Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Url Connection Agent in console - is this hacker? Seriously concerned :(


  • Please log in to reply
8 replies to this topic

#1 BustedFlush

BustedFlush

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 16 November 2016 - 06:10 PM

Sorry for spate of threads, but i am seriously concerned. I am not tech savvy, but this sounds bad. This happened same evening that i had a 'another device is using this IP address'. 

 

I think i will just wipe everything at this rate... Any advice much appreciated

 

 

16/11/2016 23:46:47.543 com.avast.proxy[217]: )
chrome-54.0.2840.98mcs.android.com5710397433785421036"5710397433785421036*66724296903051281882android-4f3f683607150cecB
new_vc1`
16/11/2016 23:48:26.850 com.apple.xpc.launchd[1]: (com.apple.PubSub.Agent[707]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.pubsub.ipc
16/11/2016 23:48:26.850 com.apple.xpc.launchd[1]: (com.apple.PubSub.Agent[707]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.pubsub.notification
16/11/2016 23:48:31.662 com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
16/11/2016 23:48:42.809 com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
16/11/2016 23:48:43.733 com.apple.xpc.launchd[1]: (com.apple.imfoundation.IMRemoteURLConnectionAgent) The _DirtyJetsamMemoryLimit key is not available on this platform.
16/11/2016 23:48:49.276 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 7
16/11/2016 23:48:49.286 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 8
16/11/2016 23:49:06.979 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 9
16/11/2016 23:49:06.988 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 10
16/11/2016 23:49:11.795 WindowServer[178]: _CGXGetWindowOrderingGroup: Operation on a window 0x63 requiring rights 0x5 by caller System Preferences
16/11/2016 23:49:14.654 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 11
16/11/2016 23:49:14.664 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 12
16/11/2016 23:49:14.674 WiFiAgent[397]:  SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!! 13
16/11/2016 23:49:14.813 WindowServer[178]: window 63 is already attached to window 61
 


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:42 AM

Posted 16 November 2016 - 07:55 PM

Another device using the IP address is a remotely generated error. It normally happens when you connect to a proxy or other remote server and the address you ask for is already in use. The server will then generate that error and then assign you a new IP address. It's not commonly an indication of a security breach.



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:42 AM

Posted 16 November 2016 - 08:03 PM

And the other lines there show normal error and authentication alerts. There are no flashing lights or alarm bells ringing.

 

If you want to understand what these things mean use Google, rather than becoming paranoid. Search things like

 

  • com.apple.xpc.launchd
  • com.apple.PubSub.Agent[707]) Endpoint has been activated through legacy launch(3) APIs
  • com.apple.imfoundation.IMRemoteURLConnectionAgent
  • The _DirtyJetsamMemoryLimit key is not available on this platform
  • SOSCCThisDeviceIsInCircle SOSCCThisDeviceIsInCircle!!
  • CGXGetWindowOrderingGroup: Operation on a window 0x63 requiring rights 0x5 by caller System Preferences
  • window 63 is already attached to window 61

 

All the answers to your questions are already right there in your post.



#4 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 17 November 2016 - 05:57 AM

Thanks TsVk, and sorry if appearing paranoid. But i am genuinely concerned: I have these showing up in the console, firstly the RemoteUrlConnectionAGent denying XPC connection - which in my understanding is to wake the system. Then the messages in bold below regarding "defending IP address'.

 

Again, apologies if these are not an issue, but i received this after two crashes tonight and the message 'another user on IP address' for the first time i've ever seen it.  I googled it and the latter could be someone Spoofing my Mac address, no?

 

16/11/2016 23:20:16.393 IMRemoteURLConnectionAgent[497]: [Warning] Denying xpc connection, task does not have entitlement: com.apple.private.imcore.imremoteurlconnection  (callservicesd:334)
16/11/2016 23:20:16.394 callservicesd[334]: [Warning] Remote loader crashed for request: <NSMutableURLRequest: 0x7fcf9047e350> { URL: http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag?ix=1 }
16/11/2016 23:20:16.394 IMRemoteURLConnectionAgent[497]: [Warning] Denying xpc connection, task does not have entitlement: com.apple.private.imcore.imremoteurlconnection  (callservicesd:334)
 
 
 
16/11/2016 23:21:00.669 configd[47]: DHCP en1: defending IP 192.168.0.100 against a4:f1:e8:4f:04:75 1 (of 5)
16/11/2016 23:21:00.000 kernel[0]: en1 duplicate IP address 192.168.0.100 sent from address a4:f1:e8:4f:04:75
16/11/2016 23:21:00.677 configd[47]: DHCP en1: defending IP 192.168.0.100 against a4:f1:e8:4f:04:75 2 (of 5)
16/11/2016 23:21:00.000 kernel[0]: en1 duplicate IP address 192.168.0.100 sent from address a4:f1:e8:4f:04:75
16/11/2016 23:21:00.683 configd[47]: DHCP en1: defending IP 192.168.0.100 against a4:f1:e8:4f:04:75 3 (of 5)
16/11/2016 23:21:00.000 kernel[0]: en1 duplicate IP address 192.168.0.100 sent from address a4:f1:e8:4f:04:75
16/11/2016 23:21:00.688 configd[47]: DHCP en1: defending IP 192.168.0.100 against a4:f1:e8:4f:04:75 4 (of 5)
16/11/2016 23:21:00.000 kernel[0]: en1 duplicate IP address 192.168.0.100 sent from address a4:f1:e8:4f:04:75
16/11/2016 23:21:00.693 configd[47]: DHCP en1: defending IP 192.168.0.100 against a4:f1:e8:4f:04:75 5 (of 5)
16/11/2016 23:21:00.000 kernel[0]: en1 duplicate IP address 192.168.0.100 sent from address a4:f1:e8:4f:04:75

Edited by BustedFlush, 17 November 2016 - 05:58 AM.


#5 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 17 November 2016 - 06:29 AM

Apologies, it turns out the latter address is my Ipod touch... So i'm assuming there is nothing to be concerned with here... Thanks. 



#6 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 17 November 2016 - 06:56 AM

Sorry TsVk, but i googled the term: CGXGetWindowOrderingGroup: Operation on a window 0x63 requiring rights 0x5 by caller System Preferences - and couldnt get (or understand) any answer. 

 

Is there any chance you could break down in laymen's terms what this means? I have it showing up in the console log. 



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:42 AM

Posted 17 November 2016 - 04:35 PM

WindowServer is a system service that acts as the liaison between OS X apps and your Mac's graphics hardware. Basically, if an app wants to draw something on your Mac's screen, WindowServer is the one telling the graphics card what and where to draw it. I assume CGXGetWindowOrderingGroup is a function of that service and one of the windows needs extended rights to run, but isn't getting it. It's a type of software generated error.

 

As to how to fix it... I've found a bunch of threads going back for years, none that I found seem to know. Though the problem does appear to relate to "com.apple.time/0x63:".



#8 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 PM

Posted 17 November 2016 - 06:32 PM

Thanks fella, much appreciated. 



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:42 AM

Posted 17 November 2016 - 06:43 PM

No problems.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users