Has ny mac mini been hijacked?

I

ivan mac


Joined
Jul 2, 2014
Messages
5
Reaction score
0
Points
1
I have a Mac Mini (Late 2012) running Yosemite 10.10.5

When I was moving a pdf file from the downloads folder to my desktop the finder disappeared from the screen (except for the desktop picture). A few seconds later a menu bar appeared briefly at the top of the screen. I only had time to see that it had Flickr in the left hand side before it disappeared and all the finder stuff came back.

Any idea what is going on. I don’t use Flickr although I have visited the site a couple of times in the past.


This is the log from around that time.

14 Sep 2015 20:37:22 GoogleSoftwareUpdateAgent[1017]: 2015-09-14 20:37:22.025 GoogleSoftwareUpdateAgent[1017/0xb0219000] [lvl=3] -[KSAgentApp(KeystoneThread) runKeystonesInThreadWithArg:] Failed to connect to system engine.
14 Sep 2015 20:40:36 com.avast.proxy[294]: Error connecting to 67.231.154.66: Operation timed out
14 Sep 2015 20:41:04 com.avast.proxy[294]: Protocol switch to: websocket
14 Sep 2015 20:42:12 com.avast.proxy[294]: Error connecting to 107.22.184.59: Operation timed out
14 Sep 2015 20:42:34 CoreServicesUIAgent[500]: unexpected message <OS_xpc_error: <error: 0x7fff7b1efc60> { count = 1, contents =
"XPCErrorDescription" => <string: 0x7fff7b1eff70> { length = 18, contents = "Connection invalid" }
}>
14 Sep 2015 20:42:55 Finder[384]: Layout still needs update after calling -[TListScrollView layout]. TListScrollView or one of its superclasses may have overridden -layout without calling super. Or, something may have dirtied layout in the middle of updating it. Both are programming errors in Cocoa Autolayout. The former is pretty likely to arise if some pre-Cocoa Autolayout class had a method called layout, but it should be fixed.
14 Sep 2015 20:43:15 com.apple.xpc.launchd[1]: Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash
14 Sep 2015 20:43:33 garcon[556]: host connection <NSXPCConnection: 0x608000119230> connection from pid 384 invalidated
14 Sep 2015 20:43:33 CoreServicesUIAgent[500]: unexpected message <OS_xpc_error: <error: 0x7fff7b1efc60> { count = 1, contents =
"XPCErrorDescription" => <string: 0x7fff7b1eff70> { length = 18, contents = "Connection invalid" }
}>
14 Sep 2015 20:43:33 garcon[556]: Garcon destroyed (0 alive).
14 Sep 2015 20:43:33 WindowServer[138]: CGXGetConnectionProperty: Invalid connection 45515
14 Sep 2015 20:43:33 WindowServer[138]: CGXGetConnectionProperty: Invalid connection 45515
14 Sep 2015 20:43:33 WindowServer[138]: CGXGetConnectionProperty: Invalid connection 45515
14 Sep 2015 20:43:33 WindowServer[138]: CGXGetConnectionProperty: Invalid connection 45515
14 Sep 2015 20:43:33 WindowServer[138]: CGXGetConnectionProperty: Invalid connection 45515
14 Sep 2015 20:43:33 WindowServer[138]: CGXGetConnectionProperty: Invalid connection 45515
14 Sep 2015 20:43:33 com.apple.xpc.launchd[1]: Service exited due to signal: Segmentation fault: 11
14 Sep 2015 20:43:33 ReportCrash[1060]: Saved crash report for Finder[384] version 10.10.5 (10.10.5) to /Users/ivanmac/Library/Logs/DiagnosticReports/Finder_2015-09-14-204333_Ivans-Mac-mini.crash
14 Sep 2015 20:43:33 Finder[1061]: assertion failed: 14F27: libxpc.dylib + 62447 [5C829202-962E-3744-8B50-00D38CC88E84]: 0x89
14 Sep 2015 20:43:33 pkd[394]: enabling pid=1061 for plug-in com.getdropbox.dropbox.garcon(1.11) ED811220-C4BE-48F4-84B3-73C2F6228C31 /Applications/Dropbox.app/Contents/PlugIns/garcon.appex
14 Sep 2015 20:43:33 taskgated[94]: no application identifier provided, can't use provisioning profiles [pid=1066]
14 Sep 2015 20:43:34 garcon[1066]: Failed to connect (colorGridView) outlet from (NSApplication) to (NSColorPickerGridView): missing setter or instance variable
14 Sep 2015 20:43:34 garcon[1066]: Failed to connect (view) outlet from (NSApplication) to (NSColorPickerGridView): missing setter or instance variable
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny file-read-metadata /Library
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:34 kernel[0]: Sandbox: appleeventsd(47) deny mach-lookup com.apple.ocspd
14 Sep 2015 20:43:35 garcon[1066]: Connecting to Dropbox on 'com.getdropbox.dropbox.garcon.cafe_501'
14 Sep 2015 20:43:35 garcon[1066]: Connected to Dropbox on 'com.getdropbox.dropbox.garcon.cafe_501'.
14 Sep 2015 20:43:35 garcon[1066]: Garcon is ready (1 alive).
14 Sep 2015 20:43:35 garcon[1066]: Invalidating watch set.
14 Sep 2015 20:43:35 garcon[1066]: Watch set is now: {(
file:///Users/ivanmac/Dropbox/
)}.
14 Sep 2015 20:43:35 com.avast.proxy[294]: Error connecting to 67.231.146.66: Operation timed out
14 Sep 2015 20:43:36 Finder[1061]: Attempt to use XPC with a MachService that has HideUntilCheckIn set. This will result in unpredictable behavior: com.apple.backupd.status.xpc
14 Sep 2015 20:43:57 CoreServicesUIAgent[500]: Error -60005 creating authorization
14 Sep 2015 20:43:59 com.apple.Preview.TrustedBookmarksService[1074]: Failure to de-serialize bookmark data file.
14 Sep 2015 20:44:16 Preview[1071]: Page bounds {{0, 0}, {400, 400}}
14 Sep 2015 20:44:16 Preview[1071]: -[AKFormFeatureDetector dealloc]
14 Sep 2015 20:44:36 revisiond[87]: fcntl("/.DocumentRevisions-V100/PerUID/501/46/com.apple.documentVersions/5202DBEB-1297-4EE8-B007-4A2FEA704FC3.pdf", MAKECOMPRESSED, 2) failed; error 16 (Resource busy)
14 Sep 2015 20:44:36 revisiond[87]: sqlite3_step returned: 101 (unknown error), listToken: 168
14 Sep 2015 20:44:56 WindowServer[138]: WSGetSurfaceInWindow : Invalid surface 294301779 for window 281
14 Sep 2015 20:44:56 CoreServicesUIAgent[500]: unexpected message <OS_xpc_error: <error: 0x7fff7b1efc60> { count = 1, contents =
"XPCErrorDescription" => <string: 0x7fff7b1eff70> { length = 18, contents = "Connection invalid" }
}>

The only apps running at the time should have been those that run at start-up: Android File Transfer, Boom, Dropbox and Shazam. I have Avast Anti-Virus installed and have tried to run a scan just now but it crashed with error 7005: connection to antivrus engine has been lost.
 
G

gsahli


Joined
Dec 11, 2010
Messages
1,808
Reaction score
40
Points
48
Location
Chicago
Your Mac's Specs
late 2012 mini w/SSD
So I’d say Finder crashed, and Avast is one likely culprit. Uninstall Avast and run for a while. There’s no evidence of any hacking/hijacking.
 
C

chas_m

Guest
Your computer has been hijacked by crappy, unneeded "anti-virus" malware called Avast.
 
OP
I

ivan mac


Joined
Jul 2, 2014
Messages
5
Reaction score
0
Points
1
Thanks. I've uninstalled Avast and gone back to using ClamXav for the time being. I had only started using Avast a few months ago after I saw a recommendation on a forum. Since then, though, they have been trying to force additional, unwanted apps within their program updates so I was thinking of dumping it anyway. I'm just hoping ClamXav won't go the same way now that it's no longer freeware.
 
harryb2448

harryb2448


Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Think of it this way. There are no Mac OS X viruses. When you update the defintions, all you do is download definitions for Windows viruses which cannot execute on the Unix system. Avast in particular loads your machine up with adware so you could have other little 'surprises' in store. Suggest downloading and running AdBlockPlus, Ghostery and Malwarebytes for Mac. Have a read of this about Avast:-


The Safe Mac » Avast installs adware!
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top