Jump to content

MyMacAroon

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

  • Days Won

    1

MyMacAroon last won the day on October 11

MyMacAroon had the most liked content!

Reputation

5 Neutral

Recent Profile Visitors

258 profile views
  1. I know that I sound like a crazy person, but I can tell you that I think Webroot is picking up on activities in the files that are malicious. My NetBois is active, at all times, if I take my computer out of safe boot, telnet, NetBIOS and a ton of other stuff is going on. My devices are calling out to whomever is doing this. I’ve had to file reports with both AWS and Microsoft WINS.
  2. About a year ago, my small business had started taking off, and I had a networking person come in, set up a VPN router, and update all of my computers. About 6 months later, I started to notice that my computers where acting weird, constant crashes, files being moved around, super slow etc. I had the networking guy come and take a look at everything and he wasn’t able to find the cause of the issues. I backed up all of info, had my computers wiped, all of the software reinstalled, did the Big Sur update, he came out again, and took a look at my logs and noted that my computers where netbooting, and that my VPN was being rerouted from Express VPNS servers to a local address (but as the logs say, not locally bound) - ExpressVPN has direct tunneling, and it wasn’t doing that. I spoke to Apple, and some a tech screenshared, he had me open up my activity monitor and saw some of the same things from my attachments today- except today I started my computer in safe mode. - We then went to console, where he wasn’t concerned bc my computer wasn’t reporting any crashes, while on the screen, he noted that “Super User” was doing something or another- he asked if my root was enabled (I don’t speak Spanish so I didn’t even know what he was talking about) - My networking guy handled all of my computer stuff because I was afraid of messing something up- he then had me go to directory utility where a SMB server was active, he tried to help me unbind from the server but my computer wasn’t having it. My root was enabled, which my networking person said he didn’t do, I changed the root password thinking that would solve the problem. I then took it to Apple where one of the guys confirmed that there was a web server attached and that the computer wasn’t removing an embedded profile that couldn’t be removed (like the computer was MDM managed at some point, but it wasn’t, I bought it from Frys a year or two prior) - this was on both my 2017 MacBook and my 2018 iMac, I traded the MacBook in for an iPad, i brought the iPad home, fresh out of the box it was on, and after set up a pop up says “this device is using Voiceover are you sure you would like to use this iPad” or something like that. Moving on, the same thing is happening, I contact my ISP, and they find a configuration for routing my traffic though an HTTP server - a Vlan, which later I realize that I’m not even connecting to my router, I mean I am, but I’m not, the Mac addresses don’t match- I was using the netgear XR1000, I had some problems logging into the app, but I was able to get in finally, and there are two routers- one is on and active the other is offline, I had Bitdefender on my router- and the MAC address for my router was the one that was offline. I really don’t touch my setting on any of my devices- including my phones private address. When looking at the map of devices the WAN was LAN, and LAN was on the WAN side. My devices where being added as Networks vs devices. - Mac Address Spoofing at its best, right? I decide to have all of my devices wiped again, and change isp’s - I do that, I move away from VPN’s because a VPN uses a subnet… During the course of this here are some of the things I experienced FYI - you’ll actually think I need meds for this next part but when my iMac was crashing, my XS Max started downloading- Apple Scripts, the weather app (but not the weather app- it was “Something Proxy” - Console, and others- - Someone tried to withdraw/ transfer $10k out of my business banking account - Every single one of my cards where Compromised. - Every-time I logon “Unix” or “cloud” login with me - I had family sharing set up with my 12 year old, he shared his location with me, but I didn’t share mine with his, I traded out my iPhone 8+ (I have two phones) for his iPhone 7, bc he was having battery problems with his, when I was about to transfer all of the data to his new phone- I went to turn off “find my phone” and saw that he had access to all of my devices… that where showing as “online” when I hadn’t had the MacBook in months and the iMac was sitting in my office unplugged- on top of this, I had changed the email address on that Apple ID- I lost access to that gmail account. - Just last night my iPad mini (currently activation locked out of somehow) - attached it’s self to the Internet while it was off. It has connected before, but never while it was off. 😅 - my devices pair without prompt, I even get calls on my other phone as if they have the same Apple ID. - Spelling and grammatical errors when my devices are prompting me for my password. - My iCloud was backing up an app called “Wish” but not like the shopping wish but something else it had a feather in the picture. - My URL’s are constantly redirected. - even after a fresh install, my filing system is a complete mess - and disk are formatted to be Case Sensitive (which has cause a filing nightmare) - Opening up my brand new M1 RemoteServices.Apple.com needed to add a configuration to my M1 - I WAS LEGIT MDM LOCKED OUT OF MY M1. these are just a few. this is just to name a few. I encourage everyone to press the “?” On the network settings, it even shows a photo that the NetBIOS name is not in use.. I would also like to mention that my computer names and NetBois Names don’t match.
  3. Hello! Thanks for your message, before all of this started I was using Malwarebytes and I stuck to my guns, but given the circumstances (Apple even pulling my logs and confirming that my computer shouldn’t be “In use” by netbois), being MDM LOCKED OUT OF MY BRAND NEW M1, and etc) I still have people telling me this is “normal” I’m super confused. Regardless, I don’t keep them both running, just the one at this time, Webroot. Apple recommended Malwarebytes so I figured they must be the best, but it seems clear to me that Webroot is picking up something that MB isn’t, as they’re at least trying to stop the “user added” to my NetBois. A rep from MB reached out today and said (and I quote, “ “Melody, This looks like an issue with the VPN you are using, ExpressVPN you may want to reach out to them and see if they are pushing the wins server on your network.our application would not touch it unless you are using our VPN. Thank you for choosing Malwarebytes!” I stopped using my VPN months ago. It’s a subnet (HTTP) that my computers are calling out for. 🤷🏼‍♀️ (I attached a few screenshots for reference)
  4. Webroot stopped the NetBois temporary of course because it crashed shortly there after.
  5. Yeah, they use it for the open source code (Airport and etc, however, mine also has Cloudfront, which according to the networking guy said means that it isn’t the standard- I’m going to PM you some photos- but regardless of this, as you can see from my photos, taken today, NetBois is very active.
  6. I think you might be a genus! That was actually extraordinarily helpful! I’m looking into purchasing right now! Maybe it could help me determine what server it is beyond Apache 👏🏻
  7. Hello again, It says that my name is currently in use… I would also like to mention that on both my iMac and my M1, my NetBois name isn’t the same as my computer name. The MacAroon part is correct, and I am a “Ms” that wasn’t my computer name. I’m not sure what it’s going to take for you or anyone else to help me, but I know I’m willing to do what it takes. If you tell me what you need to prove me wrong or what you need to help me, I’ll make it happen.
  8. Hello, I would love to have your vast amount of knowledge on my side. While I disagree at this time, if your open to it, I am willing to send you whatever logging or other information that you may need, but I can confirm 100% that this is not as cut and dry as you or I would like it to be. Nor should the WINS be active. I would prefer if that documentation wasn’t publicly published. please advise,
  9. Thank you for your message, while I agree that it’s a networking issue, I’ve changed, ISP’s, wiped all of my devices, have even replaced them, including routers, I’ve tried the Orbi, XR1000, the ISP routers, Eero, I could start a store 😣. I wish I knew how to remove the MDM, I was locked out of my M1 for 2 weeks before Apple helped me, it was a month old laptop that thought it was intel based. I don’t know Thomas, nor did I hear his tone, but given his messages… they didn’t seem nice. Maybe I am wrong and he was sincere but it really didn’t seem that way. I just need help, I don’t know what to do. I lost my small business, and have two children to provide for. Apple isn’t help, anti-virus hasn’t been any help, networking people, and etc… Im at a complete loss, like do I just swear off the internet for the rest of my life?
  10. I wish I had meds for the legit hell I’ve been though here lately. Regardless of his position, he was rude, I have a lot of respect for people who comment with the intention of be helpful, or to tell me I’m wrong for a valid reason. He, wasn’t helpful, he was mystified by my trying to get help. Just FYI, Netbois is not “normal”, unless you use those services. If you would like to see this for yourself, go into settings ->network -> and press the “?” In the bottom left. I didn’t get on this post because I think it’s fun, it’s because I need help. I have a masters in business administration, not tech. A rep from Malwarebytes reached out already and told me I wasn’t nuts, Apple did the same, but told me it was a “networking” issue and that only my isp could help me. I apologize for not being as well versed in this and not knowing what to look for, only knowing that something is wrong. legit though, I don’t appreciate being patronized or belittled by anyone, especially if you won’t even take the time to look over the things I posted. thanks again!
  11. Hello all, it looks like my post was flagged for malware… or at least the links in it. A staff member has finally reached out. I appreciate everyone’s time and assistance. Two things, for those of you genuinely trying to be helpful, thank you, for those of you here to bully, and be rude because someone doesn’t know exactly what to look for, bite me. I apologize for the confusion with the screenshots, it was not my intention to confuse anyone- only to show you with your own eyes what I was seeing.
  12. I really hope you don't work for Malwarebytes, this forum has you listed as a staff member. I am absolutely positive that the screenshots of an active/ un-autherized web server, rerouted VPN's and a different anti-virus picking up threats in the root file, would be enough for anyone to go - Oh maybe there is something wrong- you on the other hand seem to think a unix socket listening in is a normal part of Mac's networking? I have reached out to the support team, and considering how mystified you are, I'm not surprised that I havent heard anything back. They probably don't know what they're looking at either. References for future correspondence with customers: https://www.softwaretestinghelp.com/unix-introduction/ Kernel subsystems may include process management, file management, memory management, network management and others. https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_is_a_web_server Google Search: https://www.google.com/search?q=how+to+be+helpful+instead+of+critical&client=safari&rls=en&ei=fdLkYNj_H6KuqtsP5c-OsAs&start=10&sa=N&ved=2ahUKEwiYss_muM_xAhUil2oFHeWnA7YQ8tMDegQIARA5&biw=1324&bih=925 (Yes this was typing in How to be helpful instead of critical - client=safari&rls=en&ei=fdLkYNj_H6KuqtsP5c-OsAs&start=10&sa=N&ved=2ahUKEwiYss_muM_xAhUil2oFHeWnA7YQ8tMDegQIARA5&biw=1324&bih=925 I don't think is apart of the standard search bar.. You should see it when I'm trying to login to my email. Thats fun. If anyone would like to actually be helpful, I'm all ears.
  13. Hello, Thank you for taking the time to respond. Honestly, for the most part I have no idea what it is that caused, or what to look for here. 1.) In the first photo, I have a WINS server attached to my devices- I have attached a few screenshots from my VPN’s logs for additional reference on how my devices are communicating. 2.) the logs are for the most part very standard stuff- however, Unix is used in Cpanels, and I don’t have DDNS for a domain. The Unix socket is also the same socket for my root container (root user is not enabled), I don’t have Apache, Google, Firefox etc installed on my computers. Webroot also mentioned a treat in the /Var/root/path file that it was unable to resolve. Echo is a legit command, but as I mentioned, I don’t have a Cpanel for my home, furthermore, the logs indicate that C++ is coding language, 2 group containers, a subsystem and LDAP V3 that is hidden. - the logs also mention an IOreg - almost like the built in beta has been activated without my approval. 3.) Cache and cookies are temporary files, and can be deleted from time to time (to either reset your falcon cookie like I was trying to do- or just for performance Cookie signings with AWS or even WINS is a real thing.) 4.) my devices are pairing with one another without prompt. My Apple TV, phones, computers, iPads and etc (all of which have different Apple ID’s) If you have any insight into what to do, or how to remove this sever, I am all ears and seriously need help, I’m losing my *****. I’ve had all of my devices wiped and or replaced, I’ve changed ISP’s, and I still can’t seem to get rid of whatever this is.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.