_mdnsresponder Overloading Memory?? Hacked?

Has anyone experienced _mdnsresponder suddenly going nuts and using 5GB+ of Memory?

I'm trying to determine if I've been hacked. I went to a web site I normally visit and got a pop-up window requiring me to click ok to install some garbage to continue and so I shut down Safari immediately instead.

Next time I put my MBP to sleep, and then when I woke it up, _mdnsresponder was eating up more than 5GB+ of memory and slowing my entire system to a crawl. It finally finished reduced back to 5GB+ of memory at which point I restarted my machine and it went back to a normal 60mb. But I'm worried about what my machine was susceptible to when it was asleep. It wasn't slowing down at all when it was awake before I put it to sleep.

Anyone know if there are known hacks that manipulate _mdnsresponder??

Thanks!!

MacBook Pro with Retina display, OS X Yosemite (10.10.1)

Posted on Jan 31, 2015 10:29 AM

19 replies

Kurt Lang

Level 9

68,596 points

Jan 31, 2015 12:41 PM in response to jablocanas

Since you refused to allow whatever it was to install, then I rather doubt you're infected with anything.

There are root processes that OS X installs for Java, or Java wouldn't work with the OS at all. By itself, it's inert. You would have to install the runtime Java software from Oracle before any Java app could run.

thomas_r.

Level 7

32,031 points

Jan 31, 2015 1:58 PM in response to Kurt Lang

Kurt Lang wrote:

This is a component of Flashback:

com.valvesoftware.steamclean.plist

Much as I hate to disagree with you, Kurt, that's actually legit. That's a part of Valve Software's Steam gaming system. I've got that item installed on my own system. Flashback would not be capable of existing on a Yosemite system... it would have automatically been removed by an update at some point, and wouldn't have been able to install on Yosemite at all.

Kurt Lang

Level 9

68,596 points

Jan 31, 2015 2:56 PM in response to thomas_r.

Hi Thomas,

Yes, we discovered that together through our responses. I found two different sites mentioning that file and Flashback together, but it turned out on both of them to simply be users saying something in the order of, "Could it be these?". So that tossed that idea out.

I knew Yosemite should block Flashback, but then didn't quite understand why some other sites thought this file was connected to it. But anywho, things seem to be okay.

thomas_r.

Level 7

32,031 points

Feb 1, 2015 4:00 AM in response to Kurt Lang

Kurt Lang wrote:

Yes, we discovered that together through our responses.

Yup, it sounded like it, I just wanted to confirm. 🙂

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

_mdnsresponder Overloading Memory?? Hacked?