Possible Mac Spyware found?

[nate]

For about four days, my Powerbook started to act slower than usual -- a lot slower. At first, I wondered if it was related to the recent apple update, so I ran the disk thingy and fixed the permissions. But, no improvement showed.

And, about an hour ago, my computer went so slow that it started to freeze up and then it crashed -- the OS X screen of doom came up. (A rare site!) So, I pressed the power button and restarted the computer, and everything worked. All of my files were there and intact, ready for me to continue working.

I love OS X for its abilities to recover after a crash. I’m an editor for a local publication, so I’m busy editing content (text) and working on the design layout; I have deadlines, so losing everything due to a crash wouldn’t be good for business.

I have a friend that uses Windows XP, and his computer crashed last night. But for him it wasn’t an easy fix. He ended up trouble shooting his computer last night, as well as this morning and afternoon. In the end, he ended up reformatting his entire computer, and I believe he’s still in the process of installing his software. His most recent files, of course, are all gone.

I’ve had my Powerbook for a year, and I’ve had few problems. The problems that I’ve had were easy to fix and I’ve never had to re-install my OS X. Meanwhile, I have windows friends that spend a lot of time repairing and maintaining their computers. Every few months it seems my Windows friends are re-installing their Microsoft OS.

Anyway, back to how I repaired my slow Powerbook…

I tried reducing the amount of applications I had open, but it didn't work. So I opened up activity monitor and watched my CPU -- it was running like mad. Under the processes, I had has several smbd processes going on that were taking up more than half of my CPU power.

From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.

I use Firefox, so I figured it was possible that some sort of spyware could be configured for FF and work on the OS X. So, I clicked on pref. and cleared all of the cache and cookies.

Now, my Powerbook works as fast as it normally does, and I have all of my applications open, like normal.

I don’t know if I had spyware, but it sure seems so. When I used to have a Windows machine, spyware would always slow everything down to a crawl. Plus, clearing out the cache and cookies seemed to fix the problem, which also makes me wonder about, too.


--nate

 

[AliensAreFuzzy]

I tried reducing the amount of applications I had open, but it didn't work. So I opened up activity monitor and watched my CPU -- it was running like mad. Under the processes, I had has several smbd processes going on that were taking up more than half of my CPU power.

From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.

I use Firefox, so I figured it was possible that some sort of spyware could be configured for FF and work on the OS X. So, I clicked on pref. and cleared all of the cache and cookies.

Now, my Powerbook works as fast as it normally does, and I have all of my applications open, like normal.

I don’t know if I had spyware, but it sure seems so. When I used to have a Windows machine, spyware would always slow everything down to a crawl. Plus, clearing out the cache and cookies seemed to fix the problem, which also makes me wonder about, too.


--nate

I'm not sure on this one, but it may have been that your cache had filled, and everything slowed down because it had to clear the cache and then refill it with the new stuff. I'm not sure on the inner workings of firefox, but it's just a theory

 

[Sun Baked]

Could be Firefox has a memory leak, wouldn't be the first time.

 

[yellow]

From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.

smbd? This is the Samba daemon. Samba is the UNIX implementaion of SMB file sharing (mainly). SMB file sharing is how Windows boxes share files (mainly). Turn off "Windows Sharing" and the Samba daemon goes away.

Firefox doesn't have anything to do with smb file sharing..

I'm more inclined to say that the cache clearing and the speed increase was coincidental. Possible someone else was downloading something from you? Or something more malicious?

 

[Espnetboy3]

Windows sharing in sys pref? I dont think it would be a spyware issue with firefox, maybe it was something totally different. You need a reboot or something. Anyone know about new spyware issues?

 

[khammack]

I've never heard of any spyware on windows that could be removed by clearing the cache on a web browser.

I think it's really unlikely that this was spyware. Spyware is not the only reason that a computer might slow down; I like the memory leak theory, or perhaps some other bug is present in firefox.

-kev

 

[robshakir]

I'm going with the memory leak idea, Firefox and Mozilla are wonderful for it, if you leave them open for a while, they gradually start to consume a lot of your memory. The issue with smbd might have been that you were out of RAM, and smbd was having to swap in, and swap out when it wanted to do anything.

I'd say that you don't have spyware

Rob

 

[JzzTrump22]

I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.

 

[crap freakboy]

I've been getting pop-ups recently as well....seems with each Safari update more problems arise.

 

[Applespider]

I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.

The pop-ups aren't spyware. As IE's share has fallen slightly and other browsers gain marketshare, the ad coders have been working to get the pop-up blockers to stop working. Unfortunately, it seems they've succeeded in making pop-unders appear despite the blockers. Trust me though, I *have* to use IE at work and compared to the popups that gets, what Safari throws up (for me, a few a week as opposed to a few an hour with IE) Safari is still preferable.

There was lots of discussion about it last month.

 

[whooleytoo]

I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.

A recent Safari release (didn't notice which one) has at least partially broken the pop-up blocker. A lot of sites which weren't getting through before are now. Just another bug brought to you by Apple..

 

[ziwi]

The more people tout the security and the we don't get viruses and spyware the more mac becomes a target for the Mac-hater hackers to get stuff out there for Mac consumption. I don't think it will ever get to the level of windows, but it proves all are vulnerable. Some people just like to make a point

 

[Abstract]

Oh great. Lucky I didn't upgrade to 10.3.9

 

[MisterMe]

A recent Safari release (didn't notice which one) has at least partially broken the pop-up blocker. A lot of sites which weren't getting through before are now. Just another bug brought to you by Apple..

Pop-up blockers aren't broken. The pop-up developers have found new ways to get around them. You get these on specific websites. By enabling your pop-up blocker, you have stated without equivocation that you don't want pop-ups. You are not in the target market for this advertising. By using these new block-skirting ads, the web masters of the few sites that use them are assaulting you more than they are selling product. Scream bloody murder. If you make it clear to their advertisers that you don't appreciate these assaults on your wishes, they will stop.

 

[jim.]

I'm going with the memory leak idea, Firefox and Mozilla are wonderful for it, if you leave them open for a while, they gradually start to consume a lot of your memory. The issue with smbd might have been that you were out of RAM, and smbd was having to swap in, and swap out when it wanted to do anything.

I'd say that you don't have spyware

Rob

hmm, I thought that this was normal RAM caching? They should relinquish the RAM when asked. Developers have fancier tools than Activity Monitor and top to find actual memory leaks. Us lowly end users really don't have the tools to declare a leak. Sorry, just a little niggle I have with memory leak posts everywhere. Caching is a good thing guys, really.

High CPU usage doesn't always mean swapping is happening. It could just mean that you are getting lots of requests. Are you on a college network? You probably had someone trying to download from you as was said before. Or smbd just decided to hang on a process. Lots of reasons for that to happen. Heck, last night my PB slowed to a crawl and was barely responding. Turns out the Dock was using up all the cpu. Not sure why, logs don't say anything. It just happens when bits are flying everywhere. How can such a complex machine only weight 6 pounds. Boggles the mind.

Jim

 

[nate]

Well, I’ve haven’t had any problems since I cleared the cache.

I don’t know what the CPU has to do with RAM, or why when I unplugged the net that the CPU usage dropped off about 75%.

I know that Virex goes crazy if you have it set to monitor while you are on the net, that is why I turned it off. But in the processes, you can tell it is Virex… but this time it was smbd.

I have Windows sharing on, so maybe it’s something related to that. Maybe someone is trying to take stuff off my computer or something?


--nate

 

[nate]

PS

I forgot to mention that I'm at home, and I am not networked. I have networked a few times with Windows computers to share files.

--nate

 

[nate]

I turned windows file sharing off, as well as personal file sharing off. I'll just leave it off until I am networking with a windows computer, then turn it off afterwards.

--nate

 

[7on]

Probably a program memory leak. I've had one with Finder and a few with SystemUI (that controls the menu extras up at the top). Trashing the prefs for the offending program will almost always fix it.

OSX spyware would be pretty had to make - because .app files can't run from web browsers. They'd have to get you to download a .sit, .zip, or .dmg and open it and type your admin password to install it. Spyware words by installing itself in secret - and thus having this much interaction with the user would not work 90% of the time. and then the 9 % who installs it will remove it.

 

[primalman]

Oh great. Lucky I didn't upgrade to 10.3.9

?

 

[aussie_geek]

I also noticed there are more popups than usual. I was using firefox for a while but later switched back to Safari. Firefox is cpu intensive and my PowerBook was starting to burn holes in my pants when I was just surfing.

If I was you, I would stick with Safari. Seriously, the number of advantages when using Firefox is just not worth it.

aussie_geek