2 Replies Latest reply: Aug 1, 2013 5:43 AM by Ali Kaylan
Gerben Wierda Level 1 Level 1 (125 points)

Lately I have been experiencing that when I try to unlock my screen (after sleep probably, but I am uncertain), I sometimes get the following behaviour:

  • Mouse can move, this wakes the screen and gives me the unlock panel
  • Keyboard  typing does not do anything
  • Mouse clicking seems not to do anything, so maybe the previous problem is because the input field does not have focus. I can't also do something like cancel or switch user. Effectively I am stuck.
  • The system sounds pretty busy with disk access

 

Keyboard and mouse (trackpad) are both Bluetooth.

 

When I log in via ssh from another machine, I see a few processes on the system for my user

 

hermione:~ foo$ ps -U foo

  PID TTY           TIME CMD

  214 ??         0:06.92 /sbin/launchd

  228 ??         0:18.86 /usr/sbin/distnoted agent

5902 ??         0:00.01 /usr/sbin/pboard

5908 ??         0:00.88 /System/Library/CoreServices/NetworkBrowserAgent

5912 ??         0:08.57 /usr/sbin/usernoted

5928 ??         0:00.38 /Library/Application Support/iStat Menus 4/iStatMenusAgent

5942 ??         0:09.02 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/fontd

6155 ??         0:00.42 /usr/libexec/lsboxd

6753 ??         0:00.67 adb fork-server server

8460 ??         0:02.27 /System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/i magent

9637 ??         0:00.22 /System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent

10901 ??         0:01.05 /usr/sbin/cfprefsd agent

10909 ??         0:10.34 /System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarA gent

10910 ??         0:00.07 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

10951 ??         0:00.31 /System/Library/CoreServices/pbs

11134 ??         0:00.22 /usr/libexec/xpcd

11153 ??         0:00.03 /System/Library/CoreServices/AppleIDAuthAgent

11219 ??         0:01.77 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent

12161 ??         0:00.18 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.f ramework/Versions/A/printtool agent

12287 ??         1:12.45 /System/Library/CoreServices/ManagedClient.app/Contents/Resources/HomeSync.app/ Contents/MacOS/HomeSync

12288 ??         0:00.07 /System/Library/CoreServices/talagent

12333 ??         0:00.58 /usr/libexec/UserEventAgent (Aqua)

12364 ??         0:00.13 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent

12377 ??         0:00.01 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent --launchd

12428 ??         0:00.03 /usr/sbin/sshd -i

12429 ttys000    0:00.03 -bash

12454 ttys000    0:00.00 ps -U foo

 

The last three are my ssh login.

 

When I kill -15 HomeSync, the user gets logged out. But not all processes have died:

 

hermione:~ foo$ ps -U foo

  PID TTY           TIME CMD

  214 ??         0:06.93 /sbin/launchd

  228 ??         0:18.86 /usr/sbin/distnoted agent

6753 ??         0:00.67 adb fork-server server

10901 ??         0:01.06 /usr/sbin/cfprefsd agent

10910 ??         0:00.07 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

11134 ??         0:00.23 /usr/libexec/xpcd

11219 ??         0:01.80 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent

12428 ??         0:00.03 /usr/sbin/sshd -i

12475 ??         0:00.04 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared

12487 ??         0:00.07 /System/Library/CoreServices/ManagedClient.app/Contents/Resources/HomeSync.app/ Contents/MacOS/HomeSync

12429 ttys000    0:00.03 -bash

12488 ttys000    0:00.00 ps -U foo

 

Login again on the system and you see a lot more:

 

hermione:~ foo$ ps -U foo

  PID TTY           TIME CMD

  214 ??         0:07.04 /sbin/launchd

  228 ??         0:19.12 /usr/sbin/distnoted agent

6753 ??         0:00.67 adb fork-server server

10901 ??         0:01.29 /usr/sbin/cfprefsd agent

10910 ??         0:00.08 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

11134 ??         0:00.26 /usr/libexec/xpcd

12428 ??         0:00.03 /usr/sbin/sshd -i

12500 ??         0:00.53 /usr/libexec/UserEventAgent (Aqua)

12505 ??         0:00.01 /usr/sbin/pboard

12507 ??         0:01.08 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock

12508 ??         0:00.07 /System/Library/CoreServices/talagent

12509 ??         0:05.18 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer

12510 ??         0:03.58 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder

12514 ??         0:00.09 /usr/sbin/usernoted

12518 ??         0:00.45 /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/Notification Center

12522 ??         0:00.46 /System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/i magent

12523 ??         0:00.01 /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/helpd

12525 ??         0:00.01 /System/Library/CoreServices/AppleIDAuthAgent

12526 ??         0:00.82 /System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/CalendarA gent

12527 ??         0:00.05 /System/Library/PrivateFrameworks/AssistantServices.framework/assistantd

12530 ??         0:00.03 /Library/Application Support/iStat Menus 4/iStatMenusAgent

12540 ??         0:00.03 /System/Library/CoreServices/NetworkBrowserAgent

12541 ??         0:00.05 /System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd

12549 ??         0:00.34 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/fontd

12550 ??         0:05.01 /Applications/Dropbox.app/Contents/MacOS/Dropbox -psn_0_6284798

12551 ??         0:00.03 /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app/Contents/MacOS/iTunesH elper -psn_0_6288895

12558 ??         0:00.25 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 1

12560 ??         0:00.05 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent

12562 ??         0:00.08 /System/Library/Frameworks/CFNetwork.framework/Versions/A/Support/cookied

12567 ??         0:03.91 /System/Library/CoreServices/FileSyncAgent.app/Contents/MacOS/FileSyncAgent -launchedByLaunchd -PHDPlist

12568 ??         0:00.25 com.apple.dock.extra

12594 ??         0:00.19 /System/Library/Image Capture/Support/Image Capture Extension.app/Contents/MacOS/Image Capture Extension -psn_0_6338059

12599 ??         0:00.01 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent --launchd

12600 ??         0:00.06 /Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/CIJScannerRegister.app/Contents/Ma cOS/CIJScannerRegister -psn_0_6346253

12601 ??         0:00.06 /Library/DropboxHelperTools/Dropbox_u1025/dbfseventsd

12602 ??         0:00.38 /Library/DropboxHelperTools/Dropbox_u1025/dbfseventsd

12603 ??         0:00.34 /Library/DropboxHelperTools/Dropbox_u1025/dbfseventsd

12609 ??         0:00.17 /System/Library/CoreServices/pbs

12610 ??         0:00.02 /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell -psn_0_6350350

12621 ??         0:00.13 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent

12624 ??         0:00.09 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent

12625 ??         0:00.08 /System/Library/CoreServices/backupd.bundle/Contents/Resources/TMLaunchAgent.ap p/Contents/MacOS/TMLaunchAgent

12629 ??         0:00.04 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared

12429 ttys000    0:00.03 -bash

12632 ttys000    0:00.00 ps -U foo

 

The system hangs again with some app File Sync in the menu bar and it does not react.

 

I kill Finder (12510) and the user is logged out. But some processes remain:

 

hermione:~ foo$ ps -U foo

  PID TTY           TIME CMD

  214 ??         0:07.07 /sbin/launchd

  228 ??         0:19.23 /usr/sbin/distnoted agent

6753 ??         0:00.67 adb fork-server server

10901 ??         0:01.33 /usr/sbin/cfprefsd agent

10910 ??         0:00.08 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

11134 ??         0:00.26 /usr/libexec/xpcd

12428 ??         0:00.04 /usr/sbin/sshd -i

12558 ??         0:00.25 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMCompiler 1

12651 ??         0:00.12 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthSysAgent

12429 ttys000    0:00.03 -bash

12683 ttys000    0:00.00 ps -U foo

 

I reboot the system and relogin from the outside using ssh and get:

 

hermione:~ foo$ ps -U foo

  PID TTY           TIME CMD

  148 ??         0:00.00 /sbin/launchd

  150 ??         0:00.00 /usr/sbin/sshd -i

  151 ttys000    0:00.01 -bash

  155 ttys000    0:00.00 ps -U foo

 

Which is pretty much as I expect it. My suspicion is that a logout with Home Sync somehow goes haywire. Or Adobe CS6 is playing havoc. Funny: is you look for "adb fork-server server" you get a lot of Android links. I have a adb executable on that Mac somewhere in Adobe InDesign:

 

hermione:~ foo$ file "/Applications/Adobe InDesign CS6/Utilities/adb"

/Applications/Adobe InDesign CS6/Utilities/adb: Mach-O executable i386

 

Hmm, I look at the strings in that executable, and there is a lot of SSL. It starts with:

 

hermione:~ foo$ strings "/Applications/Adobe InDesign CS6/Utilities/adb"

system/core/adb/adb.c

adb: online

tcp:%d

unable to parse '%s' as <console port>,<adb port>

Invalid port numbers: Expected positive numbers, got '%s'

Emulator on port %d already registered.

Cannot accept more emulators.

Connected to emulator on ports %d,%d

Could not connect to emulator on ports %d,%d

bad host name %s

bad port number %s

 

That actually looks like some emulator for Android. What is that doing in Adobe InDesign? Now I am getting suspicious. Are my keyboard problems some keylogger somewhere? Something that came with Adobe somehow? Some Flash thing that infected my system?