Need help squashing a bug.
Ok here is my problem. My Mac seems to want to send stuff to 4 different compaines and universities. Bellsouth, roadrunner, Mindspring, and MIT
I have attempts about every min on Ports 20000-65535.
I have blocked the ports but the mac still trys to send stuff.
Looking at Process Viewer unknown things launch before each attempt and are on only for about 1 sec, I had to use 1 sec checks to even see em.
They are named like ?,?, and other random characters, and are run by user ???. I only found this problem when I installed Norton Personal Firewall and set it to look for odd activity going out, so it's been doing this for awhile.
Thanks in advance.
I have attempts about every min on Ports 20000-65535.
I have blocked the ports but the mac still trys to send stuff.
Looking at Process Viewer unknown things launch before each attempt and are on only for about 1 sec, I had to use 1 sec checks to even see em.
They are named like ?,?, and other random characters, and are run by user ???. I only found this problem when I installed Norton Personal Firewall and set it to look for odd activity going out, so it's been doing this for awhile.
Thanks in advance.
Comments
although quite unlikely to prove helpful, you could check your crontab. maybe whatever program is doing this left traces. i would doubt that they'd use cron, but maybe its not a leet haXor, maybe its some skrip kid-e. (cron is a program to execute other programs on a schedule. usually used by system maintenance programs to activate at uncommon times.)
the fact that they are named strangely, makes me think they aren't a virus. because a hqr would try to not be obvious, so to name the offending programs things you wouldn't think about, like "Finder" or "WindowServer".
if you can spot one of the names, and write it down, you could search for it on the hard drive to see where its coming from (Terminal command:
find / -name <written down name>;
). (you may even find the other programs with it.) if the programs are inside a folder with a name like 'Norton' or 'AntiVirus' or somehing, then they are likely to be unoffensive programs, used by antiviral software. if they are in conspicuous places, like '/tmp' or '/usr/local/' then you should be concerned. because, '/tmp' is where several viruses are known to hang out for other *nix systems. and you should be aware of all programs inside '/usr/local/' (since you have to manually install to get anyting there).
...wait, you're saying that norton finds this stuff...that means its probably not finding itself (assuming norton's 'grammers knew to not show results from their own activity)...cancel one of my theories...
Norton Anit virus did not find it. I just found it by useing the Norton Firewall to log the activity. I don't think it is norton doing this cause of the ip's the info is going to. Cable internet providers, phone company, and a university.
It's acting like a form of Spyware. I thought Macs to be safe from this, however my issues have made me rethink this.
Searching for the odd proccess is a bit dificult as the names I have seen are
? *Êêófl%8
? +??ófl%8
? *Âpófl%8
?øQkl
? ,?ófl%8