Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

sysmdworker ????

flowrider

flowrider

macrumors 604
Original poster
Nov 23, 2012
7,329
3,007
I have what I consider a strange issue. Today CPU usage started climbing to over 1,500%. The offending process is something called "sysmdworker". It started after I downloaded a bogus copy of Firefox from the site, MacUpdate. The download is no longer there, so they must have removed it. I have since used AppCleaner to remove the application and reinstalled the correct version of Firefox. But the issue is still there.

Now, what's strange - If I open Activity Monitor, and leave it open, sysmdworker disappears and my CPU usage returns to normal - AS LONG AS Activity Monitor remans OPEN. As soon as I close it, BOOM, sysmdworker reappears stealing all my CPU usage.

That the heck is going on????

Lou
 
"bogus copy of Firefox" (?)
If that included some kind of malware (or downloaded something the first time you ran that Firefox), then it is less likely that removing just Firefox (even with something as "useful" as AppCleaner) will not likely have much effect on the malware (if that is contributing to the problem)
I would give Malwarebytes a quick run, followed by EtreCheck. Check if either of those report any strange issues.

Looks like a very recent reference to the same "sysmdworker" here - https://www.generation-nt.com/reponses/sysmdworker-entraide-4275721.html
Some you may figure out, or use your favorite french translator - maybe there will be some information that will answer your question.
And, then there's simply that it is part of the mdworker services, part of Spotlight database. You may simply want to reset spotlight, which will remove the present spotlight database and rebuild with a new one. (the sysmdworker may be triggered because of some corruption in spotlight database. resetting that service will replace the existing database with a fresh one.)
 
  • Like
Reactions: crjackson2134 and h9826790
flowrider said:
I have what I consider a strange issue. Today CPU usage started climbing to over 1,500%. The offending process is something called "sysmdworker". It started after I downloaded a bogus copy of Firefox from the site, MacUpdate. The download is no longer there, so they must have removed it. I have since used AppCleaner to remove the application and reinstalled the correct version of Firefox. But the issue is still there.

Now, what's strange - If I open Activity Monitor, and leave it open, sysmdworker disappears and my CPU usage returns to normal - AS LONG AS Activity Monitor remans OPEN. As soon as I close it, BOOM, sysmdworker reappears stealing all my CPU usage.

That the heck is going on????

Lou
Click to expand...

Hi !

(I'm the french who initiate the subject suggested up.)
You've been infected with a bitcoin miner.
It has been installed in your user Library folder. It's the folder named "mdworker". Trash it.
Remove also, in the folder "you"/Library/LaunchAgents" the two plist with 'MacOS' in the name (MacOS.plist,
MacOSupdate.plist)... that launch it.

Then restart.

FF is not the only soft infected. Personnaly I've been infected with a fake Onyx from MacUpdate !
 
DeltaMac said:
"bogus copy of Firefox" (?)
Click to expand...

Yes, I informed MacUpdate of this, and I got this eMail from MacUpdate this morning:

Thanks for reaching out to us.

We're sorry that this happened. A user created an account with a Mozilla.org email address and sent in the app for review as it appeared to be a new version. They did a really good job and we're able to trick us as it looked like someone who worked for Mozilla was submitting the update. Its sad that people do this. We hand update every listing and due to the community that we have, another user wrote in and told us about this and we back dated the listing and put the old version back up. I understand if we lost your trust, but I thought at least an explanation was needed. We always have wanted to build an app experience that we ourselves want to use, which is why we have been doing this for over 20 years. We simply love apps.

Also, could you tell me what you see that is malware? We haven't had other users write in saying that malware was installed onto their machine. A screenshot would be most helpful for us.

Have a good weekend and if you have any other questions, please let me know as I would be happy to answer them for you.

Cheers,

Joel
Content Editor/Support | MacUpdate
Click to expand...

Lou
 
Last edited:
francinou, I tried locating the files you suggested. The system would not allow me to trash most of them. I started up from another disk, and tried to trash them. The only ones I could trash were 2 plists. When I restarted, from my original startup disk new problems ensued. I reinstalled the OS (10.13.3) and I'm back up, by of course the issue is still there. I'm running with Activity Monitor on, but what a PITA.

Lou
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back