|
#33
June 3rd, 2008, 12:35 PM
| |||
| |||
|
And another question - I've never specified an WINS name in any of the MAC's interfaces, though I've noticed that a name gets used. It usallsally is MACINTOSH-77777777 or something generic like that. My computer does have a name as specified in the Sharing preferences, though file sharing is outlawed on my machine. The two names don't match up. I've created a new "Location" and deleted the automatic location and have found over time that the generic mac name will get used again. I'd get it if the mac needs to default to a name as a placeholder but what I don't get is why the WINS name doesn't default to the computer name defined in Sharing preferences, since WINS is to help the machine share with Windows. Right? There must be a setting somewhere that I'm missing. Just want to make sure the machine isn't sharing files through some config file that has been modified or overlooked. |
|
#34
June 3rd, 2008, 01:49 PM
| ||||
| ||||
| Quote:
http://www.grc.com/port_443.htm That's a HTTP connection over SSL, i.e. secure HTTP, the protocol that you'll use when communicating with secure sites like your bank. |
|
#35
June 3rd, 2008, 01:57 PM
| ||||
| ||||
|
I don't think that your system is compromised. From where I'm sitting, it looks as though you are already believing that your system is compromised and that is leading you to see "intrusions" everywhere. Try scanning your computer against https://www.grc.com/x/ne.dll?bh0bkyd2 and see what it says. |
|
#36
June 3rd, 2008, 03:21 PM
| |||
| |||
I understand your skepticism. It's true that I'm watching every movement of the system. I want to join your side on this issue and will as soon as I can find someone who can explain to me what might be legitimate reasons for: su commands on the logs anonymous logins on the logs sections of logs that dissappear time changes by a few seconds on the logs "race conditions" on the logs "window replay" on the logs "recall volume changes" on the logs preference settings changing over time Hand me my alimuinum foil hat please. |
|
#37
June 20th, 2008, 01:55 AM
| |||
| |||
| Similar Issues on Windows and Mac Machines
I am reading the last few posts of this thread with much interest. I too have been encountering strange issues with both Windows and Mac machines. To start with, I had three computers in my home office become compromised through MBR/Downloader and DNS Hijack Trojans. At one time I too thought they were re-writing CD's but eventually what I realized they are doing is emulating CD's for the purpose of preventing my being able to reinstall Windows and to covertly install files that will give them control of the machine. I noticed this on a Windows machine when re-installing drivers after completing FDISK and Format on my hard drive. Earlier I had inspected the files on the CD and saw there were 10 drivers. However, when trying to install them the "disk" showed 14 driver files. They copy the disk to the hard drive, make you think you are accessing the CD in the CD drive but then install from the HD the files they want. I know this sounds crazy, but it is happening. I got fed up with Windows, after going through THREE new hard drives in less than a week trying to "beat" the hackers, and bought an iMac: Hardware Overview: Model Name: iMac Model Identifier: iMac7,1 Processor Name: Intel Core 2 Duo Processor Speed: 2 GHz Number Of Processors: 1 Total Number Of Cores: 2 L2 Cache: 4 MB Memory: 1 GB Bus Speed: 800 MHz Boot ROM Version: IM71.007A.B03 SMC Version: 1.20f4 Serial Number: QP816056X85 It wasn't long after connecting this machine (never could get Airport Extreme to configure properly) that I noticed it was being used as a DNS server. I am not familiar with Macs so it took a while before I figured out how to block incoming traffic, etc. I too was getting "fake" log-in screens, etc. popping up asking for my password and even had a message pop saying that Apple suggests I install "Growl" for network management. I also noticed that some of my documents were being copied into image files and somehow interfacing with X-11 to send them over the net (also not yet familiar with X-11). In doing some research I learned how to see where my user bin location is and, from what I understand, it was in the wrong place and in a strange place (when I perform the command echo $PATH in the terminal this is what I get: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin). After seeing this I erased the hard drive with a 7 pass erase and reinstalled OSX and this time I did not install X-11 or anything else other than the core requirements. However is I perform the command echo $PATH in the terminal it STILL gives me /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin. I also noticed that although I chose not to install any of the language packs other than English, all the languages are installed. On the Windows computers I was getting error messages in Chinese and Korean. From what I have learned through some online research (when my searches aren't being re-directed), there is some serious hacking taking place and it is being done by a sophisticated and organized group out of China and possibly North Korea. Their primary goal is identity theft. This is a serious issue that is not getting much press and needs to be addressed by companies such as Microsoft and Apple. I know I am not imaging things because my bank recently notified me that my account was locked due to repeated attempts to access my account from a foreign IP address. |
|
#38
June 20th, 2008, 01:59 AM
| |||
| |||
| Quote:
|
|
#39
June 20th, 2008, 02:03 AM
| |||
| |||
|
A question: Tonight I noticed the following "critical" notification in the log: 6/19/08 8:21:38 PM localhost fseventsd[26] fseventsd Critical log dir: /.fseventsd getting new uuid: 8B590C92-EBAE-4C8B-8441-8C61DD440BCB Any ideas? Or this error: 6/19/08 8:22:01 PM imac /usr/sbin/screenreaderd[68] /usr/sbin/screenreaderd Error SCREENREADER[68]: Stopping screen reader because login happened Last edited by NewMacUser-TX; June 20th, 2008 at 02:10 AM. |
|
#40
June 20th, 2008, 04:42 AM
| |||
| |||
|
First of all: I can't see anything that even remotely resembles a root kit or any other type of foul play in any of these logs. Second: if you don't know what to look for, don't look. Seriously. If you want to learn, then by all means look, and then google every log entry you don't understand, and learn what process caused the log entry and why. If you're not prepared to learn, don't look. You'll only grow (more) paranoid. I agree with g/re/p though, this smells lika a hoax. HelloMac seems more like a troll/flamebait than a seriously concerned user. |
 |
| Bookmarks |
| Tags |
| hack, install problems, volume erase problem |
| Thread Tools | |
|
|
All times are GMT -5. The time now is 05:27 PM.
