help me ID runaway "DLmpd" process in OSX?
January 25, 2010 12:32 PM   Subscribe

help me ID runaway "DLmpd" process in OSX?

does anybody know what the process "DLmpd" is for in OSX? i am running the latest version of Snow Leopard (10.6.2) and this morning Apple rolled out a security update. I let it install and upon reboot my CPU usage spiked to 100%. there was a process called "DLmpd" causing it.

i tried killing it but it kept relaunching. after restarting again it seemed to stop hogging CPU resources, but it still sits there.

after extensive Google/Yahoo searching i found NO meaningful references to it. this leads me to believe one of the following is happening:

1. it is a very new process introduced by Apple..maybe even a virus scanner of some type and it was indexing/scanning my machine upon first run. this newness could be why i can't find it on the web.

2. it is a trojan or virus that is likewise new. this obviously scares the crap out of me.

does anybody out there have any info on this mysterious process?

thanks

k
posted by monkeybutt to Computers & Internet (7 answers total)
 
Looks like it could be associated with Autodesk [pdf]
posted by sanko at 12:51 PM on January 25, 2010


I'm at work and my Mac's at home, but lsof |grep DLmpd might give you some useful info.
posted by paulg at 12:55 PM on January 25, 2010


yes, i considered that. "DL" is their old designation for "Discreet Logic" systems products. and actually have a demo of their latest Smoke-on-OSX offering, so it is entirely possible. however i could not confirm it from the PDFs i found. i will have to ping our reseller support.
posted by monkeybutt at 12:56 PM on January 25, 2010


@paulg: good idea!

lsof |grep DLmpd returns nothing, but.... ps -ef|grep DL returns this:

0 1016 1 0 0:00.89 ?? 0:01.24 /usr/discreet/lib64/DLmpd

so SANKO was right...it is Autodesk/discreet based!
posted by monkeybutt at 1:01 PM on January 25, 2010


discreet reseller just came thru with this:

Yes this is a deamon running that smoke uses for stone and wire.

so i'm assuming it was trying perhaps to index media on my machine or something. now i'm trying to figure out how to kill it for good.

thanks to everyone for their help.
posted by monkeybutt at 1:03 PM on January 25, 2010


If there's no proper setting to disable it, a quick-and-dirty hack might be to turn off the execute bit in the Unix permissions for /usr/discreet/lib64/DLmpd. Hopefully it will just fail gracefully then, but if not it's easy to reverse. (Though since it's running as root (!) it might have the suid bit set, so you'd need to remember to turn that back on.)
posted by serathen at 2:12 PM on January 25, 2010


Well, something is launching it and respawning it. Try using lingon to figure if it's a launch at startup process.
posted by filmgeek at 2:12 PM on January 25, 2010


« Older what kind of dance/ritual is this?   |   Did I kill my LIPO battery? Newer »
This thread is closed to new comments.