Could This Be A Virus or Spyware

Joined
Feb 4, 2010
Messages
14
Reaction score
0
Points
1
Location
Northeast PA
Your Mac's Specs
'09 27" iMac, '08 MacBook Pro, 32g iPhone 3Gs, 160g iPod Classic, 40g iPod, 16g (mod) iPod Mini
Hi. I hope this is the right forum....

I have an fairly new iMac purchased in November 09, running OS-X. It is connected to my broadband modem by cable. There is a linksys wireless router also on the modem. I also use a MBP '08 model running OS-X.

Until a couple of weeks ago, everything worked flawlessly. Internet/Wireless Router/iMac/MBP... Lately, when the iMac is running and is logged into a user, with no programs running, no safari, iTunes, mail, whatever...the modem shows activity... even when the MBP is not on. When safari is launched on the iMac the internet is very slow, if I'm able to surf at all. The MBP has a good airport connection with linksys, but the server and internet are not functioning and I can't surf with the MBP at all... Unless, I go to the iMac and log out of whatever user is logged in... then all is well with the internet with the MBP.

As I mentioned at the beginning, this is a new problem.

I fired up the activity monitor on the iMac while logged in... No unusual looking programs are listed, the network shows periodic data being sent and received, even though no programs are running.

I was pretty good at cleaning out windows systems, but I got sick of it and went ALL MAC... but now I feel pretty clueless. It is entirely possible that my kids have been to sites that share files, but I don't know where to start looking...

Oh, one more thing... we live in the country... There are no other homes or networks within range.

Any suggestions? Thoughts? Links?

Thanx!!
Mark
 
Joined
May 14, 2009
Messages
2,052
Reaction score
136
Points
63
Location
Near Whitehorse, Yukon
Your Mac's Specs
2012 MBP i7 2.7 GHz 15" Matte - 16 GB RAM - 120 GB Intel SSD - 500 GB DataDoubler Mac OS 10.9
Download the LittleSnitch demo and see what exactly is using your internet.
Since I am on a satellite connection I use it a lot to see if any application is connecting out all the time and possibly robbing me of my limited bandwidth.
When LittleSnitch is running you can control what applications are allowed to connect out and you can see where they are connecting to.
KZhbJ.Screenshot%202010-04-05%20at%205.12.25%20PM.png
 
Joined
Mar 28, 2010
Messages
23
Reaction score
0
Points
1
Your Mac's Specs
MacBook Pro 15.4" 2.4GHz i5 OS X 10.6.3
I think the issue is that you are connecting to both the modem and the router simultaneously if I understand your post correctly.

Is the Linksys a router or a wireless access point?

If the modem and router are both trying to dole out IP's and do NAT, then there is too much potential for conflict.

I would suggest that you connect the iMac cable to the router so that it is the only device handling both the iMac and MacBook. You will then only have one device handling NAT and DHCP.
 
OP
M
Joined
Feb 4, 2010
Messages
14
Reaction score
0
Points
1
Location
Northeast PA
Your Mac's Specs
'09 27" iMac, '08 MacBook Pro, 32g iPhone 3Gs, 160g iPod Classic, 40g iPod, 16g (mod) iPod Mini
Thanx, will try all three suggestions and get back to you with progress and updates.
 
OP
M
Joined
Feb 4, 2010
Messages
14
Reaction score
0
Points
1
Location
Northeast PA
Your Mac's Specs
'09 27" iMac, '08 MacBook Pro, 32g iPhone 3Gs, 160g iPod Classic, 40g iPod, 16g (mod) iPod Mini
OK ... I installed little snitch

*** is mDNSResponder? Lots of activity there with no programs running.
 
OP
M
Joined
Feb 4, 2010
Messages
14
Reaction score
0
Points
1
Location
Northeast PA
Your Mac's Specs
'09 27" iMac, '08 MacBook Pro, 32g iPhone 3Gs, 160g iPod Classic, 40g iPod, 16g (mod) iPod Mini
thanx!

Hmmmm.... I think that the problem I mentioned in the OP, may have started after I installed the software for an Epson Artisan Printer... Although I hardwired it by USB.... I wonder, the link you gave mentioned that bonjour will be used for communication with some printers.

BTW, this sucks. I mean, things were going along just peachy.

Do you think tracking down the address it's trying to connect (???) to would help...

Mark
 
Joined
Sep 9, 2009
Messages
5,473
Reaction score
201
Points
63
Location
Down Under :D
Your Mac's Specs
Back to my old 2.2GHz C2D MB after selling my MBP and wondering what my next Mac will be :)
I would actually just quit the process in activity monitor, and reboot.
Could be as simple as that.
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
And do not bother with AV software as there are no viri for Mac OS X. All it will do is slow your machine down searching for things that do not exist using definitions for Windows viri.
 
Joined
Sep 9, 2009
Messages
5,473
Reaction score
201
Points
63
Location
Down Under :D
Your Mac's Specs
Back to my old 2.2GHz C2D MB after selling my MBP and wondering what my next Mac will be :)
And do not bother with AV software as there are viri for Mac OS X. All it will do is slow your machine down searching for things that do not exist using definitions for Windows viri.

In case that confused you a little, I'm certain that Harry meant to say "no viri" for OS X :)
 
OP
M
Joined
Feb 4, 2010
Messages
14
Reaction score
0
Points
1
Location
Northeast PA
Your Mac's Specs
'09 27" iMac, '08 MacBook Pro, 32g iPhone 3Gs, 160g iPod Classic, 40g iPod, 16g (mod) iPod Mini
Yea, no viri, I get it.... which is why I went all Mac... I've had no regrets until now, unfortunately.

So, actually I was wrong about the router setup... It is a linksys wireless router which is connected to the broadband modem... both the iMac and the MBP are wireless... At one time we had the iMac connected by cable to the router.... Which I tried, no difference.

Why does the MBP have no problems, but the iMac does, and why does the MBP have problems only when the iMac is logged on???

The mDNSResponder gave an IP address... which I looked up and, I think it is the address for the SpeedStream modem!!!

hmm...

If it was the modem, then the MBP wouldn't connect....

Well, I guess a call to apple is in the future. Man this mDNSResponder is some evil %$#^ when things go wrong!

Thanx
Mark
 
Joined
Sep 9, 2009
Messages
5,473
Reaction score
201
Points
63
Location
Down Under :D
Your Mac's Specs
Back to my old 2.2GHz C2D MB after selling my MBP and wondering what my next Mac will be :)
What version of OS X are you running on with the iMac?
 
Joined
Apr 9, 2009
Messages
2,073
Reaction score
68
Points
48
Location
Ithaca NY
Your Mac's Specs
13 inch alMacBook 2GHz C2D 4G DDR3, 1.25GHz G4 eMac
Have you tried unplugging and resetting your router to factory settings? Or getting a new one that preferably isn't a linksys/cisco pile of crap? (The old linksys routers were pretty decent, til cisco bought them... now their home routers are crap - too early to tell on the Valet router though). If you do, I'd go netgear.

As for little snitch, yea it's good to know what's going on, but you're also being paranoid about something that is a natural system action (mdnsresponder). :p
 
OP
M
Joined
Feb 4, 2010
Messages
14
Reaction score
0
Points
1
Location
Northeast PA
Your Mac's Specs
'09 27" iMac, '08 MacBook Pro, 32g iPhone 3Gs, 160g iPod Classic, 40g iPod, 16g (mod) iPod Mini
Thanx all...

I think I may have figured it out.

Is it possible that if a piece of software is trying to connect to update itself, ie, arcsoft, Epson printer software and cannot connect to the site, would it keep trying? And this is the mDNSResponder problem.

I disallowed it in little snitch, but I don't know....

Which brings me to the next question. I would have known how to do this in windows, but not mac...

I wanted to get rid of this connect service, which is what I think the problem is, but it's in use, trying to freakin' connect and OS X won't let me delete it...

Is there a comparable start up folder in OS X like there is in Windows? So I can delete it there and reboot?

Mark
 
Joined
Jul 15, 2008
Messages
18
Reaction score
0
Points
1
there is a start up items in the system folder. you can delete it out of there if you don't want it starting automatically.

see my post about "virus???"

apparently though there are no mac viruses, your modem / router can get infected. are you experiencing popups?
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top