Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Steven Zaveloff
Steven Zaveloff Author
User level: Level 1
27 points

What are cron and sendmail and how do I stop them?

I am running Mavericks on a MacPro with 16 GB of RAM and a 1 TB hybrid drive. After installing the latest OS update (10.9.3), I noticed that the computer was running a bit sluggishly. I checked the activity monitor and found that my system CPU usage was above 90%, sometimes rising as high as 98%. There was no single process with a large CPU usage percentage but there are quite a few (ten or more each) root processes that run around 20% to 30% each or so--most of them are cron or sendmail. I tried stopping some of these and it helped for a while but after a while they were running again and I was back to a 95% or so CPU load. I tried rebooting but it did not help. Any suggestions?

Posted on May 19, 2014 2:03 PM

Reply
24 replies
User profile for user: Steven Zaveloff
Steven Zaveloff Author
User level: Level 1
27 points

May 22, 2014 5:57 PM in response to MadMacs0

I am still here. I just have been too busy with work to do anything with this. Luckily I have another computer I can use. I have no idea how this got infected. I have a clone of the drive that appears to be clean. I am working on getting it up to date and eliminiating some things. I will then erase the infected drive and clone the clean drive to it.

Reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,567 points

May 22, 2014 6:14 PM in response to Steven Zaveloff

Standard erase with Disk Utility clears the Directory and puts all the data blocks on the Free list and is done in a few seconds. It may re-write the Directory area of the Volume. That effectively erases the drive, but does not over-write the data blocks. Fine for this case.


The reason you might overwrite the drive with Zeroes or a pattern is to protect any leftover sensitive data, still sitting out there in "deleted" data blocks on the drive. That is not needed in this case. No one or no program is going to go looking in the "unused" blocks for an overlooked Account number or anything else.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

May 22, 2014 6:15 PM in response to Steven Zaveloff

Steven Zaveloff wrote:


In erasing the infected drive, do I need to do anything more than a standard erase with Disk Utility?

No, a simple erase is sufficient for these purposes. No malware can survive once the directory has been eliminated, even though the code is still on the disk it is totally disabled. Secure erasing is only necessary when you need to sell or otherwise get rid of a drive in order to prevent someone from using a recovery tool to harvest the data, something only a determined spy or law enforcement agency would bother with.

Reply
User profile for user: Steven Zaveloff
Steven Zaveloff Author
User level: Level 1
27 points

May 23, 2014 2:34 PM in response to MadMacs0

I just want to thank everyone who helped especially Linc who figured out that the problem was a rootkit. I still have no idea how it got there--I have firewalls enabled in both the router and the OS and I did not click on anything suspicious. In any case, I restored from the clone and cleaned up a few things and it appears to be running fine now.


Thanks again.

Reply
User profile for user: Steven Zaveloff
Steven Zaveloff Author
User level: Level 1
27 points

May 25, 2014 10:29 AM in response to Steven Zaveloff

An aside:


Since this problem started, I have been keeping the activity monitor open to make sure I got rid of the malware. So

far the system seems to be running without problems. However, today I noticed a root process (ps) that was causing my system CPU load to rise from less than 20% to over 50%. I checked the parent process and it turned out to be Google Chrome. The load dropped back to normal as soon as I quit Chrome. What is this process doing and why should Chrome be running a root proces?

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

May 25, 2014 1:39 PM in response to Steven Zaveloff

ps is a common BSD utility process known as "process status" which returns a header line, followed by lines containing information about all of your processes that have controlling terminals. I would only be guessing as to what Google Chrome needs to know about running processes. It could possibly have something to do with it's self-update capability.


I've never used Google Drive, so I don't really know what it's about and if it has any connection to Chrome, but do know it didn't work when Mavericks first came out. Not sure whether that was fixed or not.

Reply

What are cron and sendmail and how do I stop them?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up