Numerous Mac users are experiencing sluggish system performance due to CPU and RAM overconsumption by a process called WindowServer.
|Name||WindowServer CPU-intensive process|
|Associated processes||hidd, kernel_task, mds_stores, nsurlsessiond, syslogd, trustd|
|Action||Kernel panics, system slowdown|
|Removal tool||Download Now|
Catching up with technological progress is easier said than done. Even if you own a powerful Mac that’s several years old, it probably already doesn’t measure up against Apple’s latest machines with M1 chips inside. In just a couple more years, your still-awesome computer will likely be incompatible with another macOS version. In other words, electronic devices are becoming obsolete much faster than they used to, and users are bound to either put up with this bitter reality or replace their daily drivers with new ones sooner than they were planning originally. But sometimes, Mac productivity issues can have an entirely different source than the natural aging of hardware. This is the case with the WindowServer high CPU usage Mac problem. Many users call it a glitch, and some find out that its breadcrumbs lead to malware. Let’s look at this predicament from both angles.
What is WindowServer anyway? It is a series of services geared toward the proper management of different windows on Mac’s screen. The process is a critical link between the running applications and the way they are visually presented to the user. It ensures an instant on-display reflection of the changes that occur as you interact with an arbitrary app, visit a website, play a video game, move your mouse around, and routinely do a ton of other things on your computer. All in all, your Mac would probably be unusable if WindowServer weren’t arranging graphical elements on the screen.
The indisputable significance of this entity for proper user experience is eclipsed by a massive amount of negative feedback from Mac users who discover it consuming much CPU and memory. This is very easy to diagnose: all it takes is going to Utilities and opening the Activity Monitor app. If you click the CPU column to sort the resource intensiveness of the processes from largest to smallest, you may see WindowServer at the very top. Counterintuitively, the percentage may somehow exceed the conceptual 100% threshold. This occurrence often overlaps with a handful of other processes gobbling up quite a bit of CPU and RAM as well. The examples include hidd, kernel_task, mds_stores, nsurlsessiond, syslogd, and trustd.
Based on the affected Mac users’ observations, the WindowServer resource overuse bug often makes itself felt in specific situations. For instance, the spike is likely to happen when you connect an external monitor to your Mac, especially one with 4K resolution. Some people bump into this problem after plugging a mouse in a computer’s USB-C port and simply moving the cursor a bit. The issue may also occur once you upgrade to a new operating system version. For example, this is what frustrated many users after they installed macOS 11 Big Sur. That said, there are a few simple things you can try as soon as you notice WindowServer hoover up too much processing power:
- Restart your Mac.
- Close apps you aren’t currently using.
- Enable the “Reduce transparency” option under the Display tab in your Accessibility settings.
- Play around with the display resolution.
- Close unnecessary desktops in Mission Control.
- Update your most-used apps.
- If a macOS update is pending (normally, you will see a notification badge next to the System Preferences icon in the Dock), apply it immediately.
- If you are using an external monitor or a USB mouse, try to disconnect it.
There is also a malware-borne reason for the extreme WindowServer behavior. Mac viruses, adware, and spyware may precipitate an uncurbed response of the operating system that suddenly turns regular processes into resource hogs. In an attempt to slip under the radar, stealth cryptocurrency miners can disguise themselves as legitimate executables, including the one under scrutiny. Therefore, the likelihood of causality with the security flavor should be taken into account as well. Use the following instructions to check if malware is causing this havoc and sort things out.
Remove WindowServer high CPU virus from Mac manually
First things first, every infection instance boils down to a specific rogue app underlying it. Therefore, the starting point of the fix is to find and delete the malicious program that’s causing your Mac computer to act up. This could be easier said than done, though – some viruses are sneaky and don’t leave an obvious system footprint in an attempt to avoid detection.
The steps below will walk you through the best practices of spotting and removing WindowServer high CPU virus from your Mac.
- In the Finder’s Go pull-down menu, click Utilities
- Select Activity Monitor
- Take a look at the running processes and try to identify the malicious one. Its name isn’t likely to have anything in common with WindowServer high CPU virus, therefore you should focus on resource-intensive entries that look unfamiliar and way out of place.
- Once you spot the suspect, select it and click Stop in the upper left of the Activity Monitor screen. Follow on-screen prompts to force quit the unwanted item. Note that you may have to enter your admin password to do it
- Reopen the Go menu and click Go to Folder
- Enter the following string in the search box: /Library/LaunchAgents. Click the Go button as shown below
- Check the folder for potentially unwanted items. As is the case with malicious executables, the names of sketchy LaunchAgents may suggest no connection with Mac threats. As a general rule, look for recently created objects you don’t recognize. Send the baddies to the Trash if found
- Now you’ll need to complete the same procedure for the following directories: ~/Library/LaunchAgents, ~/Library/Application Support, and /Library/LaunchDaemons. Go to these paths in turn (see Step 6 above), inspect their contents for dubious items and folders, and eliminate them.
- Use the Go menu in your Finder again and click Applications
- Scrutinize the list of installed apps to try and locate the malicious one. This could also be a shot in the dark because the culprit isn’t going to be named WindowServer high CPU virus or similar. Your goal is to spot a recently added fishy-looking program you didn’t wittingly install. Send it to the Trash immediately
- Click the Apple menu icon and pick System Preferences. You can as well click the gear symbol in the Dock if it’s there
- Head to Users & Groups and click Login Items. Click the padlock icon at the bottom left to enable changes – this will require your admin password. Find the app that shouldn’t be started automatically at boot time, select it, and click the ‘minus’ symbol
- When on the System Preferences screen, select Profiles. In most cases, the list will show up blank unless it’s a company-issued Mac and your employer has added a configuration profile to manage specific areas of the system. Anyway, if you see a profile that shouldn’t be there (e.g. AdminPrefs or TechSignalSearch), select it and click the ‘minus’ symbol to eradicate it
So much for the manual removal workflow. Keep in mind that most Mac threats stretch their grip over to web browsers. If this is the case, your online activities will continue to be affected and you’ll need to additionally tackle the browser side of the attack. Here’s how you do it.
WindowServer high CPU removal in a web browser on Mac
The steps below will help you regain control of the browsing preferences hijacked by WindowServer high CPU virus. Be advised that you may be logged out of sites and lose your web customizations as a result of this procedure. The silver lining, though, is that the malware won’t be meddling with your online sessions anymore.
Troubleshoot Safari malfunctioning
- Open Safari, expand the Safari pull-down menu, and pick Preferences
- Click Advanced and check the ‘Show Develop menu in menu bar’ box
- You’ll see the Develop menu added at the top of the screen. Click it and select Empty Caches on the list
- Expand the History entry in the Safari menu and select Clear History
- It’s best to pick all history in the follow-up screen to obliterate all malicious cookies and website data generated by the malware. Then, click Clear History
- Return to the Safari Preferences, select the Privacy section, and click the Manage Website Data button
- Click Remove All on the subsequent screen
- Finish the procedure by restarting Safari
Restore Google Chrome defaults
- Open Google Chrome, click the Customize and control Google Chrome (⁝) symbol in the upper right, and choose Settings
- Click Reset settings
- The browser will display an extra dialog so that you can familiarize yourself with the logic of the cleanup before proceeding. Go ahead and click the Reset settings button as illustrated below
- Restart Google Chrome
Fix the problem in Mozilla Firefox
- Open Firefox, click its menu icon (three horizontal lines), select Help, and click Troubleshooting Information
- Click Refresh Firefox and confirm the action
- Restart Mozilla Firefox
Remove WindowServer high CPU virus using Intego Mac Premium Bundle X9
Spotting files dropped by Mac threats can be a wild guess and takes a lot of time if you do it manually. It is much easier and more effective to use a security tool that automates the cumbersome process and quickly delivers the result you need. Intego Mac Premium Bundle X9 leverages time-tested antivirus technology to detect, defang, and remove widespread and emerging Mac viruses. Here is how to get rid of malicious code in several simple steps using this technique:
Download and run Mac Premium Bundle X9 installation file. Follow on-screen prompts to finish the setup.
- Open the VirusBarrier application from your Launchpad. This is the central module of the software suite’s security kit.
- Choose the scan type. Keep in mind that Quick Scan only checks a limited range of locations most often parasitized by Mac malware. We recommend you select Full Scan to maximize the detection accuracy.
- Wait for the tool to examine your computer for unwelcome files, harmful processes, and suspicious configurations. The first full scan might be a bit lengthy, which is normal.
- The scan report will give you the big picture by listing the detected threats and malware families they represent. These items are automatically moved to the quarantine unless you specify a different action.
- To make the harmful files vanish without a trace, open the Quarantine tab and click the Repair All button. This will address your malware issue.