Uderc programming article aggregator sites

Is there a keylogger or tracker on my computer?

Tags:
Answers: Have 5 answers
Advertisement
Hi, I have reason to belive there might be some sort of spying software/keylogger installed on my computer without my consent. I am 18 and the laptop I'm using was purchased for me by my mother about a year or two ago. She's one of those paranoid mothers who logged all my aim chats and stuff as a child and I'm afraid she is still set in those ways. I think, however, at 18 I deserve my privacy on my computer. Sometimes when I'm talking to her she likes to joke that she should go through my laptop and see what I'm drawing (I do alot of art on my laptop that I don't like to show people cause I'm self-concious about my work.) and when I tell her she couldn't get on if she tried she makes this mocking face like she knows something I don't. This has made me very paranoid as I really don't like the idea of her snooping through my files and stuff. Shes always boasting about how good she is with computers, but I once made up a bunch of computer gibberish non-sense and she tried to look like she knew what I was talking about...So maybe she is just bluffing? I was looking though /Library/LaunchDaemons and found the .plist file relating to the program Undercover which moniters your laptop in case it's stolen, sends screenshots and takes photos with the webcam. I never installed this program. I DID install the program PREY just in case someone ran off with my laptop in Starbucks or something. What I want to know is if there are any other keyloggers or trackers installed on my computer so I can get rid of them. I ran some commands in terminal and these were my results-
new-host-4:~ KellieCruz$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
com.metakine.handsoff.driver (2.0.8)
com.rogueamoeba.InstantOn (6.0.2)
com.rogueamoeba.InstantOnCore (6.0.2)
com.manycamllc.driver.ManyCamDriver (0.0.9)
com.protech.NoSleep (1.3.3)
com.Cycling74.driver.Soundflower (1.6.2)
com.cleverandson.driver.XAerial (1.0.0)
new-host-4:~ KellieCruz$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'
com.oracle.java.Java-Updater
com.oracle.java.Helper-Tool
com.autodesk.backburner_server
com.autodesk.backburner_manager
org.tcpdump.chmod_bpf
org.gpgtools.gpgmail.uuid-patcher
com.torch.update.agent
com.orbicule.uclocator
com.metakine.handsoff.daemon
com.macpaw.CleanMyMac2.Agent
com.luthresearch.scservice
com.disc-soft.DAEMONTools.PrivilegedHelper
com.daz3d.content_management_service
com.autodesk.backburner_start
com.adobe.fpsaud
new-host-4:~ KellieCruz$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
com.macpaw.CleanMyMac2Helper.diskSpaceWatcher
com.macpaw.CleanMyMac2Helper.trashWatcher
com.macpaw.CleanMyMac2Helper.scheduledScan
com.tuneupmedia.TuneUpHelper
org.gpgtools.macgpg2.updater
org.gpgtools.macgpg2.shutdown-gpg-agent
org.gpgtools.macgpg2.fix
org.gpgtools.Libmacgpg.xpc
org.gpgtools.gpgmail.user-uuid-patcher
org.gpgtools.gpgmail.enable-bundles
com.wacom.wacomtablet
com.wacom.pentablet
com.protech.NoSleep
com.metakine.handsoff.agent
com.spotify.webhelper
com.google.keystone.user.agent
com.divx.agent.postinstall
com.akamai.single-user-client
com.adobe.AAM.Scheduler-1.0
new-host-4:~ KellieCruz$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
/Library/Components:
/Library/Extensions:
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adlm.framework
Adobe AIR.framework
AudioMixEngine.framework
DivX Toolkit.framework
Libmacgpg.framework
NyxAudioAnalysis.framework
PluginManager.framework
TSLicense.framework
WacomMultiTouch.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
AdobeAAMDetect.plugin
DirectorShockwave.plugin
DivXBrowserPlugin.plugin
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
JavaAppletPlugin.plugin
OVSHelper.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
Silverlight.plugin
Unity Web Player.plugin
Unused
WacomNetscape.plugin
WacomTabletPlugin.plugin
flashplayer.xpt
nsIQTScriptablePlugin.xpt
/Library/Keyboard Layouts:
/Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.metakine.handsoff.agent.plist
com.oracle.java.Java-Updater.plist
com.protech.NoSleep.plist
com.wacom.pentablet.plist
com.wacom.wacomtablet.plist
org.gpgtools.Libmacgpg.xpc.plist
org.gpgtools.gpgmail.enable-bundles.plist
org.gpgtools.gpgmail.patch-uuid-user.plist
org.gpgtools.macgpg2.fix.plist
org.gpgtools.macgpg2.shutdown-gpg-agent.plist
org.gpgtools.macgpg2.updater.plist
/Library/LaunchDaemons:
com.adobe.SwitchBoard.plist
com.adobe.fpsaud.plist
com.apple.remotepairtool.plist
com.autodesk.backburner_manager.plist
com.autodesk.backburner_server.plist
com.autodesk.backburner_start.plist
com.daz3d.content_management_service.plist
com.disc-soft.DAEMONTools.PrivilegedHelper.plist
com.macpaw.CleanMyMac2.Agent.plist
com.metakine.handsoff.daemon.plist
com.oracle.java.Helper-Tool.plist
com.torch.update.agent.plist
org.gpgtools.gpgmail.patch-uuid.plist
/Library/Mail/Bundles:
GPGMail.mailbundle
/Library/PreferencePanes:
Flash Player.prefPane
Flip4Mac WMV.prefPane
GPGPreferences.prefPane
JavaControlPanel.prefPane
MacFUSE.prefPane
NoSleep.prefPane
PenTablet.prefPane
WacomTablet.prefPane
/Library/PrivilegedHelperTools:
com.disc-soft.DAEMONTools.PrivilegedHelper
com.macpaw.CleanMyMac2.Agent
/Library/QuickLook:
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
DivX Decoder.component
DivX Encoder.component
Flip4Mac WMV Advanced.component
Flip4Mac WMV Export.component
Flip4Mac WMV Import.component
ManyCamVDig_RGB.component
ManyCamVDig_YCbCr.component
MayaIFF.component
/Library/ScriptingAdditions:
Adobe Unit Types.osax
XtraFinder.osax
/Library/Services:
GPGServices.service
/Library/Spotlight:
Microsoft Office.mdimporter
iWork.mdimporter
/Library/StartupItems:
Sudochmod
/etc/mach_init.d:
/etc/mach_init_per_login_session.d:
/etc/mach_init_per_user.d:
com.adobe.SwitchBoard.monitor.plist
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
YMsgrCallABPlugin.bundle
YMsgrMsnABPlugin.bundle
YMsgrSmsABPlugin.bundle
YMsgrYimABPlugin.bundle
Library/Fonts:
rough_typewriter.otf
rough_typewriter_X_bold.otf
rough_typewriter_bold_itl.otf
rough_typewriter_italic.otf
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
BlueStacks Install Detector.plugin
SOEWebInstaller.plugin
Library/Keyboard Layouts:
Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.akamai.single-user-client.plist
com.divx.agent.postinstall.plist
com.google.keystone.agent.plist
com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist
com.macpaw.CleanMyMac2Helper.scheduledScan.plist
com.macpaw.CleanMyMac2Helper.trashWatcher.plist
com.spotify.webhelper.plist
Library/PreferencePanes:
AkamaiNetSession.prefPane
Growl.prefPane
Perian.prefPane
teleport.prefPane
Library/QuickTime:
AC3MovieImport.component
Perian.component
Library/Services:
ToastIt.service
new-host-4:~ KellieCruz$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
iTunesHelper, Speech Startup, XtraFinder, iAntiVirus, BambooCore
Does any of this look funny to you? Are there any other tests/programs/comands I can run to do a more thorough check? Sorry if this seems like a silly issue but my privacy matters to me. I don't do anything horrible on my computer but I also don't think I should be being watched 24/7 like a child.
Advertisement
The best answer: Hi Linc,
I had the same question as everyone else. Here is my output. Do you know if I have tracking software installed? Thank you so much for your time/help. Your expertise is much appreciated!
Last login: Thu Feb 19 14:11:14 on console
sarahcomputer-3:~ Sarah$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' 
sarahcomputer-3:~ Sarah$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)
|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
WARNING: Improper use of the sudo command could lead to data loss
or the deletion of important system files. Please double-check your
typing when using sudo. Type "man sudo" for more information.
To proceed, enter your password, or type Ctrl-C to abort.
Password:
com.vmware.launchd.vmware
com.google.keystone.daemon
com.carbonite.daemon
com.adobe.fpsaud
cn.com.zte.PPPMonitor.plist
cn.com.zte.MessageCenter.plist
sarahcomputer-3:~ Sarah$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
com.bittorrent.uTorrent.32592
org.mozilla.firefox.37520
com.box.sync.88912
org.videolan.vlc.37696
com.microsoft.Word.28368
com.microsoft.entourage.database_daemon.29424
com.vmware.fusionStartMenu.41040
com.box.Box-Local-Com-Server.88560
com.Box.Box-Edit.88384
com.skype.skype.31536
com.yahoo.messenger3.32944
com.google.GoogleDrive.65856
com.vmware.fusionDaemon.39808
com.microsoft.autoupdate.fba.39456
jp.co.canon.cijscannerregister.41216
com.evernote.EvernoteHelper
com.hp.help.tocgenerator
com.google.keystone.system.agent
com.divx.update.agent
com.divx.dms.agent
com.carbonite.carbonitestatus
com.carbonite.carbonitealerts
cn.com.zte.usbswapper.plist
com.citrixonline.GoToMeeting.G2MUpdate
sarahcomputer-3:~ Sarah$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
/Library/Components:
/Library/Extensions:
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
BJUSBLoad.kext
CIJUSBLoad.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
DivX Toolkit.framework
DivXInstallerUtilities.framework
HPSmartPrint.framework
MacFUSE.framework
NyxAudioAnalysis.framework
OSXFUSE.framework
PluginManager.framework
Snapfish.framework
TSLicense.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
DirectorShockwave.plugin
DivX Web Player.plugin
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
Flip4Mac WMV Plugin.webplugin
Google Earth Web Plug-in.plugin
OVSHelper.plugin
OfficeLiveBrowserPlugin.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
Silverlight.plugin
flashplayer.xpt
googletalkbrowserplugin.plugin
iPhotoPhotocast.plugin
nsIQTScriptablePlugin.xpt
o1dbrowserplugin.plugin
/Library/Keyboard Layouts:
/Library/LaunchAgents:
cn.com.zte.usbswapper.plist
com.carbonite.launchd.carbonitealerts.plist
com.carbonite.launchd.carbonitestatus.plist
com.divx.dms.agent.plist
com.divx.update.agent.plist
com.google.keystone.agent.plist
com.hp.help.tocgenerator.plist
/Library/LaunchDaemons:
cn.com.zte.MessageCenter.plist
cn.com.zte.PPPMonitor.plist
com.adobe.fpsaud.plist
com.carbonite.launchd.carbonitedaemon.plist
com.google.keystone.daemon.plist
com.vmware.launchd.vmware.plist
/Library/PreferencePanes:
Carbonite.prefPane
Flash Player.prefPane
Flip4Mac WMV.prefPane
Perian.prefPane
/Library/PrivilegedHelperTools:
Google Drive Icon Helper
com.box.sync.bootstrapper
com.box.sync.iconhelper
/Library/QuickLook:
GBQLGenerator.qlgenerator
VMware Fusion QuickLook.qlgenerator
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AC3MovieImport.component
AppleIntermediateCodec.component
AppleMPEG2Codec.component
Perian.component
/Library/ScriptingAdditions:
/Library/Spotlight:
GBSpotlightImporter.mdimporter
Microsoft Office.mdimporter
iBooksAuthor.mdimporter
iWork.mdimporter
/Library/StartupItems:
HP Trap Monitor
/etc/mach_init.d:
/etc/mach_init_per_login_session.d:
/etc/mach_init_per_user.d:
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
YMsgrCallABPlugin.bundle
YMsgrMsnABPlugin.bundle
YMsgrSmsABPlugin.bundle
YMsgrYimABPlugin.bundle
Library/Components:
MindVision
Library/Fonts:
Library/Frameworks:
EWSMac.framework
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
CitrixOnlineWebDeploymentPlugin.plugin
Google Earth Web Plug-in.plugin
Library/Keyboard Layouts:
Library/LaunchAgents:
com.apple.SafariBookmarksSyncer.plist
com.citrixonline.GoToMeeting.G2MUpdate.plist
Library/PreferencePanes:
Library/Services:
.localized
sarahcomputer-3:~ Sarah$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
iTunesHelper, VMware Fusion Helper, Skype, Jacquie Lawson London Advent Calendar, Google Drive, uTorrent, Dropbox, Yahoo! Messenger, Skype, Box Sync, Box Edit, Box Local Com Server
sarahcomputer-3:~ Sarah$