Mac OS X 上消失的 .ssh 目录

tag-icon tag-icon mac ssh
Mac OS X 上消失的 .ssh 目录

我的台式 iMac 运行 Mac OS X Mojave 10.14.6,遇到了一个非常奇怪的问题。

每天晚上,午夜之后的某个时间:

  • 共享控制面板中的“远程登录”项未选中

  • .ssh我的主目录中的目录被完全删除

不用说,我无法通过 ssh 连接到我的机器,但由于各种原因,我依赖于它。

有人知道可能发生了什么吗?禁用远程登录并删除我的 .ssh 目录似乎是一种奇怪的攻击。我不清楚为什么会这样,而且我无法找到任何方法来阻止它(例如,检查保护措施、坚持每次使用控制面板时都要输入密码等)。

附录ESET 似乎已删除有问题的代码。以下是日志条目:

10/10/19, 18:32:35  Real-time file system protection    file    /Users/rwh/Library/Application Support/Kuklorest/Kuklorest.app/Contents/MacOS/AppYM a variant of OSX/Adware.Genieo.BH application   cleaned by deleting rwh Event occurred during an attempt to access the file by the application: /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT (484A0A6B9B72E46C8B093D03951BBEBFF785A8F9). 0263B26F29A5BD6DDE47F950FA57ACD42C1BA1AB    31. 7.2018 13:07:09
10/10/19, 18:32:34  Real-time file system protection    file    /Users/rwh/Library/Application Support/com.TotalPanelSearch/TotalPanelSearch    a variant of OSX/TrojanDownloader.Adload.Q trojan   cleaned by deleting rwh Event occurred during an attempt to access the file by the application: /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT (484A0A6B9B72E46C8B093D03951BBEBFF785A8F9). AF7958D6F7F2CFA445EF796127CC93991A098EDD     8.10.2019 15:04:52
10/10/19, 18:32:34  Real-time file system protection    file    /Users/rwh/Library/Application Support/com.TotalPanelSearch/TotalPanelSearch    a variant of OSX/TrojanDownloader.Adload.Q trojan   cleaned by deleting rwh Event occurred during an attempt to run the file by the application: /usr/libexec/xpcproxy (9D87DDC0E1911226AD4E0C5F145FB945F889DE24).  AF7958D6F7F2CFA445EF796127CC93991A098EDD     8.10.2019 15:04:52
10/10/19, 18:32:34  Real-time file system protection    file    /Users/rwh/Library/Application Support/Kuklorest/Kuklorest.app/Contents/MacOS/AppYM a variant of OSX/Adware.Genieo.BH application   cleaned by deleting rwh Event occurred during an attempt to run the file by the application: /usr/libexec/xpcproxy (9D87DDC0E1911226AD4E0C5F145FB945F889DE24).  0263B26F29A5BD6DDE47F950FA57ACD42C1BA1AB    31. 7.2018 13:07:09
10/10/19, 16:17:27  Real-time file system protection    file    /private/tmp/5AA1E95D-4B97-410E-AFF9-9DD28A5A2DEB/1/B842D4C1-BBD2-4AFA-B339-F7BED39D19C3/p  a variant of OSX/TrojanDownloader.Adload.Q trojan   cleaned by deleting     Event occurred on a newly created file. 785B020AC4E27D43ACD7365FF12C83131FF40DA6    10.10.2019 16:17:21
10/10/19, 16:17:27  Real-time file system protection    file    /private/tmp/5AA1E95D-4B97-410E-AFF9-9DD28A5A2DEB/1/B842D4C1-BBD2-4AFA-B339-F7BED39D19C3/p  a variant of OSX/TrojanDownloader.Adload.Q trojan   cleaned by deleting     Event occurred on a newly created file. 785B020AC4E27D43ACD7365FF12C83131FF40DA6    10.10.2019 16:17:21

相关内容