suspicious stuff on activity monitor.
are these normal process names?
- smoke
- apsd -ft
- rcd
- pboard
- mdworker
very appreciated!
Imac 3.06 GHz i3, Mac OS X (10.6.6)
Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Imac 3.06 GHz i3, Mac OS X (10.6.6)
tishowns wrote:
are these normal process names?
- smoke
- apsd -ft
- rcd
- pboard
- mdworker
so lately ive been wondering if i have someone keylogging me
are these normal process names?
@William Boyd: Here's what man apsd says ...
APSD(8) BSD System Manager's Manual APSD(8)
NAME
apsd -- Apple Push Notification service daemon
SYNOPSIS
apsd
DESCRIPTION
apsd ApplePushService daemon for Apple Push Notification service. This
is part of the ApplePushService framework.
There are no configuration options to apsd. Users should not run apsd
manually.
The APSD sends encrypted traffic to 17.x.x.x network which is Apple. Alot of people think it is Facetime but I never used facetime and noticed the outgoing encrypted traffic.
A lot of people are wrong. The apsd process is a general-purpose process for managing push notifications. The apsd-ft process is for FaceTime. (Note that all the above posts duplicated a typo in the original post, consisting of a space inserted in the name.)
Also, this topic originated in 2011... I don't think that tish! is still looking for answers to this question after more than 3 years.
Thanks for your answer Thomas.
You are probably right about tish! no longer looking for answers to this question, but others of us are still searching on this topic.
Well I'm particularly suspicious of pboard too.
If I inspect the process and look at open files and ports, it has some hex numbers, which I'm guessing translate into IP addresses.
03 dot 161 dot 195 dot 236
03 dot 161 dot 142 dot 160
G eneral E lectric C ompany.
Is it sending everything I cut and paste off to some remote host?
It runs out of /usr/sbin with a creation date of Fri 15 July 2011 and size 55088 bytes.
Ignore pboard. It's part of OS X.
The more time you spend trying to find a problem that doesn't exist increases the likelihood you will delete critical system files, allowing you the learning experience of reinstalling the OS.
JGFMK wrote:
Well I'm particularly suspicious of pboard too.
Why? As Kurt points out, it's a normal part of Mac OS X.
What is the problem you're attempting to solve?
I believe I have malware on my Snow Leopard too. I subscribe to various tech forums and I go back a few days later and things like password no longer work. Also I occasionally get total system lock ups. Why is what I copy/paste to clipboard being communicated to a third-party - G eneral E lectric C ompany? That smacks of spyware.
Furthermore if things like rootkits manage to make their way into your system things like processes actually get filtered out because the commands that feedback process activity have been modified to not show surreptitious processes. That and the fact Apple stopped supporting updates to Snow Leopard makes it a less secure OS probably than W indows 8.
JGFMK wrote:
I believe I have malware on my Snow Leopard too.
Then you need to start your own topic and describe, in detail, the exact symptoms you are seeing that lead you to believe that. Omit any of your assumptions about what might be causing that behavior, as that will only cloud the issue and possibly lead the topic astray into discussions that are not directly relevant to your problem. Especially since I believe your assumptions are probably wrong.
With regard to everything you copy being transmitted to GE, you will need to explain in detail what you have seen that makes you believe this is happening. This seems almost ridiculously unlikely, and without the specific evidence to back up this claim, such a statement is more likely to get you ignored than solve your problem.
Finally, be aware that there is currently no known malware capable of infecting Snow Leopard. Apple has maintained the XProtect (anti-malware) definitions in Snow Leopard with signatures for any malware capable of infecting Snow Leopard.
You did see the screenshot with open files and ports... Those hex numbers represent IP addresses to open ports right!
Yeah right.. Shell Shock anyone... And the fiasco with Safari in more recent OS builds - something like a goto bypassing all the security for HTTPS....
suspicious stuff on activity monitor.