Even after I force-quit the process it will reappear and max my cpu to 100%. After quitting all applications, the process still returns every 15 minutes. Does anyone know what's causing it?
MacBook Pro, Mac OS X (10.7.2)
I have exactly the same thing happening on my Mac Pro.
Would love to know what this issue is as it's affecting machine performance.
Running 10.6.8
I am also experiencing issues with "mdsd" running 99-100% of my CPU. CPU temp reaches 94 degrees F as well.
Any advice on what this is or how to stop it would be much appreciated.
My apologies for posting in the Macbook Pro forum, but this is the only thread that contains "mdsd."
"Open files and ports" reveals:
/Users/[DELETED FOR PRIVACY]/Library/Manager
/Users/[DELETED FOR PRIVACY/Library/Manager/mdsd
/usr/lib/libssl.0.9.7.dylib
/usr/lib/libcrypto.0.9.7.dylib
/usr/lib/dyld
/private/var/db/dyld/dyld_shared_cache_i386
/dev/null
/dev/null
->0xffffff800c9226b0
*:34123
->0xffffff800d7b9640
unknown60c547061968:49616->su.mining.eligius.st:8337
unknown60c547061968:49617->su.mining.eligius.st:8337
MBA 2011 1.7 GHz/I5, 10.7.2
Upon some investigation, namely that su.mining.eligius.st address, it's become clear that this is related to a process called "bitcoin." You may have downloaded a program that has enabled bitcoin access. Bitcoins allow remote servers to use your CPU and thus heat up your drive and overwork your fans. It can more dangerously allow remote servers to access your passwords and search histories.
Again, this is just my own research, and I am by no means a techie. Just beware.
If someone else could confirm this, it would be appreciated.
Whatever "mdsd" is, it's not an Apple product. It's third-party software that you chose to install. If you don't like what it does, I suggest you uninstall it by following the developer's instructions or using the uninstallation tool provided, if there is one.
I have the exact same problem. How do I determine which program cause the "su.mining.eligius or "bitcoin access" ?
This is true. I'm trying to determine what program is responsible for the "mdsd" process. Any ideas?
This question turns out to be more interesting than I thought. You've installed a Trojan distributed with pirated software, and are on a Bitcoin-mining botnet:
This is odd. I've never downloaded (or heard) GraphicConverter, the program mentioned in the article. I ran a system scan with ClamXav and it found a trojan embedded in some email in my junk folder. The email appears to be from a bank we used to use (US Bank).
I ran Clamxav too but it didn't find any trojan and I wouldn't have a clue how I would have downloaded GraphicConverter, since I don't have any interest in anything related to photography.
As far as I know ( and I'm the only one using this Mac) I have no pirated software installed. Now, I have restored a cloned copy of my HD which I created 4-5 days ago and so far, everything seems to be fine.
Check your activity monitor to ensure that these programs are gone. If they are still there, one workaround for now is a program like "little snitch," which monitors and screens access to your computer. It will give you the option of permanently blocking mdsd or other similar files that contain the Devil Robber Trojan.
I ran a system scan with ClamXav and it found a trojan embedded in some email in my junk folder.
It seems that the database ClamXav uses was updated only last night to include the trojan you have. I don't know whether it can detect the trojan as installed, or only as downloaded.
Open your Applications folder in list view, and arrange by date with the most recent at top. What applications have you installed in the past few days?
Application list by date:
That goes back to October 7th, way before this problem started.
Have you installed any other kind of software in the last week or so?
I have serious doubts that this is related to the recent Devil Robber trojan making the rounds. A complete scan with both Sophos and ClamXav found nothing (both updated with the most recent definitions including DevilRobber). After some research, the trojan ClamXav picked up before in my junk email was a false positive.
The process responsible can be found at /Users/[name]/Library/Manager/mdsd
Removing that file has fixed the problem. Little Snitch said the file was trying to call out to su.mining.eligius.st:8337, which seems to be a BitCoin mining operation, and makes it unlikely to be a OS X core process.
I've never encountered something like this and my lingering concern is whether sensitive data was accessed. Perhaps this is another rogue mac trojan that security firms have yet to identify?
Its in User/Library/Manager. There you find the mdsd process and dump.txt.
Runaway process "mdsd".
