,

Using Little Snitch is good, I install also on my Mac and use also Cookie form SweetProductions Cookie or you can also download from Mac App Store.

Ask Thomas Reed the maker of Malwarebytes Anti-Malware for Mac , now active on Malwarebytes Anti-Malware for Mac forum.
  • 0






Similar Topics


Also tagged with one or more of these keywords: dylib, virtual machine, rootkit, hacker, stalker, applecamin, screenreader, dock.extra

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP