I got a message from WOW platform saying my machine was generating suspicious activity. I run AED4 and MacAffee last versions with 0 threats results.
Then I turned to the Activity Monitor and checked what has been going on, just to find this _mdnsresponder process amidst regular activity.
Checked the web and apparently is some kind of bug at the service of an (eventual) unknown trojan. There is nothing to relax someone like these news.
Does anyone know how to get rid of this plague?
Thanks
You can't remove mDNSResponder from Mac OS X Snow Leopard and still have a functioning internet connection. mDNSResponder is used for DNS resolution and several other tasks in Mac OS X 10.6 and is not a trojan.
In Activity Monitor you should a process called mDNSResponder run by a user called _mdnsresponder. If the process itself is called _mdnsresponder then this is something else. I'm not aware (and can't find any evidence contrary) of any Mac OS X malware running a process called _mdnsresponder. Is the process actually called _mdnsresponder?
The user is called _mdnsresponder, the process is mDNSResponder. On Mac OS X Lion, it may prevent you from accessing Internet. When this happens, mDNSResponder uses 100% of CPU, same for any application relying on DNS resolution (pretty much most applications nowadays). So use Activity Monitor to Force Quit it mDNSResponder. Then it should solve the issue as it restarts itself.
Both of the other answers to this question (at the time of this answering) are incorrect. Killing mDNSResponder won't kill your internet connection.
mDNSResponder is specifically a part of Bonjour, Apple's zeroconf networking solution. It discovers other local devices on the network (i.e. URLs that end in .local) and reports to other devices on the local network that your computer exists and supports Bonjour.
If you never use Bonjour, then you can safely block it in your firewall. (It all happens on port 5353, so you can just block that port and be done with it). You can find a list of typical uses for Bonjour on its Wikipedia page.
I located this ip 184.105.247.203 connected. To the mDNSresponder on a MacBook Pro, associated with hundreds of complaints. One person said they hacked and changed his Facebook account password. If they can see that. Imagine all the private photos and messages they hack into.
