Every once in a while I hear a loud sound from my Mac. It sounds like either a camera shutter or a keychain lock/unlock. It all started a couple of weeks ago.
I fear something is snapping shots of my screen and beaming them somewhere.
I've scoured Google and found others have experienced the same issue. Based on suggestions, I've installed 2 Anti Virus apps (one at a time, of course), scanned my computer, and found nothing; checked Activity Monitor for unknown processes – none I could identify; looked at all the regular places (~/Library/LaunchDaemons, ~/Library/LaunchAgents, /Library/LaunchAgents) – didn't see anything out of the ordinary.
What am I missing, what else should I try, or am I just overreacting and there's a simple answer?
Best Answer
Your search for the origin of this sound may progress on 2 paths: which application produces it and which sound is it.
Which application?
Here is an easy way to control if this sound is coming from a standard screen capture.
Type the following command twice:
First, whenever you want. Next time, just after you heard the shutter sound.
This command will display you the time when this command was last run.
Which sound?
Quick identification
Here is a 1st attempt to be sure of which sound is used. You can't try to recognize a sound by firing an application and trying all the sound it can produce with its graphical interface.
The only practical approach is to use fast command lines just after you heard your unsolicited sound. Open a
Terminal
orxterm
window and enter as is these 4 lines of command defining short name functions to test 4 approaching sounds:On Mountain Lion, these sounds have moved. Then these functions have to be defined with:
Keep this window open, and as soon as you hear the unsolicited sound, fire these four commands in turn to hear which one was played:
Next, to be sure, you can once more verify the access time of the identified sound file with the
-lu
options ofls
. For example, you can confirm that the lock sound was played with:Deep search
If this quick approach fails, here is a command to identify the file which was used by the system to play a sound within the preceding hour (
-atime -1h
):If this command doesn't report anything, the next step will be to run the same deep search within your HOME directory: