Possible Mac Spyware found?

nate

macrumors member
Original poster
Jun 28, 2003
61
0
Calgary, Alberta, Canada
For about four days, my Powerbook started to act slower than usual -- a lot slower. At first, I wondered if it was related to the recent apple update, so I ran the disk thingy and fixed the permissions. But, no improvement showed.

And, about an hour ago, my computer went so slow that it started to freeze up and then it crashed -- the OS X screen of doom came up. (A rare site!) So, I pressed the power button and restarted the computer, and everything worked. All of my files were there and intact, ready for me to continue working.

I love OS X for its abilities to recover after a crash. I’m an editor for a local publication, so I’m busy editing content (text) and working on the design layout; I have deadlines, so losing everything due to a crash wouldn’t be good for business.

I have a friend that uses Windows XP, and his computer crashed last night. But for him it wasn’t an easy fix. He ended up trouble shooting his computer last night, as well as this morning and afternoon. In the end, he ended up reformatting his entire computer, and I believe he’s still in the process of installing his software. His most recent files, of course, are all gone.

I’ve had my Powerbook for a year, and I’ve had few problems. The problems that I’ve had were easy to fix and I’ve never had to re-install my OS X. Meanwhile, I have windows friends that spend a lot of time repairing and maintaining their computers. Every few months it seems my Windows friends are re-installing their Microsoft OS.

Anyway, back to how I repaired my slow Powerbook…

I tried reducing the amount of applications I had open, but it didn't work. So I opened up activity monitor and watched my CPU -- it was running like mad. Under the processes, I had has several smbd processes going on that were taking up more than half of my CPU power.

From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.

I use Firefox, so I figured it was possible that some sort of spyware could be configured for FF and work on the OS X. So, I clicked on pref. and cleared all of the cache and cookies.

Now, my Powerbook works as fast as it normally does, and I have all of my applications open, like normal.

I don’t know if I had spyware, but it sure seems so. When I used to have a Windows machine, spyware would always slow everything down to a crawl. Plus, clearing out the cache and cookies seemed to fix the problem, which also makes me wonder about, too.


--nate
 

AliensAreFuzzy

macrumors 68000
May 30, 2004
1,561
0
Madison, WI
nate said:
I tried reducing the amount of applications I had open, but it didn't work. So I opened up activity monitor and watched my CPU -- it was running like mad. Under the processes, I had has several smbd processes going on that were taking up more than half of my CPU power.

From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.

I use Firefox, so I figured it was possible that some sort of spyware could be configured for FF and work on the OS X. So, I clicked on pref. and cleared all of the cache and cookies.

Now, my Powerbook works as fast as it normally does, and I have all of my applications open, like normal.

I don’t know if I had spyware, but it sure seems so. When I used to have a Windows machine, spyware would always slow everything down to a crawl. Plus, clearing out the cache and cookies seemed to fix the problem, which also makes me wonder about, too.


--nate
I'm not sure on this one, but it may have been that your cache had filled, and everything slowed down because it had to clear the cache and then refill it with the new stuff. I'm not sure on the inner workings of firefox, but it's just a theory
 

yellow

Moderator emeritus
Oct 21, 2003
16,033
1
Portland, OR
nate said:
From experimenting in the past, I found out that smbd stuff has to do with the Internet and transmitting packets of information back and forth. Well, there must have been a lot of packets for it to be using that much CPU power, and I wasn’t downloading anything off the net.
smbd? This is the Samba daemon. Samba is the UNIX implementaion of SMB file sharing (mainly). SMB file sharing is how Windows boxes share files (mainly). Turn off "Windows Sharing" and the Samba daemon goes away.

Firefox doesn't have anything to do with smb file sharing.. :confused:

I'm more inclined to say that the cache clearing and the speed increase was coincidental. Possible someone else was downloading something from you? Or something more malicious?
 

Espnetboy3

macrumors 6502
Feb 1, 2003
463
0
Windows sharing in sys pref? I dont think it would be a spyware issue with firefox, maybe it was something totally different. You need a reboot or something. Anyone know about new spyware issues?
 

khammack

macrumors regular
Sep 28, 2004
166
0
Portland, OR
I've never heard of any spyware on windows that could be removed by clearing the cache on a web browser.

I think it's really unlikely that this was spyware. Spyware is not the only reason that a computer might slow down; I like the memory leak theory, or perhaps some other bug is present in firefox.

-kev
 

robshakir

macrumors newbie
Jan 21, 2005
25
0
I'm going with the memory leak idea, Firefox and Mozilla are wonderful for it, if you leave them open for a while, they gradually start to consume a lot of your memory. The issue with smbd might have been that you were out of RAM, and smbd was having to swap in, and swap out when it wanted to do anything.

I'd say that you don't have spyware :)

Rob
 

JzzTrump22

macrumors 65816
Apr 13, 2004
1,229
0
New York
I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.
 

Applespider

macrumors G4
JzzTrump22 said:
I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.
The pop-ups aren't spyware. As IE's share has fallen slightly and other browsers gain marketshare, the ad coders have been working to get the pop-up blockers to stop working. Unfortunately, it seems they've succeeded in making pop-unders appear despite the blockers. Trust me though, I *have* to use IE at work and compared to the popups that gets, what Safari throws up (for me, a few a week as opposed to a few an hour with IE) Safari is still preferable.

There was lots of discussion about it last month.
 

whooleytoo

macrumors 604
Aug 2, 2002
6,568
638
Cork, Ireland.
JzzTrump22 said:
I honestly think there might be something going around, because i actually got a few pop ups within the past few days while on the internet with Safari. and no i wasn't looking at porn.
A recent Safari release (didn't notice which one) has at least partially broken the pop-up blocker. A lot of sites which weren't getting through before are now. Just another bug brought to you by Apple..
 

ziwi

macrumors 65816
Jan 6, 2004
1,087
0
Right back where I started...
The more people tout the security and the we don't get viruses and spyware the more mac becomes a target for the Mac-hater hackers to get stuff out there for Mac consumption. I don't think it will ever get to the level of windows, but it proves all are vulnerable. Some people just like to make a point;)
 

MisterMe

macrumors G4
Jul 17, 2002
10,650
29
USA
whooleytoo said:
A recent Safari release (didn't notice which one) has at least partially broken the pop-up blocker. A lot of sites which weren't getting through before are now. Just another bug brought to you by Apple..
Pop-up blockers aren't broken. The pop-up developers have found new ways to get around them. You get these on specific websites. By enabling your pop-up blocker, you have stated without equivocation that you don't want pop-ups. You are not in the target market for this advertising. By using these new block-skirting ads, the web masters of the few sites that use them are assaulting you more than they are selling product. Scream bloody murder. If you make it clear to their advertisers that you don't appreciate these assaults on your wishes, they will stop.
 

jim.

macrumors 6502
Dec 22, 2004
308
0
C-ville, VA
robshakir said:
I'm going with the memory leak idea, Firefox and Mozilla are wonderful for it, if you leave them open for a while, they gradually start to consume a lot of your memory. The issue with smbd might have been that you were out of RAM, and smbd was having to swap in, and swap out when it wanted to do anything.

I'd say that you don't have spyware :)

Rob
hmm, I thought that this was normal RAM caching? They should relinquish the RAM when asked. Developers have fancier tools than Activity Monitor and top to find actual memory leaks. Us lowly end users really don't have the tools to declare a leak. Sorry, just a little niggle I have with memory leak posts everywhere. Caching is a good thing guys, really.

High CPU usage doesn't always mean swapping is happening. It could just mean that you are getting lots of requests. Are you on a college network? You probably had someone trying to download from you as was said before. Or smbd just decided to hang on a process. Lots of reasons for that to happen. Heck, last night my PB slowed to a crawl and was barely responding. Turns out the Dock was using up all the cpu. Not sure why, logs don't say anything. It just happens when bits are flying everywhere. How can such a complex machine only weight 6 pounds. Boggles the mind.

Jim
 

nate

macrumors member
Original poster
Jun 28, 2003
61
0
Calgary, Alberta, Canada
Well, I’ve haven’t had any problems since I cleared the cache.

I don’t know what the CPU has to do with RAM, or why when I unplugged the net that the CPU usage dropped off about 75%.

I know that Virex goes crazy if you have it set to monitor while you are on the net, that is why I turned it off. But in the processes, you can tell it is Virex… but this time it was smbd.

I have Windows sharing on, so maybe it’s something related to that. Maybe someone is trying to take stuff off my computer or something?


--nate
 

nate

macrumors member
Original poster
Jun 28, 2003
61
0
Calgary, Alberta, Canada
I turned windows file sharing off, as well as personal file sharing off. I'll just leave it off until I am networking with a windows computer, then turn it off afterwards.

--nate
 

7on

macrumors 601
Nov 9, 2003
4,940
0
Dress Rosa
Probably a program memory leak. I've had one with Finder and a few with SystemUI (that controls the menu extras up at the top). Trashing the prefs for the offending program will almost always fix it.

OSX spyware would be pretty had to make - because .app files can't run from web browsers. They'd have to get you to download a .sit, .zip, or .dmg and open it and type your admin password to install it. Spyware words by installing itself in secret - and thus having this much interaction with the user would not work 90% of the time. and then the 9 % who installs it will remove it.
 

aussie_geek

macrumors 65816
Apr 19, 2004
1,092
0
Sydney Australia
I also noticed there are more popups than usual. I was using firefox for a while but later switched back to Safari. Firefox is cpu intensive and my PowerBook was starting to burn holes in my pants when I was just surfing.

If I was you, I would stick with Safari. Seriously, the number of advantages when using Firefox is just not worth it.

aussie_geek
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.