Hidden, unauthorized, potentially malacious process

Discussion in 'Mac Apps and Mac App Store' started by ShyGuy, Jun 15, 2011.

  1. ShyGuy, Jun 15, 2011
    Last edited by a moderator: Dec 25, 2011

    ShyGuy macrumors newbie

    Joined:
    Sep 6, 2008
    #1
    I installed Farsuite on my computer years ago, and deleted it shortly thereafter because I did't use it. Or so I thought.

    Today, while looking at my list of processes in Activity Monitor, I noticed that a process called "FarSuiteDaemon" was popping up at the top of the CPU usage listing (at about 50%) every 30 seconds or so and disappearing after 2-3 seconds.

    A quick search revealed that there is no known file containing the words "FarSuite" anywhere on my computer. Any help with this? I am a bit worried, since Farsuite is a remote desktop program.

    Thanks in advance,

    Here's a photo:

    [​IMG]
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Apparently, you didn't delete everything. The only effective method for complete app removal is manual deletion:
     
  3. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #3
    The fact that FarSuiteDaemon has a parent process of launchd (1) suggests that it's executing from a plist file located in one of the following directories:
    Code:
    /Library/LaunchDaemons
    /Library/LaunchAgents
    
    It's conceivable it might be located in one of these directories:
    Code:
    /System/Library/LaunchDaemons
    /System/Library/LaunchAgents
    
    You can search a directory for "FarSuite" like this in Terminal.app:
    Code:
    grep /Library/LaunchDaemons/*.plist "FarSuite"
    Copy and paste the above command-line. Do not try typing it in manually.

    If any plist files have "FarSuite" in them, then that info will be output. Otherwise you won't see anything.

    If you get any output, or get an error message, copy and paste the output or error message into a reply post.

    Repeat the command for each directory:
    Code:
    grep /Library/LaunchAgents/*.plist "FarSuite"
    
    grep /System/Library/Launch[AD]*s/*.plist "FarSuite"
    
    The second line is a form that searches both LaunchAgents and LaunchDaemons using a single command-line.


    If you've used the 'sudo' command before, you can also try this command-line:
    Code:
    sudo launchctl list | grep "FarSuite"
    
    If you've never used sudo, or never used the command-line, skip that one for now, and just post the output of the first grep commands.
     
  4. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #4
    I know this is a 6 mouth old thread, but for future reference; Spotlight does not search every file on the hard disk. It skips many system and hidden files.
     

Share This Page