Possible Mac Spyware found?

Discussion in 'General Mac Discussion' started by nate, Mar 9, 2005.

  1. nate macrumors member

    Joined:
    Jun 28, 2003
    Location:
    Calgary, Alberta, Canada
    #1
    For about four days, my Powerbook started to act slower than usual -- a lot slower. At first, I wondered if it was related to the recent apple update, so I ran the disk thingy and fixed the permissions. But, no improvement showed.

    And, about an hour ago, my computer went so slow that it started to freeze up and then it crashed -- the OS X screen of doom came up. (A rare site!) So, I pressed the power button and restarted the computer, and everything worked. All of my files were there and intact, ready for me to continue working.

    I love OS X for its abilities to recover after a crash. I’m an editor for a local publication, so I’m busy editing content (text) and working on the design layout; I have deadlines, so losing everything due to a crash wouldn’t be good for business.

    I have a friend that uses Windows XP, and his computer crashed last night. But for him it wasn’t an easy fix. He ended up trouble shooting his computer last night, as well as this morning and afternoon. In the end, he ended up reformatting his entire computer, and I believe he’s still in the process of installing his software. His most recent files, of course, are all gone.

    I’ve had my Powerbook for a year, and I’ve had few problems. The problems that I’ve had were easy to fix and I’ve never had to re-install my OS X. Meanwhile, I have windows friends that spend a lot of time repairing and maintaining their computers. Every few months it seems my Windows friends are re-installing their Microsoft OS.

    Anyway, back to how I repaired my slow Powerbook…

    I tried reducing the amount of applications I had open, but it didn't work. So I opened up activity monitor and watched my CPU -- it was running like mad. Under the processes, I had has several smbd processes going on that were taking up more than half of my CPU power.

    From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.

    I use Firefox, so I figured it was possible that some sort of spyware could be configured for FF and work on the OS X. So, I clicked on pref. and cleared all of the cache and cookies.

    Now, my Powerbook works as fast as it normally does, and I have all of my applications open, like normal.

    I don’t know if I had spyware, but it sure seems so. When I used to have a Windows machine, spyware would always slow everything down to a crawl. Plus, clearing out the cache and cookies seemed to fix the problem, which also makes me wonder about, too.


    --nate
     
  2. AliensAreFuzzy macrumors 68000

    AliensAreFuzzy

    Joined:
    May 30, 2004
    Location:
    Madison, WI
    #2
    I'm not sure on this one, but it may have been that your cache had filled, and everything slowed down because it had to clear the cache and then refill it with the new stuff. I'm not sure on the inner workings of firefox, but it's just a theory
     
  3. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #3
    Could be Firefox has a memory leak, wouldn't be the first time.
     
  4. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    smbd? This is the Samba daemon. Samba is the UNIX implementaion of SMB file sharing (mainly). SMB file sharing is how Windows boxes share files (mainly). Turn off "Windows Sharing" and the Samba daemon goes away.

    Firefox doesn't have anything to do with smb file sharing.. :confused:

    I'm more inclined to say that the cache clearing and the speed increase was coincidental. Possible someone else was downloading something from you? Or something more malicious?
     
  5. Espnetboy3 macrumors 6502

    Joined:
    Feb 1, 2003
    #5
    Windows sharing in sys pref? I dont think it would be a spyware issue with firefox, maybe it was something totally different. You need a reboot or something. Anyone know about new spyware issues?
     
  6. khammack macrumors regular

    Joined:
    Sep 28, 2004
    Location:
    Portland, OR
    #6
    I've never heard of any spyware on windows that could be removed by clearing the cache on a web browser.

    I think it's really unlikely that this was spyware. Spyware is not the only reason that a computer might slow down; I like the memory leak theory, or perhaps some other bug is present in firefox.

    -kev
     
  7. robshakir macrumors newbie

    Joined:
    Jan 21, 2005
    #7
    I'm going with the memory leak idea, Firefox and Mozilla are wonderful for it, if you leave them open for a while, they gradually start to consume a lot of your memory. The issue with smbd might have been that you were out of RAM, and smbd was having to swap in, and swap out when it wanted to do anything.

    I'd say that you don't have spyware :)

    Rob
     
  8. JzzTrump22 macrumors 65816

    Joined:
    Apr 13, 2004
    Location:
    New York
    #8
    I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.
     
  9. crap freakboy macrumors 6502a

    crap freakboy

    Joined:
    Jul 17, 2002
    Location:
    nar in Gainsborough, me duck
    #9
    I've been getting pop-ups recently as well....seems with each Safari update more problems arise.
     
  10. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #10
    The pop-ups aren't spyware. As IE's share has fallen slightly and other browsers gain marketshare, the ad coders have been working to get the pop-up blockers to stop working. Unfortunately, it seems they've succeeded in making pop-unders appear despite the blockers. Trust me though, I *have* to use IE at work and compared to the popups that gets, what Safari throws up (for me, a few a week as opposed to a few an hour with IE) Safari is still preferable.

    There was lots of discussion about it last month.
     
  11. whooleytoo macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #11
    A recent Safari release (didn't notice which one) has at least partially broken the pop-up blocker. A lot of sites which weren't getting through before are now. Just another bug brought to you by Apple..
     
  12. ziwi macrumors 65816

    ziwi

    Joined:
    Jan 6, 2004
    Location:
    Right back where I started...
    #12
    The more people tout the security and the we don't get viruses and spyware the more mac becomes a target for the Mac-hater hackers to get stuff out there for Mac consumption. I don't think it will ever get to the level of windows, but it proves all are vulnerable. Some people just like to make a point;)
     
  13. Abstract macrumors Penryn

    Abstract

    Joined:
    Dec 27, 2002
    Location:
    Location Location Location
  14. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #14
    Pop-up blockers aren't broken. The pop-up developers have found new ways to get around them. You get these on specific websites. By enabling your pop-up blocker, you have stated without equivocation that you don't want pop-ups. You are not in the target market for this advertising. By using these new block-skirting ads, the web masters of the few sites that use them are assaulting you more than they are selling product. Scream bloody murder. If you make it clear to their advertisers that you don't appreciate these assaults on your wishes, they will stop.
     
  15. jim. macrumors 6502

    Joined:
    Dec 22, 2004
    Location:
    C-ville, VA
    #15
    hmm, I thought that this was normal RAM caching? They should relinquish the RAM when asked. Developers have fancier tools than Activity Monitor and top to find actual memory leaks. Us lowly end users really don't have the tools to declare a leak. Sorry, just a little niggle I have with memory leak posts everywhere. Caching is a good thing guys, really.

    High CPU usage doesn't always mean swapping is happening. It could just mean that you are getting lots of requests. Are you on a college network? You probably had someone trying to download from you as was said before. Or smbd just decided to hang on a process. Lots of reasons for that to happen. Heck, last night my PB slowed to a crawl and was barely responding. Turns out the Dock was using up all the cpu. Not sure why, logs don't say anything. It just happens when bits are flying everywhere. How can such a complex machine only weight 6 pounds. Boggles the mind.

    Jim
     
  16. nate thread starter macrumors member

    Joined:
    Jun 28, 2003
    Location:
    Calgary, Alberta, Canada
    #16
    Well, I’ve haven’t had any problems since I cleared the cache.

    I don’t know what the CPU has to do with RAM, or why when I unplugged the net that the CPU usage dropped off about 75%.

    I know that Virex goes crazy if you have it set to monitor while you are on the net, that is why I turned it off. But in the processes, you can tell it is Virex… but this time it was smbd.

    I have Windows sharing on, so maybe it’s something related to that. Maybe someone is trying to take stuff off my computer or something?


    --nate
     
  17. nate thread starter macrumors member

    Joined:
    Jun 28, 2003
    Location:
    Calgary, Alberta, Canada
    #17
    PS

    I forgot to mention that I'm at home, and I am not networked. I have networked a few times with Windows computers to share files.

    --nate
     
  18. nate thread starter macrumors member

    Joined:
    Jun 28, 2003
    Location:
    Calgary, Alberta, Canada
    #18
    I turned windows file sharing off, as well as personal file sharing off. I'll just leave it off until I am networking with a windows computer, then turn it off afterwards.

    --nate
     
  19. 7on macrumors 601

    7on

    Joined:
    Nov 9, 2003
    Location:
    Dress Rosa
    #19
    Probably a program memory leak. I've had one with Finder and a few with SystemUI (that controls the menu extras up at the top). Trashing the prefs for the offending program will almost always fix it.

    OSX spyware would be pretty had to make - because .app files can't run from web browsers. They'd have to get you to download a .sit, .zip, or .dmg and open it and type your admin password to install it. Spyware words by installing itself in secret - and thus having this much interaction with the user would not work 90% of the time. and then the 9 % who installs it will remove it.
     
  20. primalman macrumors 6502a

    Joined:
    Jul 23, 2002
    Location:
    at the end of the hall
    #20
    ?
     
  21. aussie_geek macrumors 65816

    aussie_geek

    Joined:
    Apr 19, 2004
    Location:
    Sydney Australia
    #21
    I also noticed there are more popups than usual. I was using firefox for a while but later switched back to Safari. Firefox is cpu intensive and my PowerBook was starting to burn holes in my pants when I was just surfing.

    If I was you, I would stick with Safari. Seriously, the number of advantages when using Firefox is just not worth it.

    aussie_geek
     

Share This Page