Previous 1 2 Next 22 Replies Latest reply: Feb 19, 2015 8:27 AM by JGFMK
tish! Level 1 Level 1 (5 points)
so lately ive been wondering if i have someone keylogging me, and i decided to look at my activity monitor.

are these normal process names?
- smoke
- apsd -ft
- rcd
- pboard
- mdworker

very appreciated!

Imac 3.06 GHz i3, Mac OS X (10.6.6)
  • William Boyd, Jr. Level 6 Level 6 (10,515 points)
    tishowns wrote:
    are these normal process names?
    - smoke
    - apsd -ft
    - rcd
    - pboard
    - mdworker


    Welcome to Apple's discussion groups.

    My system has pboard and mdworker but not the others. According to "man" in a Terminal session, rcd is the "remote control daemon". My system has no "man" information about the other two.

    Select each of those processes, click in the "Inspect" icon in the tool bar, then on the tab for "Open Files and Ports". In each case one of the first several entries in the list will be the path to the executable. That might give you some extra information.
  • Kappy Level 10 Level 10 (260,300 points)
    The apsd -ft process is the background process for FaceTime.
  • thomas_r. Level 7 Level 7 (30,540 points)
    so lately ive been wondering if i have someone keylogging me


    Why? Unless you have allowed an untrusted individual to use an admin account on your machine while unsupervised, that's very unlikely. If you think you've got a malware infection, you probably don't... see my [Mac Virus guide|http://www.reedcorner.net/guides/macvirus>.

    are these normal process names?


    I don't know about some of those, but in Activity Monitor, select the questionable process and click Inspect, then choose the Open Files and Ports tab. The second item on the list should be the executable file... see where that is and whether that gives you any additional information.
  • Terry Mahoney Level 1 Level 1 (35 points)

    @William Boyd: Here's what man apsd says ...

     

    APSD(8)                   BSD System Manager's Manual                  APSD(8)

     

     

    NAME

         apsd -- Apple Push Notification service daemon

     

     

    SYNOPSIS

         apsd

     

     

    DESCRIPTION

         apsd ApplePushService daemon for Apple Push Notification service.  This

         is part of the ApplePushService framework.

     

     

         There are no configuration options to apsd.  Users should not run apsd

         manually.

  • macfrombrampton Level 1 Level 1 (0 points)

    The APSD sends encrypted traffic to 17.x.x.x network which is Apple. Alot of people think it is Facetime but I never used facetime and noticed the outgoing encrypted traffic.

  • thomas_r. Level 7 Level 7 (30,540 points)

    A lot of people are wrong. The apsd process is a general-purpose process for managing push notifications. The apsd-ft process is for FaceTime. (Note that all the above posts duplicated a typo in the original post, consisting of a space inserted in the name.)

     

    Also, this topic originated in 2011... I don't think that tish! is still looking for answers to this question after more than 3 years.

  • Kevalya Level 1 Level 1 (0 points)

    Thanks for your answer Thomas.

     

    You are probably right about tish! no longer looking for answers to this question, but others of us are still searching on this topic.

  • JGFMK Level 1 Level 1 (0 points)

    Screen shot 2015-02-18 at 21.53.05.png

    Well I'm particularly suspicious of pboard too.

    If I inspect the process and look at open files and ports, it has some hex numbers, which I'm guessing translate into IP addresses.

    03 dot 161 dot 195 dot 236

    03 dot 161 dot 142 dot 160

    G eneral E lectric C ompany.

    Is it sending everything I cut and paste off to some remote host?

    It runs out of /usr/sbin with a creation date of Fri 15 July 2011 and size 55088 bytes.

  • Kurt Lang Level 8 Level 8 (35,670 points)

    Ignore pboard. It's part of OS X.

     

    The more time you spend trying to find a problem that doesn't exist increases the likelihood you will delete critical system files, allowing you the learning experience of reinstalling the OS.

  • thomas_r. Level 7 Level 7 (30,540 points)

    JGFMK wrote:

     

    Well I'm particularly suspicious of pboard too.

     

    Why? As Kurt points out, it's a normal part of Mac OS X.

     

    What is the problem you're attempting to solve?

  • JGFMK Level 1 Level 1 (0 points)

    I believe I have malware on my Snow Leopard too. I subscribe to various tech forums and I go back a few days later and things like password no longer work. Also I occasionally get total system lock ups. Why is what I copy/paste to clipboard being communicated to a third-party - G eneral E lectric C ompany? That smacks of spyware.

  • JGFMK Level 1 Level 1 (0 points)

    Furthermore if things like rootkits manage to make their way into your system things like processes actually get filtered out because the commands that feedback process activity have been modified to not show surreptitious processes. That and the fact Apple stopped supporting updates to Snow Leopard makes it a less secure OS probably than W indows 8.

  • thomas_r. Level 7 Level 7 (30,540 points)

    JGFMK wrote:

     

    I believe I have malware on my Snow Leopard too.

     

    Then you need to start your own topic and describe, in detail, the exact symptoms you are seeing that lead you to believe that. Omit any of your assumptions about what might be causing that behavior, as that will only cloud the issue and possibly lead the topic astray into discussions that are not directly relevant to your problem. Especially since I believe your assumptions are probably wrong.

     

    With regard to everything you copy being transmitted to GE, you will need to explain in detail what you have seen that makes you believe this is happening. This seems almost ridiculously unlikely, and without the specific evidence to back up this claim, such a statement is more likely to get you ignored than solve your problem.

     

    Finally, be aware that there is currently no known malware capable of infecting Snow Leopard. Apple has maintained the XProtect (anti-malware) definitions in Snow Leopard with signatures for any malware capable of infecting Snow Leopard.

  • JGFMK Level 1 Level 1 (0 points)

    You did see the screenshot with open files and ports... Those hex numbers represent IP addresses to open ports right!

Previous 1 2 Next