I have discovered that someone has gotten onto my MBAir and created me as their “client” using ARD [Apple Remote Desktop]. This is my computer. Sharing is not on. I have not given access to anyone or shared my password. The alleged person is a computer programmer. After numerous issues where I suspected tampering, (I have been through this before which prompted Apple to replace the motherboard), I started doing searches in Terminal. That’s when I discovered that they are using ARD to remotely connect to my computer.
In an attempt to get rid of this intrusion, I have used two sudo commands to remove ARD from my MBAir. Once either terminal command runs, a notice appears stating that ARD will be removed after reboot. I reboot but the person reconnects; it shows up as “restored” in a grey bar with a time stamp when I open my laptop. I started using the sudo commands in January.
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
sudo systemsetup -setremotelogin off
I need another way to get rid of this illegal intrusion. Apple had me do a reinstall of the Sonoma Operating System but that did nothing. Given the age of my computer, it can’t be upgraded to the new OS. Can I find something embedded in Library on my HD that I could delete? Or a sudo command that will permanently block this person. I am not a computer scientist so lay language please. Thank you.
PS: When either command is run after I enter my password, the Terminal message reads: Starting…Removed preference to start ARD after reboot. Done.
When this person reconnects, I get a “restored” message in a grey bar followed by my login time.
