Adware/Malware/Gamecontrollerd -rm impossible

DMD44 wrote:

Yes, Gamecontrollerd is not there. I still don't know what that exec does. No game player around here.

There are literally hundreds of similar utilities constantly running on your Mac for all manner of services that you never intend to use. In most cases, if you never use them, they never use a noticeable amount of CPU. If they do, then that is a problem. You won't solve the problem by deleting the executable. That would likely only make it worse. You have to identify why the service is misbehaving and correct the problem.

That why I think your hosts file is the most likely culprit. There are so many bad suggestions on the internet to add dead entries to that file to prevent various systems and apps from "phoning home". That will work, but it might also cause those same apps to misbehave because they can't contact their servers.

Etrecheck seems to do some job, it is a Canadian startup and I am sure they can refine their software by collecting data. So I am happy to contribute, if they don't do more than that to my hard drive without me knowing it.

EtreCheck doesn't collect any data from scans. If you had paid for the Power User package and submitted your report to the artificial intelligence Solution server, then your report's data would be included in the aggregate Insights feature. A limited number of Insights pages are available in the free version. You do have to pay to see them all.

In any event, all personal information is automatically stripped from the report before submitting it.

EtreCheck never makes any permanent changes to your system. The most it will do is read and write some temporary files as part of its hard drive performance test. It will also delete malware, but only if you specifically ask it to.

So no, you haven't submitted anything.

The software also scans my applications but doesn't generate a report (want me to pay for that). Don't think application scan is even necessary, or is it nowadays?

It's a long story. It does need to scan for applications to look for things like login items and embedded system modifications.

In the free report, it only show the total count of "old" (either 32-bit or Intel) applications. The free report is specifically designed to help people here in the forums see what is wrong with your computer. Any specific old apps aren't going to be significant for that. That list of old applications are more useful for learning more about your computer and software and planning for the future. That kind of activity is more within the responsibility of the paid Power User package.

Additionally, the design of the software and the Power User package in-app purchase doesn't give me a way to display this information outside of the paid, enhanced version of the report. There is a free alternative in the Tools menu that is equivalent.

I don't see any uninstaller for Etrecheck either.

Do you know how to uninstall it, if needed?

Drag it to the trash. Please don't use any "clean up" tools or "app zappers". Any "leftover" files aren't going to consume much disk space and/or were probably created by the operating system anyway. The "app zapper" tools are more likely to do harm than save any disk space.

I will run Mac's own tools and see what I find concerning slow writing to the disk. Partition issue? It has been a while I didn't update myself.

You could try other disk performance tools or just generate additional EtreCheck reports. Disk performance is always tricky because the hard drive is always in use. With any tool, including EtreCheck, an accurate assessment will usually require multiple tests.

This might even be normal for a computer that has seen very heavy use. Your batter is already under "service battery" condition. Apple has a flat-fee battery service program available. I highly recommend it. I recently had this battery service on my old 2014 and 2015 computers that were swelling. Apple actually replaced more parts than just the battery.

A battery under "service" condition might even be causing the system to throttle performance. Since you have to leave the computer with Apple anyway, you'll need to backup the computer and erase the hard drive. Then, when you get it back, you'll want to do another erase and reinstall of the operating system. All of that may very well restore your hard drive to optimal performance.

Hosts: I see a couple of entries in that file that I can't identify as legitimate. Should edit in vim after double checking, or just let them be to do whatever they want to do. Will see.

I say just do the battery service and wipe everything away. When you restore your data, only restore your user accounts. Do not restore apps or "other files" (which would included this hosts files). Then manually reinstall only the latest versions of the apps you really need. That will wipe away the hosts file.

Whatever they are and whatever 'normal' may mean today,

By that, I just mean you'll find those files on every Mac running at least Big Sur and Monterey as the OS itself installs them. They may go back further than I can check. My Mojave partition has gamecontrollerd on it, but not gamecontrolleragentd, so the latter appeared after that OS.

terminal says it is at root level, I thought I have root-level permissions as admin to touch that folder.

In Catalina and later (locked down even more so in Big Sur and Monterey), the OS is on separate read-only, cryptographically signed volume. The user can't do anything to the folders owned by the OS. That's the separation you see in Disk Utility for an example like MyComputer and MyComputer-Data. The Data volume is where your user accounts and their associated files go.

Even your third party apps are separated. They look like they're all in one Applications folder from the Finder, but they're not. Those installed by the OS are in the /System/Applications folder. Yours are at /Applications. This root folder rather than directly in a user account so any third party apps only need to be installed once, with all user accounts having access.

The concept makes installing malware nearly impossible, unless someone has direct access to your Mac. And even then, no one can install anything that affects anything belonging to the OS, or even tamper with it since it's all read only. The only place adware and other junk can go is into a user account, or the user controlled portion of the Applications folder.

DMD44 wrote:

Phillips, thanks you really for your substantial comments.

Battery, empty space, OS update were already known to me and constants compare to earlier. Those Plugins should be removed but they are reported as 'unloaded'.

Remains above all /etc/hosts - Count: 50

I also wonder if there is anything else there. Don't you find the list of Cpu users unusual?

Any suggestions by anyone?

Your EtreCheck report doesn't say anything about gamecontrollerd. It might be interesting to generate another report while gamecontrollerd is misbehaving. Without that, those /etc/hosts additions are unusual. A count of 50 is relatively unusual. This seems like the most likely candidate for causing problems. Various software apps are trying to contact various servers and receiving errors due to these hosts entries. That can easily cause high CPU usage.

See this User Tip for more information: Fixing a hacked /etc/hosts file - Apple Community

Otherwise, the report looks mostly OK. Firefox is using quite a bit of CPU. Your SDD is significantly slower on write operations that I would expect.

Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor and Trusted to use.

The application is free or paid from added features. 

Run the application with Full Disc Access ( Security & Privacy - Full Disc Access ).

It will take a Snap Shot -  both the hardware and software.

 The Report will Not Reveal Any Personal Information. 

Post back the Full Report - copy and paste - using the Additional Text Icon ( 3rd Icon to last )

We can have a look at the report for possible issues and may have possible suggestions to resolve the issues.

Any Third Party Applications that will interfere with the normal operation of the OS, alter, modify, remove or delete or attempt to do so is an invitation for disaster and may require a Reinstallation of the OS.

This includes AntiVirus, Disk Cleaners, Disk Optimizes, UnInstaller etc.

This will include CleanMyMac 

This will include BitDefender 

The The Built in Security  is all that is required.

Both Gamecontrollerd and Gamecontrolleragentd are normal items installed by the OS.

DMD44 wrote:

is there a way to kill or manage this Gamecontrollerd?

No.

It eats up lot of cpu and can't be killed or managed from Activity Monitor as far as I can see...

Can you post a screenshot from Activity Monitor showing this behaviour?

If you are having a problem with gamecontrollerd, then there might be some known cause and fix. On the other hand, there is absolutely nothing stopping malware from using "gamecontrollerd" as the name for its crypto-currency mining engine. You may even need to dig more deeply than Activity Monitor so that you can show the whole path to the offending command.

Starting in Big Sue and into Monterey - the OS resides in a " Sealed and Read Only Volume " for security purposes and can not be altered or Modified except by Apple

Do keep us posted - time permitting - with the progress.