12 Replies Latest reply: Jul 7, 2008 3:58 PM by V.K.
S33K3R ()F Knowl3dg3 Level 1 Level 1 (0 points)
In the "Other User Processes" section of Activity Monitor the users are _securityagent, daemon, _mdnsresponder, nobody, and _windowserver and some of them sound mischievous. The root user is disabled and it is still running processes (I have heard that this is normal but some of the processes names sound weird such as; mds, notifyd, kextd, sh, ntpd, hidd, mdsintegod, kernel_task and syslogd. There is probably nothing to worry about because these are probably abbreviations for things, but what concerns me is the processes called "sh" and "hidd." The processes that take up the most CPU are "pmTool" and "intermapperd" and the ones with the most threads are "kernel_task"-with 52, "mds"-with 17, and "fseventsd"-with 10. There is probably nothing wrong but I would like some help. One last thing, most inactive processes are directed by the root and me.

Message was edited by: S33K3R ()F Knowl3dg3

iMac4,1, Mac OS X (10.5.4), purchased two years ago
  • Barry Hemphill Level 8 Level 8 (36,970 points)
    Hello s:

    I am inquisitive too. However, if I were you, I would not spend time looking at the activity monitor unless you have a problem. Most of the processes you listed are UNIX system processes that do various things - none of which are of concern to an OS X user.

    Barry
  • glsmith Level 3 Level 3 (875 points)
    As Barry suggests, these processes are part of the guts of OS X and can safely be ignored for almost all Mac users. They should never be killed, disabled, stopped, etc without fully understanding the ramifications of doing so.

    Similarly, the user accounts you list are also part of the system infrastructure, and do not mean you have anything nefarious going on.

    To answer a bit more specifically on some of your questions, though:

    There is probably nothing to worry about because these are probably abbreviations for things, but what concerns me is the processes called "sh" and "hidd."


    "sh" is a shell, called the Bourne shell. A shell is used with Terminal to provide you the command line. This shell is very basic and is not typically used by a user account, but the underlying system frequently uses it. This is ok to see in Activity Monitor.

    "hdid" is a legacy system process that handles the loading and decompression of disk images on your system. This process will likely be gone in later versions of 10.x. This process is also ok to be running.

    As for some of the other processes:

    mds: This is your metadata server, part of the Spotlight functionality.
    notifyd: This system process allows system events to be known to other processes.
    kextd: System process that allows kernel extensions to be loaded into the system.
    sh: The Bourne shell.
    ntpd: A system process that manages time on your computer.
    hidd: System process that works with disk images.
    syslogd: System process that manages the logging infrastructure.

    The only process I'm not familiar with is the one you list as "mdsintegod". Was this a typo, or do you really have a process called that running on your system? (Probably nothing to worry about, I just don't recognize it, nor can I find it on my system). Do you perhaps have something like NetBarrier installed?
  • V.K. Level 9 Level 9 (56,110 points)
    I'm pretty sure that "mdsintegod" is something that intego antivirus program installs. that thing is pretty useless and only creates problems for users.
    another thing he mentions "intermapperd" also seems to be related to a user installed application "Intermapper". all else is completely standard system stuff as you say.


    BTW,AFAIK hidd stands for the human interface device daemon and is responsible for interaction with the keyboard and the mouse and other input devices.
  • S33K3R ()F Knowl3dg3 Level 1 Level 1 (0 points)
    Thank you, for helping me. Just to let you know I have installed Net Barrier X5 and it is helpful if you know how to use it, like you can block IP Addresses from entering your system. Intermapper was some stupid program that showed the global positioning of your computer or something and I tried using AppDelete to take it of my system, but there are some files that it installed in my computer like in the private/var sections that I do not have access to so it is running processes while the main application is deleted. I have one last question though, what user is "nobody"?

    Message was edited by: S33K3R ()F Knowl3dg3
  • Jeffrey Jones2 Level 6 Level 6 (8,615 points)
    pmtool is the process Activity Monitor uses to monitor your processes. It's always there when using AM. Quit AM and it goes away. But that is like the refrigerator light. Does it really go away? Start up AM to check. Whoop! There it is again... (Actually, you can run top in the Terminal to see that pmtool really does go away when you quit Activity Monitor.)

    When people say "root is disabled", they mean the root account has no password, so no one can log into that account. But the root account exists, and it owns some processes that are crucial to the operation of your computer. Processes like...

    kernel_task. This is the core, the nub, the gist, the kernel of the operating system itself. Process ID 0, the first and last process on your system, the central manager of everything it does.

    As for nobody, [nobody|http://en.wikipedia.org/wiki/Nobody_%28username%29]
  • V.K. Level 9 Level 9 (56,110 points)
    user nobody is a standard OS X system as was already mentioned. It runs some specific services on the computer (not sure which) and is designed to run with minimal permissions possible. You really should quit worrying about that stuff.


    If Intermapper is not completely removed and is still running some processes I would do the following.

    1. check your login items in account preferences and remove any intermapper related items if they are there.

    2. do a finder search for intermapper and trash whatever you find. Make sure you include system files in your search (they are excluded by default).
  • glsmith Level 3 Level 3 (875 points)
    BTW,AFAIK hidd stands for the human interface device daemon and is responsible for interaction with the keyboard and the mouse and other input devices.


    Oops, you're quite correct. I read that as "hdid", which is what I described. That process isn't a daemon, apparently, so wouldn't normally be running. The "hidd" process is what you describe...
  • S33K3R ()F Knowl3dg3 Level 1 Level 1 (0 points)
    I went to the website and then and read the information, and then I checked in Activity Monitor and saw that "nobody" was running two processes and there was also a daemon user

    Jeffrey Jones2 wrote:
    pmtool is the process Activity Monitor uses to monitor your processes. It's always there when using AM. Quit AM and it goes away. But that is like the refrigerator light. Does it really go away? Start up AM to check. Whoop! There it is again... (Actually, you can run top in the Terminal to see that pmtool really does go away when you quit Activity Monitor.)

    When people say "root is disabled", they mean the root account has no password, so no one can log into that account. But the root account exists, and it owns some processes that are crucial to the operation of your computer. Processes like...

    kernel_task. This is the core, the nub, the gist, the kernel of the operating system itself. Process ID 0, the first and last process on your system, the central manager of everything it does.

    As for nobody, [nobody|http://en.wikipedia.org/wiki/Nobody_%28username%29]
  • S33K3R ()F Knowl3dg3 Level 1 Level 1 (0 points)
    V.K. wrote:
    user nobody is a standard OS X system as was already mentioned. It runs some specific services on the computer (not sure which) and is designed to run with minimal permissions possible. You really should quit worrying about that stuff.


    If Intermapper is not completely removed and is still running some processes I would do the following.

    1. check your login items in account preferences and remove any intermapper related items if they are there.

    2. do a finder search for intermapper and trash whatever you find. Make sure you include system files in your search (they are excluded by default).


    How do you include system files in your finder search?
  • V.K. Level 9 Level 9 (56,110 points)
    see this [link|http://discussions.apple.com/thread.jspa?messageID=7433355&#7433355].
  • S33K3R ()F Knowl3dg3 Level 1 Level 1 (0 points)
    Thank you so much for teaching me how to delete intermapper completely, and I was able to but I had some trouble. When I went to other and searched system files that did not include... I found a whole slue of files and I put all of them in the trash. When I tried to empty them, a message popped up and it said that it failed because a whole bunch of things were running, so I found the Intermapperd process that was running, force quit it and proceeded to empty the trash. It worked, but I had to empty the trash right after I the process was quit, because it always starts up again after I quit it. The actual thing that runs the process was a terminal program, which probably made it more difficult to delete.

    Message was edited by: S33K3R ()F Knowl3dg3
  • V.K. Level 9 Level 9 (56,110 points)
    ok, I hope you cleaned it all out. restart and see if the intermapper process runs again. if not you should be ok.