are these normal process names?
- apsd -ft
Welcome to Apple's discussion groups.
My system has pboard and mdworker but not the others. According to "man" in a Terminal session, rcd is the "remote control daemon". My system has no "man" information about the other two.
Select each of those processes, click in the "Inspect" icon in the tool bar, then on the tab for "Open Files and Ports". In each case one of the first several entries in the list will be the path to the executable. That might give you some extra information.
so lately ive been wondering if i have someone keylogging me
Why? Unless you have allowed an untrusted individual to use an admin account on your machine while unsupervised, that's very unlikely. If you think you've got a malware infection, you probably don't... see my [Mac Virus guide|http://www.reedcorner.net/guides/macvirus>.
are these normal process names?
I don't know about some of those, but in Activity Monitor, select the questionable process and click Inspect, then choose the Open Files and Ports tab. The second item on the list should be the executable file... see where that is and whether that gives you any additional information.
@William Boyd: Here's what man apsd says ...
APSD(8) BSD System Manager's Manual APSD(8)
apsd -- Apple Push Notification service daemon
apsd ApplePushService daemon for Apple Push Notification service. This
is part of the ApplePushService framework.
There are no configuration options to apsd. Users should not run apsd
A lot of people are wrong. The apsd process is a general-purpose process for managing push notifications. The apsd-ft process is for FaceTime. (Note that all the above posts duplicated a typo in the original post, consisting of a space inserted in the name.)
Also, this topic originated in 2011... I don't think that tish! is still looking for answers to this question after more than 3 years.
Well I'm particularly suspicious of pboard too.
If I inspect the process and look at open files and ports, it has some hex numbers, which I'm guessing translate into IP addresses.
03 dot 161 dot 195 dot 236
03 dot 161 dot 142 dot 160
G eneral E lectric C ompany.
Is it sending everything I cut and paste off to some remote host?
It runs out of /usr/sbin with a creation date of Fri 15 July 2011 and size 55088 bytes.
I believe I have malware on my Snow Leopard too. I subscribe to various tech forums and I go back a few days later and things like password no longer work. Also I occasionally get total system lock ups. Why is what I copy/paste to clipboard being communicated to a third-party - G eneral E lectric C ompany? That smacks of spyware.
Furthermore if things like rootkits manage to make their way into your system things like processes actually get filtered out because the commands that feedback process activity have been modified to not show surreptitious processes. That and the fact Apple stopped supporting updates to Snow Leopard makes it a less secure OS probably than W indows 8.
I believe I have malware on my Snow Leopard too.
Then you need to start your own topic and describe, in detail, the exact symptoms you are seeing that lead you to believe that. Omit any of your assumptions about what might be causing that behavior, as that will only cloud the issue and possibly lead the topic astray into discussions that are not directly relevant to your problem. Especially since I believe your assumptions are probably wrong.
With regard to everything you copy being transmitted to GE, you will need to explain in detail what you have seen that makes you believe this is happening. This seems almost ridiculously unlikely, and without the specific evidence to back up this claim, such a statement is more likely to get you ignored than solve your problem.
Finally, be aware that there is currently no known malware capable of infecting Snow Leopard. Apple has maintained the XProtect (anti-malware) definitions in Snow Leopard with signatures for any malware capable of infecting Snow Leopard.