Have I been hacked?

M

mazzy

Registered
I've bought a Mac Mini a couple of months ago because I'd been repeatedly hacked using Windows XP. I'd been told that Mac's were hack proof.

I swear the day I got this, I had a user named Troy logged on. (Troy as in trojan?) I've made many attempts to do an erase and install, talked to Mac help desk...they were absolutely no help. They just repeated over and over that Mac's don't get viruses and don't get hacked.

I'm so freaking frustrated. I have the same thing as before. I always suspected that I had a linux rootkit on my xp machine. Too many files I had were either linux or wine. If I edited them, they immediately reappeared with a ~. Can't delete cookies or cache, iconcache, fontcache, netboot. etc.....

Same thing on this machine. I'm not part of a network, but I have a network installed. I'm not a server, but I have a server installed. I try to find info on certain files on the web, but I get redirected. Nothing works like it's supposed to.


I'm desperate!
 
Okay. Can you reformulate the question, please? :) ... Leave out anything about prior experiences with Windows and/or linux, because right now, we just want to look at your Mac mini.

Which model is it? intel or PowerPC, how much RAM etc.? Which operating system version is installed? And what _exactly_ are the current signs of some abuse of the computer?

Just to put things right here: It's not _impossible_ that someone would hack into your system. Depending on what services you have running which let outsiders gain (wanted) access to your computer, you also open some doors for _unwanted_ access. I.e.: If your computer is listening on the ports for Windows Sharing, you basically have the package Samba running with _its_ share of vulnerabilities, you know... But that's all theoretical: Tell us what you _have_ running (Sharing preference pane should tell you) and why.

There _are_ currently no known viruses for the Mac in the wild. No worms or spyware etc. either. But that doesn't mean that _theoretically_ some vulnerabilities exist and that _theoretically_, an attack to your computer could have been performed successfully. However: It's rather unlikely. So tell!
 
mazzy said:
I'm not part of a network, but I have a network installed. I'm not a server, but I have a server installed. I try to find info on certain files on the web, but I get redirected. Nothing works like it's supposed to.

I'm desperate!
Click to expand...

I'm not sure I understand that. If you're referring to the "Network" icon that comes up under "Computer" then that is normal and appears regardless of whether you are connected to a network or not. As for servers, what are you seeing that makes you think you "have a server installed". Mac OS X (not server) comes with several servers installed that can be switched on easily through the Sharing preference panel. And as for "certain files on the web" can you give us a bit more info?
 
Machine Name: Mac mini
Machine Model: Macmini1,1
CPU Type: Intel Core Duo
Number Of Cores: 2
CPU Speed: 1.66 GHz
L2 Cache (shared): 2 MB
Memory: 512 MB
Bus Speed: 667 MHz
Boot ROM Version: MM11.004B.B00
Serial Number: YM609BV6U36
SMC Version: 1.3f2

I tried again to erase and install tonight, and my log is posted below. My first attempts to connect to the internet didn't work. My system wants to automatically connect to 169.254.216.201, which I believe is my local link. I've tried to download and install a couple of programs, but I get a warning that they won't mount because they aren't recognized.

As to why do I think I'm a server? Because when I was hacked on win XP, I became a game and music server. Some idiot kept changing my background picture on my desktop, leaving stupid messages like "catch me if you can", and changing my password. My computer even yelled at me..."Hey (name), Hey (name) from (city). Name and city were correct and that really scared me! I'm still paranoid, so with problems now on mac, I really wonder. Especially when airport won't stay closed.

My network includes Library and Servers. Servers includes cpe-(my ip address).gt.res.rr.com. This includes everything on my computer. I also have a tftp boot which includes everything on my computer, and a net boot. I'm really ignorant about mac and unix, but I've been burned too many times!
Thanks for your help!

-------------------------------------------------------------------------------------
Jun 11 02:09:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
Jun 11 02:09:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
Jun 11 02:09:01 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Jun 11 02:09:01 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Jun 11 02:09:01 localhost kernel[0]: using 1262 buffer headers and 1262 cluster IO buffer headers
Jun 11 02:09:01 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jun 11 02:09:01 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 0:23
Jun 11 02:09:01 localhost kernel[0]: Started CPU 01
Jun 11 02:09:01 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Jun 11 02:09:01 localhost kernel[0]: Security auditing service present
Jun 11 02:09:01 localhost kernel[0]: BSM auditing present
Jun 11 02:09:01 localhost kernel[0]: disabled
Jun 11 02:09:01 localhost kernel[0]: rooting via boot-uuid from /chosen: F4CD6635-1D0E-475F-B513-53B3665C7906
Jun 11 02:09:01 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Jun 11 02:09:01 localhost kernel[0]: FireWire (OHCI) Lucent ID 5811 PCI now active, GUID 0016cbfffe586f76; max speed s400.
Jun 11 02:09:01 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@1F,2/AppleAHCI/AppleAHCIPort@2/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MHV2080BHPL Media/IOGUIDPartitionScheme/Apple_HFS_Untitled_1@2
Jun 11 02:09:01 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Jun 11 02:09:01 localhost kernel[0]: CSRHIDTransitionDriver::probe:
Jun 11 02:09:01 localhost kernel[0]: CSRHIDTransitionDriver::start before command
Jun 11 02:09:01 localhost kernel[0]: CSRHIDTransitionDriver::stop
Jun 11 02:09:01 localhost kernel[0]: IOBluetoothHCIController::start Idle Timer Stopped
Jun 11 02:09:01 localhost kernel[0]: Jettisoning kernel linker.
Jun 11 02:09:01 localhost kernel[0]: Resetting IOCatalogue.
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Previous Shutdown Cause: 3
Jun 11 02:09:01 localhost kernel[0]: mac 10.3 phy 6.1 radio 10.2
Jun 11 02:09:01 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
Jun 11 02:09:01 localhost mDNSResponder-108 (Jan 14 2006 02: 59:21)[32]: starting
Jun 11 02:09:01 localhost memberd[39]: memberd starting up
Jun 11 02:09:01 localhost DirectoryService[44]: Launched version 2.1 (v353.1)
Jun 11 02:09:01 localhost lookupd[43]: lookupd (version 369.5) starting - Sun Jun 11 02:09:01 2006
Jun 11 02:09:02 localhost configd[36]: com.apple.SystemConfiguration.DynamicPowerStep load failed
Jun 11 02:09:02 localhost diskarbitrationd[38]: disk0s2 hfs B98C9278-3B51-3D3F-AC1B-35B6E725A9C2 Macintosh HD /
Jun 11 02:09:02 localhost kernel[0]: yukonosx: Ethernet address 00:16:cb:a2:a0:a9
Jun 11 02:09:02 localhost kernel[0]: AirPort_Athr5424: Ethernet address 00:16:cb:04:b6:3b
Jun 11 02:09:02 localhost lookupd[61]: lookupd (version 369.5) starting - Sun Jun 11 02:09:02 2006
Jun 11 02:09:02 roxys-computer kernel[0]: unable to start recv logic
Jun 11 02:09:02 roxys-computer kernel[0]: unable to start recv logic
Jun 11 02:09:02 roxys-computer kernel[0]: display: Not usable
Jun 11 02:09:02 roxys-computer configd[36]: setting hostname to "roxys-computer.local"
Jun 11 02:09:03 roxys-computer kernel[0]: [HCIController][setupHardware] AFH Is Supported
Jun 11 02:09:03 roxys-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Jun 11 02:09:04 roxys-computer loginwindow[65]: Login Window Started Security Agent
Jun 11 02:09:05 roxys-computer mDNSResponder: Adding browse domain local.
Jun 11 02:09:07 roxys-computer kernel[0]: (46: SystemStarter)tfp: failed on 0:
Jun 11 02:09:07 roxys-computer kernel[0]: (46: SystemStarter)tfp: failed on 0:
Jun 11 02:09:50 roxys-computer kernel[0]: AppleYukon: error - 2 Pair Downshift detected
Jun 11 02:09:50 roxys-computer kernel[0]: AppleYukon - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled
Jun 11 02:09:52 roxys-computer configd[36]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
Jun 11 02:09:52 roxys-computer configd[36]: posting notification com.apple.system.config.network_change
Jun 11 02:09:52 roxys-computer lookupd[141]: lookupd (version 369.5) starting - Sun Jun 11 02:09:52 2006
Jun 11 02:09:53 roxys-computer configd[36]: setting hostname to "cpe-67-10-116-128.gt.res.rr.com"
Jun 11 02:09:54 roxys-computer configd[36]: target=enable-network: disabled


mail.log:

Description: Fax notification email log
Size: 0 bytes
Last Modified: 6/11/06 12:15 AM
Location: /var/log/mail.log
Recent Contents:

access_log:

Description: Printer access log
Size: 3.22 KB
Last Modified: 6/11/06 2:39 AM
Location: /var/log/cups/access_log
Recent Contents: localhost - - [10/Jun/2006:22:15:47 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:47 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:47 -0700] "POST / HTTP/1.1" 200 75
localhost - - [10/Jun/2006:22:15:55 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:55 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:55 -0700] "POST / HTTP/1.1" 200 75
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 75
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:00:32:17 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:32:17 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:32:17 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:48:42 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:51:34 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:51:50 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:52:13 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:52:47 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:53:00 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:54:13 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:54:24 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:01:07:49 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:50 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:50 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:01:07:52 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:52 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:52 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:01:17:01 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:01 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:01 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:01:17:04 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:04 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:04 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:02:09:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:07 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:02:09:08 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:08 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:08 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:02:38:46 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:38:46 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:38:46 -0500] "POST / HTTP/1.1" 200 75


error_log:

Description: Printer error log
Size: 4.89 KB
Last Modified: 6/11/06 2:09 AM
Location: /var/log/cups/error_log
Recent Contents: I [10/Jun/2006:22:15:41 -0700] Listening to 7f000001:631
I [10/Jun/2006:22:15:41 -0700] Listening to b00f3000:0
I [10/Jun/2006:22:15:42 -0700] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [10/Jun/2006:22:15:42 -0700] Configured for up to 100 clients.
I [10/Jun/2006:22:15:42 -0700] Allowing up to 100 client connections per host.
I [10/Jun/2006:22:15:42 -0700] Full reload is required.
I [10/Jun/2006:22:15:42 -0700] Full reload complete.
I [10/Jun/2006:22:15:43 -0700] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [10/Jun/2006:22:15:46 -0700] Listening to 7f000001:631
I [10/Jun/2006:22:15:46 -0700] Listening to b00f3000:0
I [10/Jun/2006:22:15:46 -0700] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [10/Jun/2006:22:15:46 -0700] Configured for up to 100 clients.
I [10/Jun/2006:22:15:46 -0700] Allowing up to 100 client connections per host.
I [10/Jun/2006:22:15:46 -0700] Full reload is required.
I [10/Jun/2006:22:15:46 -0700] Full reload complete.
E [11/Jun/2006:00:48:07 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:48:42 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:51:34 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:51:50 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:52:13 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:52:47 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:53:00 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:54:13 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:54:24 -0500] get_printer_attrs: resource name '/printers/ ' no good!
I [11/Jun/2006:01:06:22 -0500] Scheduler shutting down normally.
I [11/Jun/2006:01:07:44 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:07:44 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:07:44 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:07:44 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:07:44 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:07:44 -0500] Full reload is required.
I [11/Jun/2006:01:07:45 -0500] Full reload complete.
I [11/Jun/2006:01:07:45 -0500] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [11/Jun/2006:01:07:49 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:07:49 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:07:49 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:07:49 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:07:49 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:07:49 -0500] Full reload is required.
I [11/Jun/2006:01:07:49 -0500] Full reload complete.
I [11/Jun/2006:01:16:56 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:16:56 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:16:56 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:16:56 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:16:56 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:16:56 -0500] Full reload is required.
I [11/Jun/2006:01:16:56 -0500] Full reload complete.
I [11/Jun/2006:01:16:56 -0500] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [11/Jun/2006:01:17:01 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:17:01 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:17:01 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:17:01 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:17:01 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:17:01 -0500] Full reload is required.
I [11/Jun/2006:01:17:01 -0500] Full reload complete.
I [11/Jun/2006:02:07:58 -0500] Scheduler shutting down normally.
I [11/Jun/2006:02:09:07 -0500] Listening to 7f000001:631
I [11/Jun/2006:02:09:07 -0500] Listening to e00a3000:0
I [11/Jun/2006:02:09:07 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:02:09:07 -0500] Configured for up to 100 clients.
I [11/Jun/2006:02:09:07 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:02:09:07 -0500] Full reload is required.
I [11/Jun/2006:02:09:07 -0500] Full reload complete.
I [11/Jun/2006:02:09:07 -0500] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [11/Jun/2006:02:09:07 -0500] Listening to 7f000001:631
I [11/Jun/2006:02:09:07 -0500] Listening to e00a3000:0
I [11/Jun/2006:02:09:07 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:02:09:07 -0500] Configured for up to 100 clients.
I [11/Jun/2006:02:09:07 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:02:09:07 -0500] Full reload is required.
I [11/Jun/2006:02:09:07 -0500] Full reload complete.


install.log:

Description: Installer log
Size: 55.68 KB
Last Modified: 6/11/06 12:22 AM
Location: /var/log/install.log
Recent Contents: ...
Jun 10 22:22:47 localhost : postflight[244]:
Jun 10 22:22:47 localhost : Removing temporary directory "/private/tmp/AppleIntermediateCodec.pkg.199NZGt8k"
Jun 10 22:22:47 localhost : Finalize disk "Macintosh HD"
Jun 10 22:22:47 localhost : Notifying system of updated components
Jun 10 22:22:47 localhost : TOTAL: Packages report 13424 files, 13424 actual files written
Jun 10 22:22:48 localhost : Private/Total = (5.0MB, 64.9MB), Heap/Total = (2.1MB, 17.5MB), Regions(malloc, private) = (29, 36)
Jun 10 22:22:48 localhost : It took 327.399510 seconds to successfully install "Mac OS X" (3 pkg(s))
Jun 10 22:22:48 localhost : It took 1.026814 seconds to Configuring volume "Macintosh HD" (dm prepare*disk)
Jun 10 22:22:48 localhost : It took 2.298068 seconds to Install Apple Intermediate Codec: 20 elements
Jun 10 22:22:48 localhost : It took 2.296421 seconds to successfully Install package Apple Intermediate Codec
Jun 10 22:22:48 localhost : It took 0.463971 seconds to Build install plan (& redirected paths)
Jun 10 22:22:48 localhost : It took 0.034909 seconds to Evaluating versions of bundles
Jun 10 22:22:48 localhost : It took 1.408027 seconds to Assembling temporary receipt
Jun 10 22:22:48 localhost : It took 0.059582 seconds to Collect path info (ATS, Sec Equiv, Kext, Pref Panes)
Jun 10 22:22:48 localhost : It took 0.257772 seconds to Write files
Jun 10 22:22:48 localhost : It took 0.071128 seconds to Assembling receipt
Jun 10 22:22:48 localhost : It took 14.204110 seconds to Install iDVD: 22 elements
Jun 10 22:22:48 localhost : It took 14.202082 seconds to successfully Install package iDVD
Jun 10 22:22:48 localhost : It took 1.886113 seconds to Build install plan (& redirected paths)
Jun 10 22:22:48 localhost : It took 0.054874 seconds to Evaluating versions of bundles
Jun 10 22:22:48 localhost : It took 2.226758 seconds to Assembling temporary receipt
Jun 10 22:22:48 localhost : It took 0.220101 seconds to Collect path info (ATS, Sec Equiv, Kext, Pref Panes)
Jun 10 22:22:48 localhost : It took 8.483777 seconds to Write files
Jun 10 22:22:48 localhost : It took 1.018322 seconds to run postinstall script for iDVD
Jun 10 22:22:48 localhost : It took 0.310901 seconds to Assembling receipt
Jun 10 22:22:48 localhost : It took 308.208766 seconds to Install iDVD Themes: 20 elements
Jun 10 22:22:48 localhost : It took 308.206872 seconds to successfully Install package iDVD Themes
Jun 10 22:22:48 localhost : It took 2.040585 seconds to Build install plan (& redirected paths)
Jun 10 22:22:48 localhost : It took 0.167489 seconds to Evaluating versions of bundles
Jun 10 22:22:48 localhost : It took 2.189642 seconds to Assembling temporary receipt
Jun 10 22:22:48 localhost : It took 0.247062 seconds to Collect path info (ATS, Sec Equiv, Kext, Pref Panes)
Jun 10 22:22:48 localhost : It took 302.891012 seconds to Write files
Jun 10 22:22:48 localhost : It took 0.668531 seconds to Assembling receipt
Jun 10 22:22:48 localhost : It took 0.397642 seconds to run postflight script for Apple Intermediate Codec
Jun 10 22:22:48 localhost : It took 0.755461 seconds to run postflight script for iDVD
Jun 10 22:22:48 localhost : It took 0.483774 seconds to run postflight script for iDVD Themes
Jun 10 22:22:48 localhost : Jun 10 22:22:48 localhost : Summary Information
Jun 10 22:22:48 localhost : Type Elapsed time (sec)
Jun 10 22:22:48 localhost : patch 0.000122
Jun 10 22:22:48 localhost : zero 0.022996
Jun 10 22:22:48 localhost : script 2.655199
Jun 10 22:22:48 localhost : extract 311.632561
Jun 10 22:22:48 localhost : config 5.178835
Jun 10 22:22:48 localhost : receipt 6.874987
Jun 10 22:22:48 localhost : disk 1.029241
Jun 10 22:22:48 localhost : install 324.710944
Jun 10 22:22:48 localhost : Jun 10 22:22:48 localhost : Starting installation:
Jun 10 22:22:48 localhost : Finalizing installation.
Jun 10 22:22:48 localhost : Registering applications
Jun 10 22:22:48 localhost : Registered /Applications/iDVD.app.
Jun 10 22:22:48 localhost : Registered /Library/Documentation/Applications/iDVD/iDVD Getting Started.app.
Jun 10 22:22:48 localhost : Private/Total = (5.0MB, 65.4MB), Heap/Total = (2.1MB, 17.5MB), Regions(malloc, private) = (29, 37)
Jun 10 22:22:48 localhost : It took 0.136199 seconds to successfully End of Install Jobs
Jun 10 22:22:48 localhost : It took 0.109910 seconds to <IFAppRegisterElement: 0x3c81d0>
Jun 10 22:22:48 localhost : It took 0.023683 seconds to Send Install Completed notification "Finished install."
Jun 10 22:22:48 localhost : Jun 10 22:22:48 localhost : Summary Information
Jun 10 22:22:48 localhost : Type Elapsed time (sec)
Jun 10 22:22:48 localhost : AppRegister 0.109910
Jun 10 22:22:48 localhost : zero 0.026289
Jun 10 22:22:48 localhost :
 
Maybe what I posted earlier provided useless information. Sorry!

I opened a file named BootX using text editor. I begins like this--

<CHRP-BOOT>
<COMPATIBLE>
MacRISC MacRISC3 MacRISC4
</COMPATIBLE>
<DESCRIPTION>
Boot Loader for Mac OS X.
</DESCRIPTION>
<OS-BADGE-ICONS>

It also included this--

Mac OS X Loader
 
Ok, the entire text didn't upload. And it doesn't appear that I was able to edit it. If I'm making duplicate post, I'm so sorry. I'm having so many problems that I can barely stay connected to the net.

<CHRP-BOOT>
<COMPATIBLE>
MacRISC MacRISC3 MacRISC4
</COMPATIBLE>
<DESCRIPTION>
Boot Loader for Mac OS X.
</DESCRIPTION>
<OS-BADGE-ICONS>

It also included this--

</OS-BADGE-ICONS>
<BOOT-SCRIPT>
load-base
begin
dup 6 " &lt;/CHRP" $= if
6 + dup 6 " -BOOT&gt;" $= if
8 + true
else
false
then
else
1+ false
then
until
( xcoff-base )
load-size over load-base - -
( xcoff-base xcoff-size )
load-base swap move
init-program go
</BOOT-SCRIPT>
</CHRP-BOOT>
 
If you feel paranoid then use the OS X included firewall (System Preferences->Sharing and press the firewall start. Next CHANGE YOUR PASSWORD. Lastly create e new USER account and stop use the default Administrator account (this goes for Windows too).

Also turn of automatic login (System Preferences->Accounts->You account->Login Options). Oh, I almost forgot, activate password checking on your Screen Saver and NEVER use or activate the Root account.

Welcome to the first lesson in computer security. 101 more lessons to go.:rolleyes:
 
Why did you single out BootX (which is used by the system), among the thousands of other files on your system?
Satcomer is correct, and even with the firewall left off, if all your Sharing services are turned off, it's really unlikely that anyone could hack into your system, unless you allow it.
If you downloaded and tried to install a couple of programs, maybe they are .exe files and can't run on the Mac anyway. You cannot use any .exe files with Mac OS X.

If you are exposing yourself by using some of the on-line game sites, then that may be most of your problem. OS X, by default, is basically locked down. You can make the security even tighter if you wish, and you can also open up everything. It's your choice, and not something that could be done from a remote locationA gamer/hacker will not be able to enter your computer unless you choose to allow it. The security link that Satcomer posted is a great place to start.
 
Everything I can see in your logs looks normal.

A couple things to point out:

- Unix, Linux and MacOS X are based around the concept of services. So the concept of server/client gets a little blurred. A server is a client, and a client is a server. The only difference is what services are running, and if those services accept connections from the network or not. So when you print, you always print to a 'server', even if that server is your own machine. MacOS X is configured by default to only let your machine print, you would have to turn on printer sharing before other machines would be allowed to connect.

- The Network icon that you see is always there. You will be able to see your own machine under Servers, even if you shut down ALL network connections. While this /is/ one of the more annoying and confusing 'features'... don't worry too much. Just because you see it there, doesn't mean anyone else does. You would have to have file sharing turned on (in System Preferences, under the Sharing pane) before they would even be able to /try/ to login to your computer.

- BootX is just an application that is used to boot OS X on older PowerPC Mac computers. As far as I know, it isn't even used on Intel systems (I wouldn't delete it though), which boot slightly differently.
 
Thanks for y'alls input. I don't understand Unix, but I'm trying to learn.

The reason I asked about BootX is because I had an undeletable file named BootX on my win xp machine. I don't play games, so that's not my problem. Whoever did this, accessed my ebay and paypal accounts. I have real reasons for being paranoid.

Can anyone tell explain CertificateAssistantTrustedApps.plist.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<array>
<string>/System/Library/CoreServices/Certificate Assistant.app</string>
<string>/Applications/Mail.app</string>
<string>/Applications/iChat.app</string>
<string>/usr/sbin/racoon</string>
</array>
</plist>

Also, can anyone tell me where I find the plist for a clean install? I'd like to look at mine.

Thanks again for all the help. Y'all do a huge service to paranoids like me. I'll probably have many more questions......hope that's ok.
 
Hi!

I have a follow-up question here re hacking. I was trying to get on the wireless internet in school several times but each time i logged onto the available wireless sites, instead of getting a signal bar on the airport symbol, i get a photo of a little computer in the middle of the signal bar.

I went to the Apple Store today and stupid me was told that those were other computers who were accessing my mac!!! :( i hadn't turned on my firewall (it's on now) since i didn't realize that it was not automatically turned on when i bought the computer.

Anyway, my question is whether it's possible to check if another computer has indeed hacked into my system and gotten into my files? can they do that?! is there anyway for me to check "footprints" via log or something?

thanks!!
 
crazydigger said:
I went to the Apple Store today and stupid me was told that those were other computers who were accessing my mac!!! :(
Click to expand...

Amazing where people get these strange ideas, and then try to convince crazydigger that idea is a fact (it is not....). That icon just means that you are accessing a computer-to-computer network, or a closed network (requiring one of those long passwords to enter), NOT some other computer hacking into your Mac! Sorry, you were blown off by someone at an Apple Store. Don't always accept an answer from one of those that roam around in an Apple Store (or get a 2nd opinion from a 'genius'). You don't always get a correct answer at an Apple Store. :)
 
wow!! super thanks delta!! next time, i'll just run to this forum for questions instead of going to the apple store! :D

in any event, how will you know that the computer is getting hacked? :)
 
crazydigger said:
Hi!

I have a follow-up question here re hacking. I was trying to get on the wireless internet in school several times but each time i logged onto the available wireless sites, instead of getting a signal bar on the airport symbol, i get a photo of a little computer in the middle of the signal bar.
Click to expand...

That is Bonjour finding other computers, I think. Also check your System Preferences Sharing pane and make sure in the Internet tab that you are not sharing the internet with others.

All the logs you want are in /Applications/Utilities/Console.
 
I also couldn't see anything unusual in your logs, and I'm still not sure what makes you think you have a problem. You've said a few things like "... and now I've started having problems" but you haven't actually told us much specific. BootX is a perfectly normal file, the Network icon is always there, and the CertificateHelper plist is just the settings for how your browser handles certificates. Nothing too out of the ordinary there.

So yes, if you do have anything that you're not sure about, start by asking about the symptom or problem you're seeing, and then the experts on the forums will point you in the right direction.
 
Thank's for everyone's input. And sorry if my questions are dumb, but I spent a fortune repairing my pc over and over, and couldn't keep a persistent hacker out. He'd disble my firewall and all AV programs. OSX is all new to me and if my hacker hasn't already gotten in, I'd like to keep him out.

1. My internet times out after a very short time. I don't know how to keep that from happening. I had a RoadRunner problem, but now that's taken care of, so it's not that.

2. Airport won't stay turned off.

3. BlueTooth likes to come back on too.

4. What is Boot.efi?

5. Can't customize terminal settings.

Activity Monitor shows this when running terminal--
Open Files and Ports
/Users/roxy
/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
/System/Library/CoreServices/CharacterSets/CFUnicodeData-L.mapping
/System/Library/CoreServices/CharacterSets/CFCharacterSetBitmaps.bitmap
/System/Library/CoreServices/CharacterSets/CFUniCharPropertyDatabase.data
/Library/Caches/com.apple.IntlDataCache.le.sbdl.501
/System/Library/Fonts/LucidaGrande.dfont
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/Extras2.rsrc
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/HIToolbox.rsrc
/System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM
/System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu
/System/Library/Contextual Menu Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM
/Library/Caches/com.apple.LaunchServices-014501.csstore
/usr/share/icu/icudt32l.dat
/System/Library/Caches/com.apple.IntlDataCache.le.kbdx
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/English.lproj/Localized.rsrc
/System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/AppleHDAHALPlugIn.bundle/Contents/MacOS/AppleHDAHALPlugIn
/System/Library/Components/CoreAudio.component/Contents/MacOS/CoreAudio
/usr/lib/dyld
/usr/lib/libSystem.B.dylib
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
/usr/lib/libicucore.A.dylib
/usr/lib/libobjc.A.dylib
/usr/lib/libstdc++.6.0.4.dylib
/usr/lib/libgcc_s.1.dylib
/usr/lib/libauto.dylib
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
/System/Library/Frameworks/Security.framework/Versions/A/Security
/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
/usr/lib/libncurses.5.4.dylib
/dev/null
/dev/console
/dev/console
apple.shm.notification_center
/tmp/com.apple.csseed.90
apple.shm.notification_center
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/Extras2.rsrc


/Applications/Utilities/Terminal.app/Contents/Resources/Terminal.rsrc
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/HIToolbox.rsrc
/dev/ptyp1
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/English.lproj/Localized.rsrc



So, If all of this is normal, then I'll shut up!:eek:
 
I can answer #4 - The Boot.efi file is the boot loader for OS X, used only on Intel Macs. Part of your system, it serves the same function as the bootx file (used on PowerPC Macs)
 
One more thing--
What is tftpboot? /private/tftpboot/private/tftpboot/(my entire system's in this folder)

hosts file

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost


thanks!
 
Mazzy and CrazyDigger,

Use a good password! That's basic, powerful security advice.

Use at least one capital letter.
Use at least a couple numbers.
Make your password something you can remember, but at least 7 or 8 characters long.

Don't tell anyone your password. Don't make your password obvious, like your name, your street name, kid's name, significant other's name, etc.

Mazzy, don't click links in email. Ever. Ever. Especially from an email that says it's from your bank. Don't believe everything you read in email. Don't open files attached to emails. Ever. Ever. Ever.

Don't accept files in instant messages (chat). Ever. Ever. Ever. Don't click links in instant messages. Never. Ever.

If you follow this advice, you shouldn't have any problems.

At the same time, I know it's hard not being paranoid, but not every glitch is caused by a virus or a hacked machine.

Finally, you're much safer on a Mac. Truth. No viruses, no spyware to speak of, no cross-Internet exploits. Relax. At least a little :)

Doug
 
You must log in or register to reply here.
Back
Top