Why is Java consuming 100% CPU on my machine?

Solution 1:

I don't know either, but here's how to find out more

In cases of entirely unknown binaries, strings(1) is often helpful in getting a hint about what the file might be

strings /tmp/ics29586 | less

Have a look through the output and see if it's anything familiar.

Failing that, find out which launchd job it is being launched from:

launchctl list|awk '{id=$3; print "### " id; system("launchctl list " id)}'|awk '/^###/ {id=$2} /.*ics29586.*/ {print id}'

This should output one or more job tags in the form of (for example) com.apple.scrod (and a few errors, which you can ignore).

Once you have the job tag(s), get the launchd config for a job by running:

launchctl list com.apple.scrod    # insert your tag instead

This (and the tag itself, which often contains an internet domain name in reverse notation) should give you some more information about what this process is. Feel free to post it here if you need further help.

Update: Forgot to mention this, but since it's a jar file, you can copy it somewhere and unzip it (jar files are really just zip files) and have a look at what sort of Java classes are in there.

Solution 2:

If you drop into terminal, you can type ps -ef | grep java

You'll see all the processes with "java" in their descriptions and details on the process which launched each of them.

In my case, CrashPlan is doing a restore and the client app is Java-based. I see:

0    85     1   0 10:35PM ??        98:28.26 /usr/bin/java -Dapp=**CrashPlanService** -Xmn10m -Xms15m -Xmx512m -DappBaseName=**CrashPlan** -Djava.awt.headless=true -...

Once you know who is using it, you can decide if it's something you want to remove or not...

Solution 3:

Got it. After help from two friends, I can say the following.

  • in /etc/crontab there was an entry:

    */5 * * * * root /usr/bin/adjkerntz
    

    -in /usr/bin there was a program called adjkerntz. I believe that this a genuine name for a valid binary in some unix/linux implementations, but not OSX. It also has different permissions to every other executable in /us/bin:

    -rwxr-xr-x    1 root   wheel     74688 18 Sep 00:26 addftinfo
    -rwx------    1 root   wheel   2841604 18 Sep 20:49 adjkerntz
    -rwxr-xr-x    1 root   wheel    223312 18 Sep 00:26 afconvert
    
  • I hashed out the cron entry and killed the java process and hey presto no further issues.

  • I also deleted adjkerntz and on the suggestion of my excellent friends, I did the following to make sure it doesn't reoccur:

    sh-3.2# touch adjkerntz
    sh-3.2# chflags schg adjkerntz
    
  • This makes the file immutable and even root can't modify that file.

This does leave the question of how this got there in the first place, but I guess the Internet can be a dangerous place. Thanks to all who have contributed their time to helping me get to the bottom of this.