A couple days ago, I decided to go through all my Mac processes and verify that they were all supposed to be there. I found one that seemed out of place: backgroundinstruments. The top link on Google for this query was "MALWARE access via hole in Browser...: Apple Support Communities". Even reading that thread, it wasn't clear to me whether the existence of backgroundinstruments meant something bad. But, I couldn't force-quit the process — it would restart itself immediately — and it would run automatically when I rebooted. So, I decided to do a fresh install of OS X.

Of course, this is a MacBook Air, so I wasn't exactly sure how to do a fresh install, since there is no CD drive. But it turns out Apple makes it easy. I just needed to reboot with Command-R held down, and it would boot off of a special hidden installation drive, and give me an interface to format my main drive, and install Lion. The interface even had web access, and downloaded the stuff it needed as part of the installation process.

Note: the first time I tried this, I formatted my drive with encryption. However, after the installation was complete, it wouldn't let me boot the machine — it ultimately hung showing me a "no" sign (a circle with a slash through it), and a perpetually spinning spinner. I'm not sure if this was meant to work. I can imagine a reason why it might not. If the entire drive is encrypted, it seems like the boot process itself wouldn't be able to read the drive without the password. On the other hand, it seems silly to allow someone to install Lion on an encrypted drive if that was true. In any case, I redid the installation with a non-encrypted formatting, and it worked fine (and I did the encryption using FileVault afterwards).

Incidentally, backgroundinstruments is not running now, so that's nice. Also, it seemed like this process was related to XCode in some way, so I tried installing and running XCode to see if it would reappear, and it has not.

No comments:

Post a Comment