My Mac Book Air is Been Hacked - 1

Hi Apple Community Support Team,

Thank you for going through my post.

I have attached Terminal Command out put below

Further

1, diskutil Terminal Command executed in Mac OS X Utility, Terminal Application provide existence of 13 Disk, label as disk0 to disk12, when executed command

" diskutil list ",

2, one internal Hard Disk, what are these 12 extra disks and can I eject or unmount the disk for that I ran the command " diskutil eject disk12" as fallows

bash-3.2# diskutil eject disk12

Disk disk12 ejected

-bash-3.2# diskutil eject disk11

Disk disk11 ejected

-bash-3.2# diskutil eject disk10

Disk disk10 ejected

-bash-3.2# diskutil eject disk9

Disk disk9 ejected

-bash-3.2# diskutil eject disk8

Disk disk8 ejected

-bash-3.2# diskutil eject disk7

Volume failed to eject

-bash-3.2# diskutil eject disk6

Volume failed to eject

-bash-3.2# diskutil eject disk5

Disk disk5 ejected

-bash-3.2# diskutil eject disk4

Volume failed to eject

-bash-3.2# diskutil eject disk3

Volume failed to eject

-bash-3.2# diskutil eject disk2

Volume failed to eject

-bash-3.2# diskutil eject disk1

Volume failed to eject

The above result I could understand like this

3, " disk12 to disk8 and disk5 in total 6 disk got ejected, but dik1 to disk4, disk6 and disk 7 didn't almost 6disks did not get ejected, why was my question ?, also I have only one internal Hard Disk, no external or USB PENDRIVE connected, and it is running very very basic Mac OS X Utilities, not even Maverick OS loaded yet. So where are these 6 disks mounted and where is it present in my MacBook air my next question ??

4, to further I ran another command " diskutil unmountDisk disk7 " etc.. as shared the output below.

bash-3.2# diskutil unmountDisk disk7

Unmount of disk7 failed: at least one volume could not be unmounted

-bash-3.2# diskutil unmountDisk disk6

Unmount of disk6 failed: at least one volume could not be unmounted

-bash-3.2# diskutil unmountDisk disk4

Unmount of disk4 failed: at least one volume could not be unmounted

-bash-3.2# diskutil unmountDisk disk3

Unmount of disk3 failed: at least one volume could not be unmounted

-bash-3.2# diskutil unmountDisk disk2

Unmount of disk2 failed: at least one volume could not be unmounted

-bash-3.2# diskutil unmountDisk disk1

Unmount of disk1 failed: at least one volume could not be unmounted

And next command " diskutil umount disk7 " it's out put

-bash-3.2# diskutil umount disk7

Volume untitled on disk7 failed to unmount

-bash-3.2# diskutil umount disk6

Volume untitled on disk6 failed to unmount

-bash-3.2# diskutil umount disk4

Volume untitled on disk4 failed to unmount

-bash-3.2# diskutil umount disk3

Volume untitled on disk3 failed to unmount

-bash-3.2# diskutil umount disk2

Volume untitled on disk2 failed to unmount

-bash-3.2# diskutil umount disk1

disk1 was already unmounted or it has a partitioning scheme so use "diskutil unmountDisk" instead

5, error message saying something " Unmount of disk7 failed: at least one volume could not be unmounted " and second command error message " Volume untitled on disk7 failed to unmount "

Thank you Neil22R and KiltedTim,

With all Apple Community Support Discussion Team for their continued Support and Suggestions.

Thank you once again,

I have already checked with etrecheck software, it's is wonderful software and it's, team helped me to install Mac OS Marvicks on top of it Mac OSX Sierra, both install quite okay. but has instability issues like higher crashes.

I was told about bits and pieces of unwanted software caused this, and by download a new MacOS from internet should have resolved this issue, but it didn't happen it had well configured Open Directory with other bits and pieces of unwanted software. As posted in my earlier with last post " My Mac Book Air is Been Hacked - 0" I have posted all the screenshot regarding the Open Directory issues and bits and pieces of unwanted software issues,

So deliberately there's is an Hacker playing with me in hidden part, or their is a bits and pieces of unwanted software or unwanted configuration that's what I feel,

but Hacker must be caused this frequent crashes according to me.

Because I downloaded fresh version of MacOS X almost or more than 2 Hours and it did install, I don't think hardware maybe the issue, I don't know that for sure as it's 10 year old MacBook Air. But the hardware supported download, it even formatting the single physical hard drive with out much issues and installed both MacOS X Mavericks with Sierra, it would have required all the hardware juice to do that. I don't know. I may be missing something ?? Why it's crashes ?? Seen crashes after 7 to 8 boots difference every week or more, space between like a week apart one or two hours of use it is not stable after 7 or 8th boot

So went on to check software from bare basic MacOS Utility

By running commands like diskutil list, it shows me there's 12 disks, why 12 distinctive disk when I have one internal physical disk, no external hard ware or disk connected,

Now I have to figure out what are these 12 Distinctive disks are, first part.

Secondly the launchctl list shows some anonymous software, what is that software is it a good software or something in bits and pieces or something Hacker is using.

Eagerly waiting for some useful information, I have shared the out put of the command in my last post 24 Feb 2023 in terminal out put of each command.

So went out for Google found for MacOS 10.9 have Core Storage, Which is used for FileVault in MacOS Marvicks, then found a command like diskutil list coreStorage found nothing, also fsck said cs was present in /dev/rdisk1s2

Quite interesting facts, Open Directory is almost dead technology of today, but was highly flourish in 2013 when I bought this Mac Book Air,

Google have to much information, need to find right information to solve my issues,

Thank you all for going through my post, and Support me through new ideas and useful information Suggestions.

Tell me whether I am on right path.

Nikhil

Also I have to add that, i have fallowed what I was advised not to use ANY ANTI-VIRUS PRODUCT ESPECIALLY NORTON 360, which I fallowed not used any of such software.

I have taken lots and lots of screenshot to share with Apple Community Support Discussion, I have seen software issues like higher crashes rather than hanging out, etc..

Thank you once again,

Nikhil

6, I am not able understand the two error message, I request Apple Community Support To provide something to understand the error, I am also trying out Google some books and asking friends, I want to know what are these EXTRA six un-ejectable disks with six ejectable disks are,

7, from Google, I got some APPLE Community Support Report like command as fallows " diskutil cs list " and " fdisk /dev/disk7 " For Mac OS X Maverick,

-bash-3.2# diskutil cs list

No CoreStorage logical volume groups found

-bash-3.2# fdisk /dev/disk7

fdisk: /dev/disk7: Resource busy

-bash-3.2# fdisk /dev/disk6

fdisk: /dev/disk6: Resource busy

-bash-3.2# fdisk /dev/disk4

fdisk: /dev/disk4: Resource busy

-bash-3.2# fdisk /dev/disk3

fdisk: /dev/disk3: Resource busy

-bash-3.2# fdisk /dev/disk2

fdisk: /dev/disk2: Resource busy

-bash-3.2# fdisk /dev/disk1

Disk: /dev/disk1 geometry: 620/64/63 [2502188 sectors]

Signature: 0x0

Starting Ending

#: id cyl hd sec - cyl hd sec [ start - size]

------------------------------------------------------------------------

1: 00 0 0 0 - 0 0 0 [ 0 - 0] unused

2: 00 0 0 0 - 0 0 0 [ 0 - 0] unused

3: 00 0 0 0 - 0 0 0 [ 0 - 0] unused

4: 00 0 0 0 - 0 0 0 [ 0 - 0] unused

8, I am getting error like " resource busy " WHY ?? "

9, Further Google APPLE Community Support next Command

" gpt -vv -r show /dev/disk7 " error " Resource busy " why ?? "

Output of the command

bash-3.2# gpt -vv -r show /dev/disk0

gpt show: /dev/disk0: mediasize=121332826112; sectorsize=512; blocks=236978176

gpt show: /dev/disk0: PMBR at sector 0

gpt show: /dev/disk0: Pri GPT at sector 1

gpt show: /dev/disk0: Sec GPT at sector 236978175

start size index contents

0 1 PMBR

1 1 Pri GPT header

2 32 Pri GPT table

34 6

40 409600 1 GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B

409640 236306352 2 GPT part - 48465300-0000-11AA-AA11-00306543ECAC

236715992 262151

236978143 32 Sec GPT table

236978175 1 Sec GPT header

-bash-3.2# gpt -vv -r show /dev/disk1

gpt show: /dev/disk1: mediasize=1281120256; sectorsize=512; blocks=2502188

gpt show: /dev/disk1: MBR not found at sector 0

start size index contents

0 2502188

-bash-3.2# gpt -vv -r show /dev/disk2

gpt show: unable to open device '/dev/disk2': Resource busy

-bash-3.2# gpt -vv -r show /dev/disk3

gpt show: unable to open device '/dev/disk3': Resource busy

-bash-3.2# gpt -vv -r show /dev/disk4

gpt show: unable to open device '/dev/disk4': Resource busy

-bash-3.2# gpt -vv -r show /dev/disk6

gpt show: unable to open device '/dev/disk6': Resource busy

-bash-3.2# gpt -vv -r show /dev/disk7

gpt show: unable to open device '/dev/disk7': Resource busy

Hi APPLE Community Support, thank you all for going through my post and giving useful information,

I am really thankful for your reply, hopefully I will get to know the issue I have been facing may be due to a third party hacker, or some mis configuration or vulnerability at base level, or bits and pieces of software, it takes time and effort,

Thank you all very very much for going through my post. And provide suggestions.

Thank you once again, Eagerly waiting for your reply.

Nikhil.