我的台式 iMac 运行 Mac OS X Mojave 10.14.6,遇到了一个非常奇怪的问题。
每天晚上,午夜之后的某个时间:
共享控制面板中的“远程登录”项未选中
.ssh
我的主目录中的目录被完全删除
不用说,我无法通过 ssh 连接到我的机器,但由于各种原因,我依赖于它。
有人知道可能发生了什么吗?禁用远程登录并删除我的 .ssh 目录似乎是一种奇怪的攻击。我不清楚为什么会这样,而且我无法找到任何方法来阻止它(例如,检查保护措施、坚持每次使用控制面板时都要输入密码等)。
附录ESET 似乎已删除有问题的代码。以下是日志条目:
10/10/19, 18:32:35 Real-time file system protection file /Users/rwh/Library/Application Support/Kuklorest/Kuklorest.app/Contents/MacOS/AppYM a variant of OSX/Adware.Genieo.BH application cleaned by deleting rwh Event occurred during an attempt to access the file by the application: /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT (484A0A6B9B72E46C8B093D03951BBEBFF785A8F9). 0263B26F29A5BD6DDE47F950FA57ACD42C1BA1AB 31. 7.2018 13:07:09
10/10/19, 18:32:34 Real-time file system protection file /Users/rwh/Library/Application Support/com.TotalPanelSearch/TotalPanelSearch a variant of OSX/TrojanDownloader.Adload.Q trojan cleaned by deleting rwh Event occurred during an attempt to access the file by the application: /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT (484A0A6B9B72E46C8B093D03951BBEBFF785A8F9). AF7958D6F7F2CFA445EF796127CC93991A098EDD 8.10.2019 15:04:52
10/10/19, 18:32:34 Real-time file system protection file /Users/rwh/Library/Application Support/com.TotalPanelSearch/TotalPanelSearch a variant of OSX/TrojanDownloader.Adload.Q trojan cleaned by deleting rwh Event occurred during an attempt to run the file by the application: /usr/libexec/xpcproxy (9D87DDC0E1911226AD4E0C5F145FB945F889DE24). AF7958D6F7F2CFA445EF796127CC93991A098EDD 8.10.2019 15:04:52
10/10/19, 18:32:34 Real-time file system protection file /Users/rwh/Library/Application Support/Kuklorest/Kuklorest.app/Contents/MacOS/AppYM a variant of OSX/Adware.Genieo.BH application cleaned by deleting rwh Event occurred during an attempt to run the file by the application: /usr/libexec/xpcproxy (9D87DDC0E1911226AD4E0C5F145FB945F889DE24). 0263B26F29A5BD6DDE47F950FA57ACD42C1BA1AB 31. 7.2018 13:07:09
10/10/19, 16:17:27 Real-time file system protection file /private/tmp/5AA1E95D-4B97-410E-AFF9-9DD28A5A2DEB/1/B842D4C1-BBD2-4AFA-B339-F7BED39D19C3/p a variant of OSX/TrojanDownloader.Adload.Q trojan cleaned by deleting Event occurred on a newly created file. 785B020AC4E27D43ACD7365FF12C83131FF40DA6 10.10.2019 16:17:21
10/10/19, 16:17:27 Real-time file system protection file /private/tmp/5AA1E95D-4B97-410E-AFF9-9DD28A5A2DEB/1/B842D4C1-BBD2-4AFA-B339-F7BED39D19C3/p a variant of OSX/TrojanDownloader.Adload.Q trojan cleaned by deleting Event occurred on a newly created file. 785B020AC4E27D43ACD7365FF12C83131FF40DA6 10.10.2019 16:17:21