Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Plastic gun. Ingenious. More coffee, please." -- The Phantom comics

computers / comp.sys.mac.system / Re: "My Mac Book Air is Been Hacked"!

SubjectAuthor
o Re: "My Mac Book Air is Been Hacked"!David Brooks

1
Re: "My Mac Book Air is Been Hacked"!

<9MhiM.28749$tol1.21440@fx09.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=16030&group=comp.sys.mac.system#16030

  copy link   Newsgroups: uk.comp.sys.mac alt.computer.workshop comp.sys.mac.system
Path: i2pn2.org!i2pn.org!news.neodome.net!feeder1.feed.usenet.farm!feed.usenet.farm!peer03.ams4!peer.am4.highwinds-media.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx09.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
Gecko/20100101 Thunderbird/102.12.0
Subject: Re: "My Mac Book Air is Been Hacked"!
Content-Language: en-GB
Newsgroups: uk.comp.sys.mac,alt.computer.workshop,comp.sys.mac.system
References: <UKUhM.19459$3C3e.13724@fx13.iad> <u6981k$18ufa$1@solani.org>
<u69ia0$3ig34$1@hunterbd.eternal-september.org> <u69jvb$194hd$1@solani.org>
<Dl3iM.7143$mshf.463@fx46.iad> <u6br39$18lrl$1@solani.org>
<r%eiM.60937$hl93.6400@fx18.iad> <u6c0no$18qe8$1@solani.org>
<idgiM.60939$hl93.36903@fx18.iad>
From: Dav...@nomail.afraid.org (David Brooks)
In-Reply-To: <idgiM.60939$hl93.36903@fx18.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 70
Message-ID: <9MhiM.28749$tol1.21440@fx09.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Wed, 14 Jun 2023 11:46:13 UTC
Organization: blocknews - www.blocknews.net
Date: Wed, 14 Jun 2023 12:46:12 +0100
X-Received-Bytes: 3321
 by: David Brooks - Wed, 14 Jun 2023 11:46 UTC

On 14/06/2023 11:00, David Brooks wrote:
> On 14/06/2023 10:19, Joerg Lorenz wrote:
>> Am 14.06.23 um 10:37 schrieb David Brooks:
>>> On 14/06/2023 08:43, Joerg Lorenz wrote:
>>>> Am 13.06.23 um 21:22 schrieb David Brooks:
>>>>> On 13/06/2023 12:29, Joerg Lorenz wrote:
>>>>>> Am 13.06.23 um 13:01 schrieb David (BD):
>>>>>>> On 13/06/2023 09:06, Joerg Lorenz wrote:
>>>>>>>> Am 13.06.23 um 09:18 schrieb David Brooks:
>>>>>>>>> Unsigned Files:
>>>>>>>>>          Launchd:
>>>>>>>>> /Library/LaunchDaemons/com.symantec.sharedsettings.MES.plist
>>>>>>>>>              Executable: /Library/Application
>>>>>>>>> Support/Symantec/Silo/MES/DomainSettings/SymSharedSettingsd
>>>>>>>>>              Details: Exact match found in the legitimate list
>>>>>>>>> - probably OK
>>>>>>>>
>>>>>>>>
>>>>>>>> *The system is compromised*.
>>>>>>>
>>>>>>>
>>>>>>> I wonder if anyone else reading here agrees with you.
>>>>>>
>>>>>> Symantec files on a Mac or any other computer are a
>>>>>> malware-infection.
>>>>>
>>>>> Ha! Guess what *I* found?!!!
>>>>>
>>>>> https://ibb.co/88bn2jF
>>>>>
>>>>> All now gone. :-D
>>>>>
>>>>> Thanks for helping. :-)
>>>>
>>>> Why do you do that? I'm stunned!
>>>
>>> I was 'testing' EtreCheck, available from Etresoft Inc
>>> https://www.etresoft.com/index.html
>>>
>>> What showed up as 'interesting' when YOU first used it to scan /your/
>>> > Apple computer?
>>
>> I never install malware intentionally on my productive systems ... ;-)
>
> You appear to be suggesting that EtreCheck is malware. AFAICR, it
> doesn't actually INSTALL itself or ask for one's Admin name and
> password, a requirement before using the FREE trial of ClamXAV!
>
> Which route is better? In your OPINION of course!
>
> See: Step 1, here:- https://www.clamxav.com/download/
>
>>> Perhaps you've also come across my question asked here under my Apple
>>> ASC handle, HunterBD?
>>>
>>> https://developer.apple.com/forums/thread/687438
>>
>> Perhaps.
>
> HAVE you now looked?

Oops! Wrong link!

https://developer.apple.com/forums/thread/709959

Sorry about that!

--
David

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor