This article should be helpful to those puzzled over occasional CPU and memory usage spikes by the VTDecoderXPCService process on Mac.
本文应该对那些因 Mac 上 VTDecoderXPCService 进程的偶发 CPU 和内存使用率突增而感到困惑的人有所帮助。
What is VTDecoderXPCService on Mac?
在 Mac 上,VTDecoderXPCService 是什么?
No matter how well-polished an operating system is from the software engineering perspective, it isn’t devoid of snags that throw a spanner in the works at times. When it comes to the Mac – even a shiny brand new one – smooth performance is not guaranteed, and the reason doesn’t necessarily boil down to some junk app or an awfully long macOS update hiatus. Sometimes, native system processes may go on a rampage and cause the machine to slow down. The object called VTDecoderXPCService is quite often the culprit as its CPU and memory usage patterns may suddenly deviate towards abnormal heights. The whys and wherefores of this mischief will be analyzed further down. In the meanwhile, let’s see what this thing is supposed to do. VTDecoderXPCService is part of the VideoToolbox framework, which provides applications with a basic spectrum of services for video compression, decompression, and conversion between certain types of formats.
无论操作系统在软件工程方面有多么精心设计,有时候总会遇到问题,让事情变得复杂。当涉及到 Mac 时,即便是全新的闪亮品牌,也不能保证流畅的性能,原因不一定是某个垃圾应用程序或 macOS 更新中的长时间停滞。有时,本地系统进程可能会暴走,导致机器变慢。被称为 VTDecoderXPCService 的对象往往是罪魁祸首,因为其 CPU 和内存使用模式可能突然偏向异常高值。这种行为的原因将在下文进一步分析。与此同时,让我们先看看这个东西应该做什么。VTDecoderXPCService 是 VideoToolbox 框架的一部分,该框架为视频压缩、解压缩以及在某些类型的格式之间转换等提供基本的服务。
In other words, if the activity of an arbitrary program involves multimedia content in one form or another, and if it requires direct access to hardware-accelerated video decoding or encoding on a Mac, then the above-mentioned framework kicks in. Specifically, its component named XPCServices is what harbors the necessary instruments, including VTDecoderXPCService. It is responsible for interprocess communication at the level of helper tools that facilitate particular facets of the application. A common example is a scenario where your browser calls this process to play videos. Rendering audio materials is part of its responsibility as well, by the way. The degree of this involvement depends on how graphically intensive a visited website is. When viewing content on YouTube or Facebook, for instance, VTDecoderXPCService might be among the most resource-intensive processes in Activity Monitor’s graph.
换句话说,如果任意程序的活动以一种或另一种形式涉及多媒体内容,并且需要在 Mac 上直接访问硬件加速的视频解码或编码,那么上述框架就开始发挥作用。具体来说,它的组件名为 XPCServices 承载了必要的工具,包括 VTDecoderXPCService。它负责在辅助工具的层面进行进程间通信,以促进应用程序的特定方面。一个常见的例子是浏览器调用此进程播放视频的情景。顺便提一下,渲染音频材料也是它的责任之一。这种参与程度取决于所访问的网站有多图形密集。例如,在观看 YouTube 或 Facebook 上的内容时,VTDecoderXPCService 可能是 Activity Monitor 图表中资源占用最多的进程之一。
When does VTDecoderXPCService get out of hand?
VTDecoderXPCService 何时失控?
As previously stated, the system tool in question tends to become a resource hog when it’s used by an application that renders videos and audio materials. The good news is that the CPU and memory consumption usually stays within the moderate limits, but sometimes it skyrockets to as high as 100% or above that verge. For the record, the ostensibly highest possible percentage may be exceeded when a process gobbles up all the power of more than one logical CPU on your chip. This condition causes a slowdown problem and keeps the Mac hot even despite the fan speed being maxed out continuously. In these periods, the Activity Monitor will most likely show more than one instance of VTDecoderXPCService. If this predicament occurs, it’s worth determining the original catalyst so that you know what troubleshooting techniques to prioritize.
正如先前所述,有问题的系统工具在被用于渲染视频和音频材料的应用程序时往往会变得资源密集。好消息是 CPU 和内存消耗通常保持在适度范围内,但有时会激增到高达 100%或以上。据记录,当一个进程吞掉处理器的所有能力并超过一个逻辑 CPU 的电源时,最高可能的百分比可能会超过。这种情况会导致减速问题,并且即使风扇速度持续最大化,Mac 仍然会发热。在这些时期,活动监视器很可能会显示多个 VTDecoderXPCService 实例。如果出现这种困境,值得确定原始催化剂,以便了解应该优先考虑哪些故障排除技术。
Many users who have bumped into the VTDecoderXPCService high CPU and memory issue discover that the situation goes back to normal after they quit the Messages app. The reason is trivial: just like the average modern messaging service, it processes a lot of multimedia content. This includes web previews, inline videos, gifs, and audio data. It comes as no surprise that the system instruments geared for viewing, uploading, or downloading such data can get busier than usual during those periods. The solution is trivial – closing Messages stops the resource overuse almost instantly.
许多遇到 VTDecoderXPCService 高 CPU 和内存问题的用户发现,在退出消息应用程序后,情况会恢复正常。原因很简单:就像普通的现代消息服务一样,它处理大量多媒体内容。这包括网页预览、内联视频、gif 和音频数据。毫不奇怪,在这些时期,用于查看、上传或下载此类数据的系统仪器可能比平常更忙碌。解决方案很简单——关闭消息几乎立即停止资源过度使用。
The web browser that’s currently running is the usual “suspect” as well. Again, this software relies on VTDecoderXPCService to play videos, and this interaction chain may get buggy at some point. Coincidentally or not, Mac users who encounter this issue mostly blame it on Chrome based on their observations and diagnostic efforts. An entity called Google Chrome Helper has been heavily criticized for its CPU and RAM thirst over the years. It turns out that it may act this way when a malicious browser extension is trying to fetch code from a remote server as part of its foul play. The problem also manifests itself when the Mac user is uploading a file to a site or web-based email service. Either way, this is because Google Chrome Helper works as an interface between code that runs in the browser and an external resource this code attempts to establish a connection with.
当前运行的网络浏览器也是“嫌疑犯”。再次,该软件依赖于 VTDecoderXPCService 来播放视频,这种交互链可能在某个时候出现故障。巧合与否,遇到这个问题的 Mac 用户大多根据他们的观察和诊断努力将问题归咎于 Chrome。一个名为 Google Chrome Helper 的实体多年来一直因其对 CPU 和内存的需求而受到批评。结果显示,当恶意的浏览器扩展尝试从远程服务器获取代码作为其破坏行为的一部分时,它可能会这样行事。当 Mac 用户上传文件到网站或基于网页的电子邮件服务时,问题也会表现出来。无论哪种方式,这是因为 Google Chrome Helper 作为在浏览器中运行的代码与该代码尝试建立连接的外部资源之间的接口运作。
Since XPCServices and its subordinate VTDecoderXPCService fit the context of interprocess communication in macOS, cybercriminals might mishandle them to execute harmful content, set up covert network connections, and run routines that require elevated privileges. This is especially true of exploitation at the web browser level, which typically revolves around malicious add-ons that the victim installed unknowingly. Mainstream strains of adware and browser hijackers are notoriously data-focused. They harvest multiple bits and pieces of personally identifiable information (PII) on an infected Mac and send it to their Command and Control servers. This activity is likely to involve VTDecoderXPCService manipulation. By and large, this process doesn’t necessarily go wild because of videos in your browser or funny animations in the Messages app. The very gist of it and the fact that it runs as root are sources of potential abuse, and therefore the high CPU and RAM situation could be a symptom of infection. Use the following tips to check whether or not this is the case.
由于 XPCServices 及其下属的 VTDecoderXPCService 符合 macOS 中的进程间通信上下文,网络犯罪分子可能会错误操作它们以执行有害内容、建立隐秘网络连接,并运行需要提升特权的例程。尤其在网页浏览器层面的利用,通常围绕着受害者无意间安装的恶意附加组件展开。主流的广告软件和浏览器劫持程序特别以数据为重点。它们收集感染的 Mac 上的多个个人可识别信息(PII)的片段,并将其发送到其命令和控制服务器。这种活动可能涉及 VTDecoderXPCService 的操纵。总的来说,这个过程不一定会因为您浏览器中的视频或信息应用程序中的有趣动画而变得疯狂。其实本质及其以 root 身份运行这一事实是潜在滥用的源头,因此高 CPU 和 RAM 的情况可能是感染的症状。请使用以下提示来检查是否存在这种情况。
VTDecoderXPCService high memory and CPU virus manual removal from Mac
VTDecoderXPCService 高内存和 CPU 病毒手动从 Mac 中删除
The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the specified order.
下面列出的步骤将指导你删除这个恶意应用程序。务必按照指定顺序执行指令。
- Expand the Go menu in your Mac’s Finder bar and select Utilities as shown below.
在您的 Mac 的 Finder 菜单栏中展开 Go 菜单,然后选择如下所示的 Utilities。 - Locate the Activity Monitor icon on the Utilities screen and double-click on it.
在“实用工具”屏幕上找到“活动监视器”图标,然后双击它。 - In the Activity Monitor app, look for a process that appears suspicious. To narrow down your search, focus on unfamiliar resource-intensive entries on the list. Keep in mind that its name isn’t necessarily related to the way the threat is manifesting itself, so you’ll need to trust your own judgement. If you pinpoint the culprit, select it and click on the Stop icon in the upper left-hand corner of the screen.
在“活动监视器”应用程序中,查找一个看起来可疑的进程。为了缩小搜索范围,重点关注列表中不熟悉的资源密集型条目。请记住,其名称不一定与威胁展现方式相关,因此您需要相信自己的判断。如果您确定了罪魁祸首,选择它并点击屏幕左上角的停止图标。 - When a follow-up dialog pops up asking if you are sure you want to quit the troublemaking process, select the Force Quit option.
当弹出后续对话框询问您是否确定要退出问题制造过程时,请选择强制退出选项。
- Click on the Go menu icon in the Finder again and select Go to Folder. You can as well use the Command-Shift-G keyboard shortcut.
点击 Finder 中的 Go 菜单图标,然后再选择前往文件夹。您也可以使用快捷键 Command-Shift-G。
- Type /Library/LaunchAgents in the folder search dialog and click on the Go button.
在文件夹搜索对话框中键入 /Library/LaunchAgents,然后单击"前往"按钮。
- Examine the contents of the LaunchAgents folder for dubious-looking items. Be advised that the names of files spawned by malware may give no clear clues that they are malicious, so you should look for recently added entities that appear to deviate from the norm.
检查 LaunchAgents 文件夹中的内容是否有可疑的项目。请注意,恶意软件生成的文件名称可能不会明确指出它们是恶意的,因此您应查找最近添加的看起来与正常情况有所不同的实体。As an illustration, here are several examples of LaunchAgents related to mainstream Mac infections: com.updater.mcy.plist, com.avickUpd.plist, and com.msp.agent.plist. If you spot files that don’t belong on the list, go ahead and drag them to the Trash.
作为示例,以下是几个与主流 Mac 感染相关的 LaunchAgents 示例:com.updater.mcy.plist、com.avickUpd.plist 和 com.msp.agent.plist。如果您发现列表中不属于的文件,请将其拖到垃圾箱里。 - Use the Go to Folder lookup feature again to navigate to the folder named ~/Library/Application Support (note the tilde symbol prepended to the path).
再次使用“转到文件夹”查找功能,以导航到名为~/Library/Application Support 的文件夹(请注意路径前面附加的波浪符号)。
- When the Application Support directory is opened, identify recently generated suspicious folders in it and send them to the Trash. A quick tip is to look for items whose names have nothing to do with Apple products or apps you knowingly installed. A few examples of known-malicious folder names are ProgressSite and IdeaShared.
打开应用支持目录,识别其中最近生成的可疑文件夹,并将其发送到垃圾箱。一个快速提示是寻找与您有意安装的苹果产品或应用程序无关的项目。一些已知恶意文件夹名称的示例是 ProgressSite 和 IdeaShared。 - Enter ~/Library/LaunchAgents string (don’t forget to include the tilde character) in the Go to Folder search area.
在"前往文件夹"搜索框中输入~/Library/LaunchAgents 字符串(不要忘记包括波浪符号)。
- The system will display LaunchAgents residing in the current user’s Home directory. Look for dodgy items related to the rogue VTDecoderXPCService process (see logic highlighted in subsections above) and drag the suspects to the Trash.
系统将显示驻留在当前用户的主目录中的 LaunchAgents。查找与流氓 VTDecoderXPCService 进程相关的可疑项目(见上面小节中突显的逻辑),并将嫌疑人拖到垃圾桶中。 - Type /Library/LaunchDaemons in the Go to Folder search field.
在“前往文件夹”搜索字段中键入“/Library/LaunchDaemons”。
- In the LaunchDaemons path, try to pinpoint the files the malware is using for persistence. Several examples of such items cropped by Mac infections are com.apple.sysmond.plist, com.startup.plist, and com.ExpertModuleSearchDaemon.plist. Delete the sketchy files immediately.
在 LaunchDaemons 路径下,尝试确定恶意软件正在使用持久性的文件。 Mac 感染常见的一些示例是 com.apple.sysmond.plist,com.startup.plist 和 com.ExpertModuleSearchDaemon.plist。立即删除可疑文件。
- Click on the Go menu icon in your Mac’s Finder and select Applications on the list.
在您的 Mac 的 Finder 中单击"前往"菜单图标,然后在列表中选择"应用程序"。
- Find the entry for an app that clearly doesn’t belong there and move it to the Trash. If this action requires your admin password for confirmation, go ahead and enter it.
找到一个明显不属于那里的应用程序条目,然后将其移到废纸篓中。如果此操作需要您的管理员密码进行确认,请继续输入。 - Expand the Apple menu and select System Preferences.
展开苹果菜单,然后选择“系统偏好设置”。 - Proceed to Users & Groups and click on the Login Items tab.
前往“用户与组”并点击“登录项”选项卡。 The system will display the list of items launched when the computer is starting up. Locate the potentially unwanted app there and click on the “-” (minus) button.
系统将显示计算机启动时启动的项目列表。在那里找到可能不需要的应用程序,并单击“-”(减号)按钮。 - Now select Profiles under System Preferences. Look for a malicious item in the left-hand sidebar. Several examples of configuration profiles created by Mac adware include TechSignalSearch, MainSearchPlatform, AdminPrefs, and Safari Settings. Select the offending entity and click on the minus sign at the bottom to eliminate it.
现在在系统偏好设置下选择个人资料。 在左侧边栏中查找恶意项目。 由 Mac 广告软件创建的配置文件示例包括 TechSignalSearch、MainSearchPlatform、AdminPrefs 和 Safari Settings。 选择有问题的实体,然后在底部单击减号以消除它。
If your Mac has been infiltrated by adware, the infection will most likely continue to hold sway over your default web browser even after you remove the underlying application along with its components sprinkled around the system. Use the browser cleanup instructions below to address the remaining consequences of this attack.
如果您的 Mac 已经被广告软件渗透,感染很可能会继续控制您的默认网络浏览器,即使您删除了潜在应用程序以及散布在系统中的组件。请使用下面的浏览器清理说明来处理此次攻击的剩余后果。
Get rid of VTDecoderXPCService related malware in web browser on Mac
在 Mac 上清除与 VTDecoderXPCService 相关的浏览器恶意软件
To begin with, the web browser settings taken over by the malware that’s abusing VTDecoderXPCService should be restored to their default values. Although this will clear most of your customizations, web surfing history, and all temporary data stored by websites, the malicious interference should be terminated likewise. The overview of the steps for completing this procedure is as follows:
首先,应该将恶意软件滥用 VTDecoderXPCService 接管的网络浏览器设置恢复到其默认值。虽然这样做会清除大部分的自定义设置、网络浏览历史以及所有网站存储的临时数据,但恶意干扰也会同样终止。完成此过程的步骤概述如下:
- Fix the VTDecoderXPCService problem in Safari
在 Safari 中修复 VTDecoderXPCService 问题- Open the browser and go to Safari menu. Select Preferences in the drop-down list.
打开浏览器,转到 Safari 菜单。在下拉列表中选择“偏好设置”。 - Once the Preferences screen appears, click on the Advanced tab and enable the option saying “Show Develop menu in menu bar”.
一旦出现首选项屏幕,请单击高级选项卡,并启用选项“在菜单栏中显示开发菜单”。 - Now that the Develop entry has been added to the Safari menu, expand it and click on Empty Caches.
现在“开发”已经添加到 Safari 菜单中,展开它并点击“清空缓存”。 - Now select History in the Safari menu and click on Clear History in the drop-down list.
现在在 Safari 菜单中选择历史,然后单击下拉列表中的清除历史记录。 - Safari will display a dialog asking you to specify the period of time this action will apply to. Select all history to ensure a maximum effect. Click on the Clear History button to confirm and exit.
Safari 将显示一个对话框,询问您要将此操作应用于多长时间。选择所有历史记录以确保最大效果。单击“清除历史记录”按钮以确认并退出。 - Go back to the Safari Preferences and hit the Privacy tab at the top. Find the option that says Manage Website Data and click on it.
返回 Safari 首选项,然后在顶部点击“隐私”选项卡。找到“管理网站数据”选项并单击它。 - The browser will display a follow-up screen listing the websites that have stored data about your Internet activities. This dialog additionally includes a brief description of what the removal does: you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click on the Remove All button.
浏览器将显示一个后续屏幕,列出存储有关您互联网活动数据的网站。此对话框还包含一个简要描述有关清除操作的内容:在进行操作后,您可能会从某些服务中注销并遇到其他网站行为的变化。如果您对此没有异议,请继续点击“全部移除”按钮。 - Restart Safari 重新启动 Safari
- Open the browser and go to Safari menu. Select Preferences in the drop-down list.
- Fix VTDecoderXPCService problem in Google Chrome
修复 Google Chrome 中的 VTDecoderXPCService 问题- Open Chrome, click the Customize and control Google Chrome (⁝) icon in the top right-hand part of the window, and select Settings in the drop-down
打开 Chrome,单击窗口右上角的自定义和控制谷歌 Chrome (⁝) 图标,并在下拉菜单中选择设置 - When on the Settings pane, select Advanced
在“设置”面板上时,请选择“高级” - Scroll down to the Reset settings section.
向下滚动到重置设置部分。 - Confirm the Chrome reset on a dialog that will pop up. When the procedure is completed, relaunch the browser and check it for malware activity.
确认在弹出的对话框上重置 Chrome。 当程序完成后,重新启动浏览器并检查是否存在恶意软件活动。
- Open Chrome, click the Customize and control Google Chrome (⁝) icon in the top right-hand part of the window, and select Settings in the drop-down
- Remove VTDecoderXPCService malware in Mozilla Firefox
在 Mozilla Firefox 中删除 VTDecoderXPCService 恶意软件- Open Firefox and go to Help – Troubleshooting Information (or type about:support in the URL bar and press Enter).
打开 Firefox 并转至帮助-故障排除信息(或在 URL 栏中键入 about:support 然后按 Enter 键)。 - When on the Troubleshooting Information screen, click on the Refresh Firefox button.
在故障排除信息屏幕上,点击“刷新 Firefox”按钮。 - Confirm the intended changes and restart Firefox.
确认所需更改并重新启动 Firefox。
- Open Firefox and go to Help – Troubleshooting Information (or type about:support in the URL bar and press Enter).
Fix VTDecoderXPCService high CPU and memory issue using Combo Cleaner removal tool
使用 Combo Cleaner 移除工具修复 VTDecoderXPCService 高 CPU 和内存问题
The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove VTDecoderXPCService virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.
被称为 Combo Cleaner 的 Mac 维护和安全应用程序是一个一站式工具,用于检测和移除 VTDecoderXPCService 病毒。与手动清理相比,该技术具有重要优势,因为此实用工具每小时会获得病毒定义更新,并且可以准确地发现即使是最新的 Mac 感染。
Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the VTDecoderXPCService issue using Combo Cleaner:
此外,自动解决方案将会在系统结构的深处找到恶意软件的核心文件,否则可能会成为定位的挑战。以下是使用 Combo Cleaner 解决 VTDecoderXPCService 问题的步骤:
- Download Combo Cleaner installer. When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.
下载 Combo Cleaner 安装程序。完成后,双击 combocleaner.dmg 文件,并按照提示将工具安装到您的 Mac 上。By downloading any applications recommended on this website you agree to our Terms and Conditions and Privacy Policy. The free scanner checks whether your Mac is infected. To get rid of malware, you need to purchase the Premium version of Combo Cleaner.
通过下载本网站推荐的任何应用程序,即表示您同意我们的条款和条件以及隐私政策。 免费扫描程序可检查您的 Mac 是否受到感染。 要清除恶意软件,您需要购买 Combo Cleaner 的高级版本。 - Open the app from your Launchpad and let it run an update of the malware signature database to make sure it can identify the latest threats.
从启动台打开应用程序,并让其更新恶意软件签名数据库,以确保它能够识别最新的威胁。 - Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.
点击“启动组合扫描”按钮,检查您的 Mac 是否存在恶意活动以及性能问题。 - Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).
检查扫描结果。如果报告显示“没有威胁”,那么您在手动清理方面走对了路,可以安全地继续整理网络浏览器,因为可能仍会因恶意软件攻击的后果而出现问题(请参见上面的说明)。 - In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove VTDecoderXPCService threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.
如果 Combo Cleaner 检测到恶意代码,请点击“删除所选项目”按钮,并让实用程序除掉 VTDecoderXPCService 威胁以及任何其他病毒、PUP(潜在的不需要的程序)或不应存在于您的 Mac 上的垃圾文件。 - Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.
一旦您确保恶意应用已被卸载两次,浏览器级故障排除可能仍然在您的待办清单上。如果您偏爱的浏览器受到影响,请参考本教程的先前部分以恢复无忧的网络浏览。