Malware/unauthorized remote connections

Acevedomaria87 · ‎06-28-2017

Hello☺️

I called Cisco small business as I'm an average Jenny with some serious vicious trolls/hackers. The main person I suspect a former bf who has training in Cisco NC, worked for several partners and last i knew was in Palo Alto networks. I know nothing about security I thought my regular norton antivirus would do it but it doesn't and in might have a rootkit as even i go to the store and get the system restored there is malware, and certificates that allow RATS. Also if my laptops and iPhone is an endpoint of a firewall is it possible to disassociate from it? I'll wait for the partner call next week. I wish I could have gone to Cisco live.

i didn't installed or downloaded any programs that appear in my mac or laptop I only use it with Ethernet cable. I see so many manuals that i fear some bots are using my connection maliciously. And how do I get rid of them? What products services I would need?

Making it clear I'm a regular person, these are my personal computer and wouldn't like anyone accessing remotely to it.

Thank you!

Marvin Rhoads · ‎06-28-2017

None of the images you posted are indications of compromise.

They all appear to be benign screenshots of various system connection status and file details that are normal and expected.

Acevedomaria87 · ‎06-28-2017

Thank you for your answer but I didn't download any of those programs or I didn't allow any of those connections.

Its my personal computers and I only use it to search online. I don't have any Cisco or any firewall that Would allow remote connections.

its my personal computers and I wouldn't like to have any remote connections to it.

Marvin Rhoads · ‎06-29-2017

Neither Cisco or any firewall have anything to do with what you posted.

All of the connections in your img_0166.png capture are http or https connections initiated FROM your local computer. If you have a browser open with several tabs, that would account for all of those. Even a single web page can result in many connections if it is a page with many elements from varying sources.

Your netstat from the MacBook shows normal listening ports for the localhost, multicast services and IPv6 - all of which are on by default.

You show several folders from the MacBook with system files that are built into OS X. These are part of the normal operating system packages and are not a cause for concern.

You show several certificates - it is expected that root certificates will be present on your computer. If they were not, you would need to manually inspect the certificate of every secure web site you visit and make an informed decision about the authenticity of the site.

Without analyzing every attachment in general, you should get the gist of what I'm saying based on this quick look at the files you attached.

If you don't want any remote connections FROM your computer (aka all of the ones you show in your first image) then simply unplug it from the network and turn off any wireless adapter.

As long as you are opening web pages you will have remote connections. http and https which are used by your browser use tcp - that is a connection-oriented protocol. Even without a browser open you may have connections - for instance Windows update queries Microsoft periodically as do other programs with built-in updaters (Adobe Acrobat, your antivirus software etc.).

Acevedomaria87 · ‎06-29-2017

Okay thank you for your answer.

im not browsing anything on the internet and those connections would appear. I do only use Ethernet cable my router has the wireless disabled. Moving forward, can how can I close ports on terminal? Also I didn't install that password keeper sso login. And my laptop didn't come with it as I just had a clean install last June 25.

Marvin Rhoads · ‎06-29-2017

Most of the tcp connections shown were in "FIN_WAIT" status. That would show up even after you shut down your browser as the tcp connections would not be shut down gracefully and would be waiting to timeout. Once they timeout, the connections shown in netstat go away.

Micosoft offers a free small program called tcpview that you can download to get a detailed view of each open connection along with what program has opened it.

https://technet.microsoft.com/en-us/sysinternals/tcpview.aspx

I imagine something similar can be found for the Mac but I don't use one so I don't know for sure.

It's impossible for me or anyone here to say where your Password Keeper software came from without knowing the entire provenance of your personal computer.