network3 | 25.11.2019 13:15 | Netzwerk von Trojaner "Fucknet" befallen / Macbook Unser Netzwerk ist von einem Trojaner befallen worden (den ich nur über die Portfreigaben im Router erkannt habe: Port 1056 und 1059 UDP mit der Bezeichnung "Fucknet". Ich bemühe mich seit mehreren Wochen darum die Rechner (3 Windows / 1 Mac / 1 Synology NAS) wieder aufzusetzen und herauszufinden ob die Infektion jetzt überstanden ist oder ob auf den neu aufgesetzten Rechnern noch etwas schlummert. Der Trojaner ist von keinem meiner Virenscanner erkannt worden.
Ich habe nur sehr wenige Quellen im Internet zu dem Thema gefunden, hier aber jemand der ein ähnliches Problem hatte (ohne Lösung):
https://www.reddit.com/r/24hoursupport/comments/5lskdv/port_forwarding_rule_fucknet_appears/
Als erstes versuche ich im Moment das MacBook meiner Frau wieder ans laufen zu bekommen - ich habe das Betriebssystem neu installiert. Ich habe aber nur eingeschränktes Vertrauen in die Neuinstallation, da wir das Upgrade von Mojave nach Catalina das erste Mal gemacht haben, als die Infektion wahrscheinlich noch unentdeckt geblieben ist.
Ich weiss nicht genau wie ich bei der Systemanalyse auf Mac vorgehen soll, da FRST nicht für Mac geeignet ist. In einigen Postings habe ich von Etrecheck gelesen, das ich dann auch installiert und ausgeführt habe. Es scheinen aber relevante Informationen zu fehlen (ich konnte mich noch nicht dazu durchringen meine Kreditkarten-Daten auf dem Mac einzugeben, um die Pro Version zu kaufen). Nachfolgend findet ihr das Etrecheck Log. Könnt Ihr mir weiterhelfen? Ich bin am Ende meines Latein angelangt. Code:
EtreCheck version: 6.1.5 (6B036)
Report generated: 2019-11-25 12:52:02
Download EtreCheck from https://etrecheck.com
Runtime: 2:09
Performance: Excellent
Problem: Other problem
Description:
Our Network got infected by using a trojan called fucknet.
Major Issues:
Anything that appears on this list needs immediate attention.
No Time Machine backup - Time Machine backup not found.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
Heavy I/O usage - Your system is under heavy I/O use. This will reduce your performance.
Hardware Information:
MacBook Pro (Retina, 15-inch, Mid 2014)
MacBook Pro Model: MacBookPro11,3
1 2,5*GHz Quad-Core Intel Core i7 (i7-4870HQ) CPU: 4-core
16 RAM - Not upgradeable
BANK 0/DIMM0 - 8*GB DDR3 1600*
BANK 1/DIMM0 - 8*GB DDR3 1600*
Battery: Health = Normal - Cycle count = 136
Video Information:
Intel Iris Pro - VRAM: 1536*MB
Color LCD 2880 x 1800
NVIDIA GeForce GT 750M - VRAM: 2*GB
Drives:
disk0 - APPLE SSD SM0512F 500.28*GB (Solid State - TRIM: Yes)
Internal PCI 5.0 GT/s x2 Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210*MB
disk0s2 [APFS Container] 499.93*GB
disk1 [APFS Virtual drive] 499.93*GB (Shared by 5 volumes)
disk1s1 - M*****************n (APFS) [APFS Virtual drive] (Shared - 65.36*GB used)
disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 82*MB used)
disk1s3 - Recovery (APFS) [Recovery] (Shared - 529*MB used)
disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07*GB used)
disk1s5 - M*********o (APFS) (Shared - 10.69*GB used)
Mounted Volumes:
disk1s1 - M*****************n [APFS Virtual drive]
499.93*GB (Shared - 65.36*GB used, 424.56*GB available, 422.03*GB free)
APFS
Mount point: /System/Volumes/Data
Encrypted
disk1s3 - Recovery [Recovery]
499.93*GB (Shared - 529*MB used, 422.03*GB free)
APFS
Mount point: /Volumes/Recovery
disk1s4 - VM [APFS VM]
499.93*GB (Shared - 1.07*GB used, 422.03*GB free)
APFS
Mount point: /private/var/vm
disk1s5 - M*********o
499.93*GB (Shared - 10.69*GB used, 424.56*GB available, 422.03*GB free)
APFS
Mount point: /
Encrypted
Read-only: Yes
Network:
Interface en3: Thunderbolt Ethernet
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
Interface en5: iPad
Interface en6: iPhone
Interface en4: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
iCloud Quota: 104.25*GB available
System Software:
macOS Catalina 10.15.1 (19B88)
Time since boot: Less than an hour
Configuration Files:
/etc/hosts - Count: 1
Notifications:
(Deleted)
one notification
/Applications/calibre.app
17 notifications
(Deleted)
2 notifications
/Library/Bitdefender/AVP/AntivirusforMac.app
17 notifications
Security:
System Status
Gatekeeper: App Store and identified developers
System Integrity Protection: Enabled
Antivirus software: Apple and Bitdefender
Kernel Extensions:
/Library/Extensions
[Loaded] FileProtect.kext (1.1 - SDK 10.14)
[Loaded] SelfProtect.kext (1.2.15 - SDK 10.10)
[Loaded] TMProtection.kext (5.0.0 - SDK 10.14)
System Launch Agents:
[Not Loaded] 17 Apple tasks
[Loaded] 168 Apple tasks
[Running] 125 Apple tasks
System Launch Daemons:
[Not Loaded] 35 Apple tasks
[Loaded] 182 Apple tasks
[Running] 119 Apple tasks
Launch Agents:
[Running] com.bitdefender.antivirusformac.plist (Bitdefender SRL - installed 2019-10-28)
[Other] com.google.keystone.agent.plist (? 2ee7ccba - installed 2019-11-19)
Launch Daemons:
[Loaded] com.bitdefender.AuthHelperTool.plist (Bitdefender SRL - installed 2019-10-28)
[Not Loaded] com.bitdefender.agent.plist (Bitdefender SRL - installed 2019-11-18)
[Loaded] com.bitdefender.upgrade.plist (Bitdefender SRL - installed 2019-10-28)
[Loaded] com.google.keystone.daemon.plist (? 6ee2490f - installed 2019-11-19)
User Login Items:
[Not Loaded] 1Blocker Helper (App Store - installed 2019-11-20)
Modern Login Item
/Applications/1Blocker.app/Contents/Library/LoginItems/1Blocker Helper.app
[Not Loaded] 1Password Extension Helper (App Store - installed 2019-11-18)
Modern Login Item
/Applications/1Password 7.app/Contents/Library/LoginItems/1Password Extension Helper.app
[Not Loaded] 1Password Launcher (App Store - installed 2019-11-18)
Modern Login Item
/Applications/1Password 7.app/Contents/Library/LoginItems/1Password Launcher.app
[Not Loaded] Bitdefender VPN Helper (Bitdefender SRL - installed 2019-11-18)
Modern Login Item
/Library/Bitdefender/Central/Modules/com.bitdefender.vpn/Bitdefender VPN.app/Contents/Library/LoginItems/Bitdefender VPN Helper.app
Safari Extensions:
"Open In" button for Internet Explorer - Parallels International GmbH (installed 2019-10-28)
1Blocker Button - App Store (installed 2019-11-20)
1Password - App Store (installed 2019-11-18)
AdBlock Engine - App Store (installed 2019-11-18)
AdBlock Icon - App Store (installed 2019-11-18)
Anti-tracker Engine - Bitdefender SRL (installed 2019-11-18)
Anti-tracker Icon - Bitdefender SRL (installed 2019-11-18)
Block Ads - App Store (installed 2019-11-20)
Block Adult Sites - App Store (installed 2019-11-20)
Block Annoyances - App Store (installed 2019-11-20)
Block Comments - App Store (installed 2019-11-20)
Block Social Widgets - App Store (installed 2019-11-20)
Block Trackers - App Store (installed 2019-11-20)
Custom Rules - App Store (installed 2019-11-20)
Regional Rules - App Store (installed 2019-11-20)
TrafficLight - Bitdefender SRL (installed 2019-11-18)
Time Machine:
Time Machine Not Configured!
Performance:
System Load: 2.10 (1 min ago) 1.82 (5 min ago) 1.72 (15 min ago)
Nominal I/O speed: 11.88*MB/s
File system: 21.02 seconds
Write speed: 708*MB/s
Read speed: 767*MB/s
CPU Usage Snapshot:
Type Overall
System 2*%
User 12*%
Idle 85*%
Top Processes Snapshot by CPU:
Process (count) CPU (Source - Location)
syspolicyd 49.84*% (Apple)
BDCoreIssues 24.78*% (Bitdefender SRL)
trustd (4) 24.74*% (Apple)
mds 3.42*% (Apple)
mds_stores 3.30*% (Apple)
Top Processes Snapshot by Memory:
Process (count) RAM usage (Source - Location)
EtreCheckPro 534*MB (Etresoft, Inc.)
BDLDaemon 432*MB (Bitdefender SRL)
mdworker_shared (25) 383*MB (Apple)
com.apple.SafariServices.ExtensionHelper 346*MB (Apple)
MTLCompilerService (12) 238*MB (Apple)
Top Processes Snapshot by Network Use:
Process (count) Input / Output (Source - Location)
mDNSResponder 95*KB / 64*KB (Apple)
apsd 16*KB / 26*KB (Apple)
parsecd 28*KB / 11*KB (Apple)
com.apple.WebKit.Networking 20*KB / 4*KB (Apple)
cloudd 15*KB / 7*KB (Apple)
Top Processes Snapshot by Energy Use:
Process (count) Energy (0-100) (Source - Location)
syspolicyd 22 (Apple)
BDCoreIssues 14 (Bitdefender SRL)
trustd (4) 13 (Apple)
mds_stores 2 (Apple)
mds 2 (Apple)
Virtual Memory Information:
Physical RAM: 16*GB
Free RAM: 4.82*GB
Used RAM: 6.06*GB
Cached files: 5.12*GB
Available RAM: 9.94*GB
Swap Used: 0*B
Software Installs (past 30 days):
Install Date Name (Version)
2019-11-18 Gatekeeper Configuration Data (181)
2019-11-18 XProtectPlistConfigData (2108)
2019-11-18 1Password 7 (7.4.1)
2019-11-18 Keynote (9.0)
2019-11-18 Numbers (6.0)
2019-11-18 Affinity Photo (1.7.3)
2019-11-18 Affinity Designer (1.7.3)
2019-11-18 Pages (8.0)
2019-11-18 Bitdefender Virus Scanner (3.15)
2019-11-18 AdBlock (1.22.0)
2019-11-18 Bitdefender (1.2.14.232)
2019-11-18 avformac (8.1.2.20)
2019-11-19 Google Software Update (1.2.0.7709)
2019-11-20 1Blocker (3.0.3)
2019-11-22 Adobe Digital Editions 4.5.10 (4.5.10.0)
2019-11-25 EtreCheck (5.4.5)
Diagnostics Information (past 7 days):
2019-11-18 22:29:26 AMPLibraryAgent High CPU Use
Executable: /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent
2019-11-18 19:34:23 BDLDaemon High CPU Use
Executable: /Library/Bitdefender/AVP/BDLDaemon
2019-11-18 19:33:00 BDUpdDaemon High CPU Use
Executable: /Library/Bitdefender/AVP/antivirus.bundle/BDUpdDaemon
2019-11-18 19:16:51 BitdefenderVirusScanner.app High CPU Use
Executable: /Applications/BitdefenderVirusScanner.app
End of report Vielen Dank!
:dankeschoen: |