Weird processes running when MBP runs hot?

Discussion in 'macOS Mojave (10.14)' started by blasto2236, May 31, 2019.

  1. blasto2236 macrumors 6502a

    Joined:
    Nov 4, 2012
    #1
    I'm noticing my MBP randomly running hot under minimal load. Occasionally I'll see two processes "Asciridia" and "Protohydra" consuming a ton of CPU, and then by the time I can load Activity Monitor, they aren't there any more. The one time I did manage to catch one running in AM and force close it, my MBP temp lowered by 40 degrees.

    I've run MalwareBytes and haven't detected anything out of the ordinary on my Mac. Google search comes up with nothing specific for these two process names. Anyone ever come across these before? Wish I could figure out what program they're tied to and banish it from my Mac.
     
  2. NoBoMac macrumors 68020

    Joined:
    Jul 1, 2014
    #2
    Some other threads on the board with similar type processes: crypto mining malware.

    Surprised MalwareBytes did not pick up on it. If so, maybe websites you are hitting and Javascript on those are causing issues. Extensions? Downloading "free" programs from sketchy sites? Torrenting, and in turn, possibly opening the computer to rogue access?

    When issue pops up, a "ps -ef" from Terminal might point out a pathname to problematic program/app.

    https://forums.macrumors.com/threads/safari-keeps-running-with-high-cpu-usage.2181824
    https://forums.macrumors.com/threads/unexplainable-activity-processes-no-help-on-google.2182333
     
  3. Honza1 macrumors 6502

    Joined:
    Nov 30, 2013
    Location:
    US
    #3
    It would really be nice to others to tell us, eventually, which Safari extension/user action has dropped this coin mining crap on your computer. For future victims...

    In the other threads authors reported being able to remove it, but kept quiet about the cause. This suggests it being something stupid so they are ashamed. But this leaves all future victims trying to figure this out this on their own. We all do stupid stuff, lets help our followers ;-)
     
  4. blasto2236 thread starter macrumors 6502a

    Joined:
    Nov 4, 2012
    #4
    Well, I still haven't been able to tell where it's coming from. I don't have any Safari extensions, all of my software is from legit sources (or at least to my knowledge!) and I'm generally good about identifying and staying away from dodgy websites.

    Having said that, I recently installed Avast and it has detected them where MalwareBytes did not. Definitely crypto mining processes. Once the scan finishes in Avast I'm hoping to be able to dig in and find out a bit more. I'll report back with what it was if I can track it down.
     
  5. blasto2236 thread starter macrumors 6502a

    Joined:
    Nov 4, 2012
    #5
    So I've been racking my brain all afternoon and still have yet to get to the bottom of this. I definitely didn't have any pirated software or dodgy programs on my computer. The only two things I could think of that came from questionable sources were the firmware updater for my Sanho HyperDrive, and Wine. I got Wine/WineBottler from some random site and I think it might not have been a legit version. I'm thinking Wine was the culprit but I still can't be entirely sure.

    Anyway, it seems like I've rid myself of it for now, so I appreciate everyone's help.
     

Share This Page

4 May 31, 2019