qemu-system-x86_64 runs 100% CPU

What happened here might look like what happened to you, and it might even be the same, but these pillagings and plunderings can and do evolve and change.

What will probably clear this? Create a bootable installer, boot that, back up externally, back up a second backup copy, wipe your disk, install macOS, migrate over only your documents and not your apps, re-download apps, change all of your passwords to all of your services, change your passwords to your mail, to your web sites, watch your credit cards; assume everything was uploaded, passwords and contacts and photos and credit card data and all.

Hey, i had the same problem until i had the simpe idea to just double klick on the file and find the path and delete it :O after that i restart my mac and the problem was gone .

You could have installed it years ago and it only started misbehaving when you upgraded to Mojave.

It is running as root. It is effectively part of your operating system. And you don't recall having ever installed it? Do you recall ever having installed anything to run Windows or Linux software on your Mac? Ever?

If you do not have a recent backup, your computer is like a ticking Time bomb. You are only one disk failure away fro losing EVERYTHING! Drives do not last forever. It is not a question of IF it will fail, only WHEN it will fail.

If you are using another direct-to-disk backup method that you prefer, and you currently have a recent backup, that is great. If not, you should consider using Built-in Time Machine. Take steps to acquire an external drive as soon as possible. If you buy one, a drive 2 to 3 times or larger than your boot drive is preferable for long term trouble-free operation. Do not pay extra for a drive that is fast. (You can get by for a while with a "found" smaller drive if necessary, but it will eventually become annoying).

Attach your external drive and use

System preferences > Time machine ...

... to turn on Time Machine. It may ask to initialize the new drive, and that is as expected.

Time Machine may spend all afternoon making your first full backup. You can continue to do your regular work while it does this. The first Full Backup is by far the biggest backup. After that, it will work quietly and automatically in the background, without interrupting your regular work, and only save the incremental changes.

Time machine's "claim to fame" is that it is the backup that gets done, because it does not ruin performance of the rest of the computer while doing its backup operations. You do not have to set aside a "Special Time" when you only do backups. When you need it, your Time machine Backup is much more likely to be there.

How to use Time Machine to Backup or Restore your Mac:

https://support.apple.com/en-us/ht201250

If you choose to connect your backup drive only from time-to-time, try to do so at least every-other day, at minimum. Otherwise, it may take several hours of computation just to decide what needs to be backed up, before any files are transferred.

Etrecheck removes all personal information. He replied above. Hundreds of people have posted etrecheck information here.

You should be able to look through the report and find qemu?

R

There’s a reasonable chance that sensitive data, credit card data, contact information, and pretty much anything that can be sold, spammed or scammed has also been uploaded to the folks that provided the ”free (cracked) app.

More than a few folks have paid dearly for “free” (bootleg) software.

So too have some of their friends and family, who then got scammed by spoofed mail messages.

There’s also a good chance a backdoor can be left. If a backdoor wasn’t left, then somebody will probably eventually decide to add one in some future cracked app.

In my case, it was not necessary to do a clean install. But it's a little bit depending of what files has been installed.

Maybe you can check with a Pacifist (software that makes it possible to check/open a PKG file) if everything has been deleted.

Hi there,

I noticed my Macbook Pro is not running the way it used and found my way to Activity Monitor to see:

- qemu-system-x86_64 running over 100% CPU

- tools-service running over 100%

I have tried to Force Quit both, but qemu keeps coming back.

Is there no way to trace and remove these processes, without having to erase and start all over again? I tried to see if the "Open Files and Ports" tab in Activity Monitor would show some info, but it is not there.

My Macbook has been in use for quite a few years now and has a lot that needs to be backed if I proceed this way...trying to find an alternative option before doing this. I also installed many music VST/AU plugins recently, as I transitioned to FL Studio which was released for macOS. Prior to this, I was using Bootcamp for music production.

Majority of plugins are free too, available online and commonly used. Although some did require security permission to allow me to use the app, as perhaps they were from an unknown developer. I used a tutorial online which shows how to: How to Allow Apps from Anywhere.

I guess there is a risk. But there must be a way to completely quit this processes and remove it, if it is not essential for running macOS.

I will try to review the installed programs list to see if it is somewhere there too.

M.

For what it's worth, I've finally solved the issue without having to do anything crazy. Give it a shot, it might work. Keep in mind I'm not a professional or anything, I just ran through the logical stuff.

STEPS:

1. Launch Activity Monitor and locate "qemu-system-x86_64"

2. Double click on it and on the bottom left of Activity Monitor click "Sample"

3. Once the sample has been taken, you should see lots of random digits which might intimidate you, but one of the subheadings in the sample should be called "Path:". Copy the path you see. My path was something like this: /usr/local/bin/qemu-system-x86_64

4. Launch Finder and simultaneously click "Shift" "Command" "G"

5. Paste the path that you copied from step 3 and click "Go"

6. This should locate a Qemu file, delete that immediately

7. For safe measure, we will now delete everything from your System which contains either the words "qemu" or "x86_64"

8. Press "Shift" "Command" "G" again and in the search box type "/system"

10. Where it says "search" on the top right of your finder, search for "qemu". For me this came up with nothing, but if you look closely that's because it's searching on "This Mac". Click the tab which allows you to search on the "System".

11. If this brings up a number of files, delete all of them. Make sure to empty your trash too.

12. Repeat steps 10 & 11 but instead of searching for "qemu" search for "x86_64"

13. Shut down your computer completely for a period of time. For me it was 10 hours, the time from when I slept to woke up the next day.

Hope this helps!

There are a lot of unrelated system things that might contain x86_64. I would try to see if you could get by without removing those names.

In general, you cannot completely remove things that are part of the running system (it would crash badly) so you can place them in the Trash, but not empty the Trash until after a Restart. When you do the Restart, those items now in the Trash will not be included in the running MacOS any more, so once it comes back up, you can empty the Trash and wave goodbye to those items forever.

Hello edgytwelvie,

Your solution worked for me and I only removed the exe file, with the file name: qemu-system-x86_64 after searching its path from the "sample" in finder.

I did not see any "qemu" related files in system, but will look out for it and any other strange behaviours.

Thank you so much!

M.

Here is my EtreCheck Report. I had downloaded some VST torrents that installed qemu-system-86x_64 and some other things (I force stopped in activity monitor.) I removed the files EtreCheck told me to do manually (EtreCheck said it was unable to do it and just highlighted the file.) It seems that it may have worked but I am unsure if it did or not. The two other things in activity monitor that were using 100+% CPU alongside qemu were called "Palaeoniscus" and "Elateridae".