Q: unexplained internet usage
-
by rkaufmann87,Dec 19, 2014 10:04 AM
rkaufmann87
Dec 19, 2014 10:04 AM
in response to gizzybearfromsk
Level 9
(58,956 points)
Photos for MacThe chances of your system being infected with anything are incredibly remote unless you downloaded and installed something. You could begin by posting an EtreCheck report of your computer and we can look for obvious signs. You may get EtreCheck by clicking http://www.etresoft.com/etrecheck
-
by Linc Davis,Dec 19, 2014 11:06 AM
Linc Davis
Dec 19, 2014 11:06 AM
in response to gizzybearfromsk
Level 10
(208,037 points)
ApplicationsAny client on a network, including wireless clients you don't know about, could be consuming bandwidth. Wi-Fi networks must be protected with WPA2 security. If yours isn't, change the security setting on the access point. If it's already set that way, change the password. Make it a string of at least 8 random characters, including digits and upper- and lower-case letters. The password is saved in the keychain and you don't have to be able remember it; in fact, you shouldn't be able to remember it.
You make these changes in AirPort Utility, if the access point is an Apple device, or in a web browser otherwise.
If the network or the password was insecure, and bandwidth use returns to normal after securing it, you can be pretty sure the problem was caused by intruders.
But intrusion may not be the issue. Most often BitTorrent, iCloud, Dropbox, or some other cloud-data application is involved in cases of mysterious bandwidth use by a Mac. If you use iCloud, uncheck at least Photo Stream and Documents & Data in its preference pane and see whether there's any change. If you use third-party network backup or file-sync software, disable that. If you use a torrent client, remove it.
Otherwise, if you're running OS X 10.9 or later, you can see which processes are most active on the network.
Launch the Activity Monitor application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
Select All Processes from the View menu, if not already selected, and also select the Network tab.
Click the heading of the Sent Bytes column in the process table to sort the entries by bandwidth usage. You may have to click it twice to get the highest value at the top. What is it, and what is the process? Repeat with the Rcvd Bytes column.
-
Dec 22, 2014 7:18 AMby gizzybearfromsk,I do have WPA2 security. I changed the wifi password, no change, still using more than we should when no one is at home. There is constant download and upload activity, which is why I'm thinking something must have been installed without me knowing. I also realized that the firewall was turned off when we were installing an audio/video app for our house, and it never got turned back on, so that could have been how the system got breached. How do I find out if there is some sort of virus/malware on it?
-
by Linc Davis,Dec 22, 2014 7:48 AM
Linc Davis
Dec 22, 2014 7:48 AM
in response to gizzybearfromsk
Level 10
(208,037 points)
Applications
By doing what I suggested. The firewall state is irrelevant.
-
Dec 22, 2014 11:00 AMby thomas_r.,Open the Activity Monitor app (found in the Utilities folder in your Applications folder) and click the Network tab. This will show you data on what processes are interacting with the network and how much data each is sending and receiving. This will allow you to determine whether that usage is coming from your Mac and, if so, what processes are causing it. Be aware that there are quite a few normal processes that are part of Mac OS X that have cryptic names, so don't assume that such a thing means that there's malware on your system.
In truth, malware is possible, but extremely unlikely. You'd be wise to consider just about any other possibility first.
-
by rkaufmann87,Dec 28, 2014 8:33 PM
rkaufmann87
Dec 28, 2014 8:33 PM
in response to gizzybearfromsk
Level 9
(58,956 points)
Photos for Mac
gizzybearfromsk wrote:
I've been looking at the Activity Monitor, but honestly, I can't tell what is going on, I don't see anything out of the ordinary really, but I'm not sure that I would notice it if it was unusual, I can't decipher it.
Google is useful for finding links such as
-
Dec 29, 2014 7:39 AMby thomas_r.,If you had some process causing an unusual amount of download and upload traffic, it would jump right to the top of the list (assuming you have it sorted in descending order by send or received data, which I believe is the default).
Most likely, whatever audio/video app you said you installed is responsible, if it is for streaming that kind of data from the internet.
-
Dec 29, 2014 5:34 PMby gizzybearfromsk,the audio/video app doesn't use any external bandwidth, just runs internal devices, I've confirmed with the installer. Top 3 items in activity monitor are: kernel_task( PID 0), constantly sending and receiving data, second is safari web content and third is safari, when using real mem as the column sorter, but that doesn't tell me the bandwidth being used. I'm running OS X 10.6 so I don't have a sent and rec'd bytes column. If I organize based on messages sent and messages received, the kernel_task process still comes up in the top spot. This is just a system process that wouldn't be using bandwidth right? Here's the EtreCheck report if that helps at all:
EtreCheck version: 2.1.5 (108)
Report generated December 29, 2014 7:32:04 PM CST
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Adware] links for help removing adware.
iMac (21.5-inch, Mid 2011) (Verified)
iMac - model: iMac12,1
1 2.7 GHz Intel Core i5 CPU: 4-core
4 GB RAM
BANK 0/DIMM0
2 GB DDR3 1333 MHz ok
BANK 1/DIMM0
2 GB DDR3 1333 MHz ok
BANK 0/DIMM1
empty empty empty empty
BANK 1/DIMM1
empty empty empty empty
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless:
AMD Radeon HD 6770M - VRAM: 512 MB
iMac 1920 x 1080
Mac OS X 10.6.8 (10K549) - Uptime: 11:41:42
WDC WD1001FALS-403AA0 disk0 : (931.51 GB)
- (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 999.86 GB (802.68 GB free)
OPTIARC DVD RW AD-5690H
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Computer, Inc. IR Receiver
Apple Internal Memory Card Reader
Apple, Inc. iMac
/System/Library/Extensions
[not loaded] com.Belcarra.iokit.USBLAN_netpart (2.0.2) [Support]
[not loaded] com.Belcarra.iokit.USBLAN_usbpart (2.0.2) [Support]
[not loaded] com.RemoteControl.USBLAN.usbpart (2.0.6) [Support]
[loaded] com.rim.driver.BlackBerryUSBDriverInt (0.0.74) [Support]
[not loaded] com.rim.driver.BlackBerryUSBDriverVSP (0.0.74) [Support]
/System/Library/Extensions/Belcarra.USBLAN_netpart.kext/Contents/PlugIns
[not loaded] com.belcarra.iokit.netpart.panther (1.6.1) [Support]
/System/Library/Extensions/Belcarra.USBLAN_usbpart.kext/Contents/PlugIns
[not loaded] com.belcarra.iokit.usbpart.panther (1.6.1) [Support]
/System/Library/Extensions/RemoteControl.USBLAN_usbpart.kext/Contents/PlugIns
[not loaded] com.RemoteControl.USBLAN.panther (1.6.1) [Support]
Problem System Launch Daemons: ℹ️
[not loaded] org.samba.winbindd.plist [Support]
[loaded] com.hp.messagecenter.launcher.plist [Support]
[running] com.rim.BBAlbumArtCacher.plist [Support]
[running] com.rim.BBLaunchAgent.plist [Support]
[loaded] com.adobe.fpsaud.plist [Support]
[loaded] com.microsoft.office.licensing.helper.plist [Support]
[running] com.rim.BBDaemon.plist [Support]
[loaded] com.adobe.ARM.[...].plist [Support]
[loaded] com.google.keystone.agent.plist [Support]
GarageBand Application (/Applications/GarageBand.app)
Dropbox Application (/Applications/Dropbox.app)
BlackBerry Device Manager ApplicationHidden (/Library/Application Support/BlackBerry/BlackBerry Device Manager.app)
JavaAppletPlugin: Version: 13.9.8 - SDK 10.6 Check version
FlashPlayer-10.6: Version: 15.0.0.246 - SDK 10.6 [Support]
NPRoblox: Version: 1, 2, 8, 25 - SDK 10.9 [Support]
AdobePDFViewerNPAPI: Version: 10.1.12 [Support]
Flash Player: Version: 15.0.0.246 - SDK 10.6 Mismatch! Adobe recommends 16.0.0.235
AdobePDFViewer: Version: 10.1.12 [Support]
QuickTime Plugin: Version: 7.6.6
SharePointBrowserPlugin: Version: 14.4.7 - SDK 10.6 [Support]
Google Earth Web Plug-in: Version: 7.1 [Support]
iPhotoPhotocast: Version: 7.0 - SDK 10.7
AddThis [Installed]
iSightAudio: Version: 7.6.6
3rd Party Preference Panes: ℹ️
Flash Player [Support]
Time Machine information requires OS X 10.7 "Lion" or later.
2% WindowServer
0% Activity Monitor
0% activitymonitord
0% WebProcess
0% fontd
172 MB WebProcess
86 MB mds
77 MB WindowServer
73 MB Mail
69 MB Safari
Virtual Memory Information: ℹ️
2.26 GB Free RAM
853 MB Active RAM
363 MB Inactive RAM
809 MB Wired RAM
337 MB Page-ins
0 B Page-outs
Dec 29, 2014, 07:51:02 AM Self test - passed
-
Jan 2, 2015 2:48 AMby juliemeikle,This happened to me a while back. My internet speed dropped to a crawl and the bilkl rocketedas I was on a limited package (quite a large package so it was using loads) Looking back at bills there was a massive usage jump from one month onwards.The ISP docked the speeds.
I spent months trying to sort it out. I then saw that I had downloaded an OS update (new operating system not just a security update) but had not installed it. This seemed to be the problem (although I do not know why!). I installed the update and it has been fine ever since.
May not be your issue, but worth checking as it such a similar matter.
Good luck
