Process called “ItYoingm” using over 90% CPU and over 106GB memory – root user

activity-monitorcatalinacpulaunchdroot

I have recently downloaded Catalina on my Macbook pro and every now and again my fan goes into overdrive, even when I'm hardly using any programs.

I opened my Activity Monitor and there is a process called "ItYoingm" using over 90% CPU and over 106GB memory. The user is "root" user and the process group is "launchd(1)" and then parent process "kernel_task (0)"

Does anybody know what "ItYoingm" is and why it's using so much CPU? I can't find anything on google.

As it's a root user process I feel nervous about quitting the process. Can anyone advise?

I'm not very tech savvy so I would appreciate answers in layman terms please!

Best Answer

Select the process and select the gear icon in Activity Monitor and sample it. You will need to enter your password to allow Activity Monitor to look as root.

The first few lines will establish what this really is...

Analysis of sampling whatever (pid 133) every 1 millisecond
Process:         whatever [133]
Path:            /Library/Application Support/ThisThing/whatever.app/Contents/MacOS/TheDaemon.app/Contents/MacOS/whatever
Load Address:    0x104743000
Identifier:      whatever
Version:         ???
Code Type:       X86-64
Parent Process:  launchd [1]

Date/Time:       2020-03-07 10:44:35.131 -0600
Launch Time:     2020-02-24 10:14:17.221 -0600
OS Version:      Mac OS X 10.15.3 (19D76)
Report Version:  7
Analysis Tool:   /usr/bin/sample

Now to fix it, if you don’t recognize the program you may need help uninstalling it or use a tool like MalwareBytes to scan for known malware.

You can kill just about any root process - worst case it shuts down the system and you need to reinstall macos which doesn’t erase your programs or data, just makes a new operating system.

I would shut down the mac and disconnect from network and power on while you look, it’s likely something you installed, but without details on what you’ve installed we have to make some assumptions.

While you’re disconnected, making a Time Machine backup or just copying the most important files off your mac to an external drive would be very prudent if you lost control of the system and what’s running as root. Then disconnect that backup until you’re sure you don’t have malware running. (or don't connect your good backup if you know you have one and are already covered - some malware will encrypt files and damage trivial backups that don't make the files read only once backed up in a strong manner)

This last part is pure speculation - since the PID is 176 it started very soon after boot, so it's a persistent program that will likely start each time your Mac is restarted - so you will need to diagnose and fix the launcher or get help if this is all too technical or you want to be sure you've got someone experienced helping.

Good tools:

Best Answer

Related Solutions

MacOS – the InterCheck process that occasionally uses 96% CPU on the Mac

MacOS – There is a process called SH using 100% of the CPU

Related Question