Results 1 to 13 of 13
  1. #1
    Unknown Processes by user "Bigotedly"

    Member Since
    Mar 27, 2020
    Posts
    3
    Rep Power
    0
    Unknown Processes by user "Bigotedly"
    Hi,

    I have an older MAC which i use for backup and basic file management. I have recently noticed multiple processes in the activity monitor. Process names are random unintelligible ,all spawned by user name "bigotedly". Roughly about 20-30 process. I am unable to shut them down as they keep re-spawning. Online Scans by Avast and McAfee reveal nothing.

    Details of the machine are:
    20-Inch iMac, Mid 2007 running Mac OSX 10.9.5

    How screwed am i ?. Any help would be greatly appreciated.
    Thank you in advance.
    RonScreen Shot 2020-03-27 at 6.15.27 AM.png

  2. #2
    Unknown Processes by user "Bigotedly"
    Raz0rEdge's Avatar
    Member Since
    Jul 17, 2009
    Location
    MA
    Posts
    12,607
    Rep Power
    24
    Kill the "launchd" process that owned by the bigotedly account and see if that stops the other processes.

    Second, go to ~/Library/LaunchAgents and see what file are there. Then check /Library/LaunchAgents and see what files are there. These are all the applications that you want to start with system startup. If anything seems fishy or unknown, move that plist file elsewhere (to your Documents for now) and restart your machine.

    Once you identify the file that is causing this from happening, post back what the file is.
    --
    Regards
    ...Ashwin


  3. #3
    Unknown Processes by user "Bigotedly"

    Member Since
    Mar 27, 2020
    Posts
    3
    Rep Power
    0
    Hi Ashwin,
    Thank you for the prompt response.

    Followed all your instructions:
    1) tried to kill the "launchd" owned by bigtodely. Would not let me. Kept reappearing.
    2) Checked file folder "/Library/Launchagents." Found 4 plist. 2 were Google.keystone..., one was my wacom tablet plist and one was adobeCs4service manager. Removed the first three(left the adobeCs4).

    Restarted the machine.
    This time the same processes spawned but user name is different. User name this time "engarment2_ 2020-03-27 at 8.15.39 AM.png") See attached file (s).

    Restarted again
    Same thing. Same processes but another different user name. User name this time "retroactively"

    It is weird. Thank you for your assistance.
    1 at 7.46.58 AM.png

  4. #4
    Unknown Processes by user "Bigotedly"
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    7,933
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    29
    You might look for DetectX Swift, instal lit and run it to see if it discovers anything. Also, as this is an older system, have you had it from the beginning, or did you get it from someone else? It could be something a previous owner installed. Finally, either EasyFind or Find Any File could look for a name of a process that shows up. I see that the process names are consistent, so you could use EF or FAF to look for something with that name, like Scomber, or scintillously, that reappears.
    Jake

  5. #5
    Unknown Processes by user "Bigotedly"

    Member Since
    Mar 27, 2020
    Posts
    3
    Rep Power
    0
    Hi Jake,

    will try DetectX ..thanks for the suggestion. This is a machine I bought brand new so it has always been with me. I know all of the sifwtare installed on it ... i.e all is legit. I did install Kodi on it and used it a few times (alongside ProtonVPN) but other than that it has been kept fairly sanitised. I am assuming this is a malware from a bad site or an email. Was wondering if anyone else has come across this.
    Thanks

  6. #6
    Unknown Processes by user "Bigotedly"
    lclev's Avatar
    Member Since
    Jul 24, 2013
    Location
    Ohio (USA)
    Posts
    4,231
    Your Mac's Specs
    2020 13" MBPro, 2010 MacPro, 11”‘ iPad Pro, iPhone Xs Max
    Rep Power
    13
    If DetectX does not work you may be looking at a fresh install of OS X.. Rooting out something that keeps reinstalling itself can be like hunting for a needle in a haystack.

    Back up your files, pictures, known safe apps, etc first.

    Lisa
    Recommend using Onyx to clean your Mac.
    If you have been helped, please add to their reputation by clicking on the icon in the lower left hand corner of the post.

  7. #7
    Unknown Processes by user "Bigotedly"
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    13,122
    Rep Power
    20
    You might look for DetectX Swift, instal lit and run it to see if it discovers anything.

    The OP is running 10.9.5, DetectX Swift requires OS X 10.11.0 or later.

    Malwarebytes for Mac.app
    works in OS X 10.9.5
    Malwarebytes for Mac — Mac Antivirus Replacement | Malwarebytes

    It has worked for me.




    - Patrick
    ======

  8. #8
    Unknown Processes by user "Bigotedly"
    Raz0rEdge's Avatar
    Member Since
    Jul 17, 2009
    Location
    MA
    Posts
    12,607
    Rep Power
    24
    OK, you definitely have some malware on this machine, it would be good to figure out how it got there, but your first order of business should be what Lisa recommended, i.e., backup your important info and do a clean re-install of OS X immediately. Then, ultra scrutinize the things you install either from the backup or externally to ensure that you stay safe.
    --
    Regards
    ...Ashwin


  9. #9
    Unknown Processes by user "Bigotedly"
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    13,122
    Rep Power
    20
    I wonder if it would help to use Find Any File.app to scan for any sign of files containing 'Bigotedly' and if it would find anything that could be deleted???




    - Patrick
    ======

  10. #10
    Unknown Processes by user "Bigotedly"
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    7,933
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    29
    Easyfind, as suggested in post #4, will look inside the app for any reference to those kinds of things as well.
    Jake

  11. #11
    Unknown Processes by user "Bigotedly"
    Raz0rEdge's Avatar
    Member Since
    Jul 17, 2009
    Location
    MA
    Posts
    12,607
    Rep Power
    24
    The files will NOT have the name, since the username is being generated at random. While interesting to find/resolve with the existing system, it is best to re-install because you don't know if that malware is stealing your keyclicks and as such all passwords and other information.
    --
    Regards
    ...Ashwin


  12. #12
    Unknown Processes by user "Bigotedly"
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    7,933
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    29
    Ashwin, if you look at the screenshots the process names repeat for multiple users. Therefore it's worth at this point looking at the files and what is in them to see if those names are there. If not, then a re-install is in order, but before pulling that trigger, it might be nice to know where the problem came from to protect against it when restoring the user data.
    Jake

  13. #13
    Unknown Processes by user "Bigotedly"
    Randy B. Singer's Avatar
    Member Since
    Feb 01, 2011
    Location
    Sacramento, California
    Posts
    1,981
    Rep Power
    14
    It looks to me as if, at this point, you have some sort of infection that is well beyond what DetectX and/or Malwarebyes can handle.

    I recommend that you download and run this. It might take an hour or two to run, but it can not only find any and all sources of infection, it can in most cases clean them up too:

    VirusBarrier Free Edition (free)
    Intego VirusBarrier Scanner on the Mac App Store

    Please let us know how things work out.
    Randy B. Singer
    Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
    Mac OS X Routine Maintenance http://www.macattorney.com/ts.html

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Automator application to run "killall" for many processes?
    By HolySwag in forum macOS - Operating System
    Replies: 3
    Last Post: 02-08-2015, 11:22 PM
  2. iTunes problems "An unknown error occurred (-45054)."
    By theosteve in forum macOS - Apps and Games
    Replies: 3
    Last Post: 03-25-2014, 02:53 PM
  3. Flash CS4 - "An unknown error occurred while accessing/ (file name)"
    By Plowboy_K in forum macOS - Apps and Games
    Replies: 0
    Last Post: 01-16-2013, 03:27 PM
  4. "You are unable to login to the user account "warner" at this time."
    By warnerbrown in forum macOS - Operating System
    Replies: 1
    Last Post: 09-04-2008, 10:32 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •