Suspicious Process Entries Reported by top

If they come back that means they are controlled by a launchagent or a launchdaemon. Unless you get rid of that before you kill the process it will always return.

I don't know what those are. They may be part of your anti-virus software installation or some other third-party software.

I'm not sure what they are and google'ing them didn't turn up anything either. So here's what I would do.

1. From terminal, do the following:

ps ax | grep -i Behavioral

This should show you the full pathname to wherever these processes are executing. That alone might give you a clue to what got installed that is running them. If that jogs your memory and you decide you really need/want this stuff then there's probably no need to go further. Otherwise continue with "step 2" if you want to remove this stuff.

2. The pathnames from step 1 should show you what's being relaunched. If you want to get rid of this stuff find it and trash it. It may be buried inside some containing app's bundle. If so just trash the containing app(s).

3. Odds are pretty good these processes are being (re)launched from launch daemons. So look at these two places:

/Library/LaunchDaemons

~/Library/LaunchDaemons (~ is your home directory)

See if there is anything resembling those "Behavioral" names in there. If there are, trash them too.

4. Logout and back in. Now you should be able to empty the trash and those processes should no longer be executing. If any of this stuff jogged your memory of what youoriginally installed to get it you might want to trash that remaining stuff too.

[It appears two other posts appeared while I was constructing mine. Oh well.]

Just how many anti-virus programs are you running? If you are super-paranoid, how did this "key logger" get onto your system? There are no viruses for the Mac. Unless you regularly give physical access of your computer to people with the desire, motivation, and ability to install malicious software, you never had any key logger.

If you want to run them, that's your business. That is 2 more than I run 🙂

If may have been just something in your e-mail. People can be fooled into thinking the virus scanners are doing something because they find such things as keyloggers in your e-mail. Of course, the keylogger only runs on Windows and it was scanning your junk mail folder.

To date, any and all Mac malware requires you to actually click the "install" button to install the malware. The malware is free to use clever tricks to get you to click install. Unfortunately, the most successful of those tricks are scary warnings that you have viruses and you need to uninstall the antivirus. The MacDefender malware is the most successful MacOS X malware ever. It owes it success entirely to paranoia, fear of malware, and people who don't understand that there aren't any MacOS X viruses.

Larry Wilson wrote:

I run Intego, have the firewall on, and run Sophos as a backup. However, MacScan2 found a keylogger (and removed it in theory); I'm being paranoid and checking everything.

I've used MacScan on and off for over a decade, since the first beta version came out. They excel at finding Keyloggers, but as far as I know all of the ones that work with Mac OS must be installed on purpose, either by you or someone who had physical access to your machine and are commercial software as opposed to malware. It's possible the one it found was for Windows.

You should know that having two or more AV applications active on your Mac at the same time usually causes issues. It's fine to use several in the manual scan mode, but running more than one in the background is not only unnecessary, but ends up monopolizing the CPU. They have also been known to detect the other's signature files and disabling detection in the process.

6/18/2011 I had a malware incident. As I am prone to do everyday I opened up the App Store app to check for updates and new apps. It showed I had a MPlayer update. I checked "update" and a widow pop up telling me to go to "http://qzy@mac.com//qzy@mac.com." I entered this url on Safari; the browser window immediately: "Warning: suspected phishing site." I tried this url on an alternate browser and was sent to what I suspected was a phony Apple site. I closed out both browsers and did update thing again with App Store, same result.

I set Virus Barrier X6 to scan the Application folder. It quickly found, "Malware 'Java/Agent.gen' detected in file 'mozswing-2.0beta2jar' "

It was sitting in the java folder of a app called "All.Com."

I had virus barrier get rid of the malware. It solved the update problem with the App Store.

I informed Apple and was given a case ID number.

There appears to have been some problem with the MPlayerX application or the developer's account. Other people have reported that. It is not malware and now appears to be fixed. Anything you enter into Safari with @ will give you that phishing warning.

All.com seems to be some peer-to-peer software you have downloaded. I don't know how legitimate it is. It is peer-to-peer music sharing, but it doesn't appear to be malware.

Yet another false alarm.

I have two iMacs side by side. MPlayer updates have never been a problem except for this last time on only one iMac and the only iMac that had All.com in the app file. I updated MPlayer on the iMac without All.com. It updated without problems.

When the update button on the "infected" iMac was used, a window superimposed itself over the App Store window telling me to go to website mentioned in my previous entry. Numerous closeout and reopening of App Store resulted in the same problem.

Virus Barrier 6 did identify a Malware. Virus Barrier got rid on the malware. Only then was I able to update MPlayer.

Apple has given me a Case ID# and I will be working with them with the screenshot logs.

Your logic does not stick on my wall. I'll continue working with the Apple Engineers only.

georgebaron007 wrote:

When the update button on the "infected" iMac was used, a window superimposed itself over the App Store window telling me to go to website mentioned in my previous entry. Numerous closeout and reopening of App Store resulted in the same problem.

Yes. I know. It looked a lot like this: http://code.google.com/p/mplayerx/issues/detail?id=319#c5

Virus Barrier 6 did identify a Malware. Virus Barrier got rid on the malware. Only then was I able to update MPlayer.

But said "malware" had nothing to do with MPlayer. It may have been interfering with the App Store maybe. It is always a good idea to stay away from peer-to-peer software. They can really blur the line between legitimate software and malware. In fact, one of the few ways to actually get any malware installed on a Mac is via peer-to-peer file sharing networks.

Apple has given me a Case ID# and I will be working with them with the screenshot logs.

Your logic does not stick on my wall. I'll continue working with the Apple Engineers only.

Al dente or not, the fact remains that the only way to get malware on a Mac is to install it yourself.