Home and business technical support services in North and Central London
WhatsApp preferred
Tap the icon to send a message to Andrew
07714 524 635

Mac – Search For Keylogger, Malware or Virus

https://discussions.apple.com/thread/4243511

Step 1

Copy or drag — do not type — the line below into the Terminal window, then press return:

kextstat -kl | awk ‘!/com\.apple/{printf “%s %s\n”, $6, $7}’

Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.) You can omit the final line ending in “$”.

Step 2

Repeat with this line:

sudo launchctl list | sed 1d | awk ‘!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}’

This time, you’ll be prompted for your login password, which won’t be displayed when you type it. You may get a one-time warning not to screw up. You don’t need to post the warning.

Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.

Step 3

launchctl list | sed 1d | awk ‘!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}’

Step 4

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null

Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.

Step 5

osascript -e ‘tell application “System Events” to get name of every login item’ 2> /dev/null

Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output.

About

Andrew grew up in Shropshire, and has lived in London for over 10 years when he began his studies at King's College London. He provides full time IT support and web design services. More →

Contact

Tsai Law LTD
Tavistock Terrace
London
N19 4BZ
Phone: 07714 524 635
Email: info@andrewtsai.co.uk

Social media