I just came across two files with Sherlock. They are both in the same hidden folder.

-fakemail
-movemail


The weirdest thing is that I can find them when booted in OS9 but not OSX... Hmm?
These files are probably harmless, but I have to ask... What are they, and should I have them on my system?

Never seen that before. Where was the hidden folder and what was it named?

Matthew

Delet them and you will see!

Thanks mymemory.
Delete the files. Ha. I get the joke. It's very funny. That razor-sharp Venezuelan wit gets me everytime.

Can anyone really answer my question?

mrTrumble - to answer your question. The file is in the hidden folder 'usr' on my OSX partition.

what are the permissions for them? are they executable? are they binaries? do a more on them and take a look inside. Post what's inside of them here and maybe in can help interpret them. Also... take a look at what is in this file: /var/cron/tabs/AllUserNamesListed Check to see if there ay any jobs scheduled for those files. I have never seen those before and they could have been placed maliciously.


-evildead

Several years ago a woman at work decided to clean up files on her mac. She went into the system folder and removed anything she didn't recognize, then wondered why the machine didn't boot up correctly....:rolleyes:

Definitely look to see what's in them, maybe you'll get lucky and be able to read them. You might need to view them in hex.

a common mistake many users who don't have a clue with do...

delete things that just "look unimportant"...

I did some research and generally it seems that "fakemail" is being regarded as spam mail...

and I came up with this:
movemail (http://lelandsystems.stanford.edu/services/pubsw/package/mail/movemail.html)

I could be way off here...but it seems like those 2 files are simply spam filters of some sort for a mail application u are running....maybe Mail? :confused:

there is a troll on here? ....that put up a hyperlink with a virus or something else nasty on it and it crashed my mac twice

you know who you are (if it was intentional)

it was a hyperlink to a "story" which would not load up and i had to rebuild my desktop after trying to visit this link...and to add insult to injury, someone else supplied this same link

i am not a javascript person and maybe my browser needs to be updated but i have never seen such a nasty reaction to a hyperlink before concerning my mac

for a pc, well, that is a different story and i expect bad things:D

Originally posted by jefhatfield
there is a troll on here? ....that put up a hyperlink with a virus or something else nasty on it and it crashed my mac twice

you know who you are (if it was intentional)

it was a hyperlink to a "story" which would not load up and i had to rebuild my desktop after trying to visit this link...and to add insult to injury, someone else supplied this same link


it wasn't me was it?! :confused: :eek:

Thanks for all the help guys!
To answer some of your questions...

The hidden folder is on my OSX partition in -

usr/libexec/emacs/20.7/powerpc-apple-darwin1.4/fakemail
usr/libexec/emacs/20.7/powerpc-apple-darwin1.4/movemail

Again, these files can be found only when booted in OS9. Can anyone else with 9 & X run a Sherlock search from 9 to see if they can find these files too?

I've got those files there also. As the link referenced to earlier said, movemail is used by emacs and such to copy messages from the mailspool to a mail client. Fakemail probably does someting similar or maybe is used for killing a mail message that you're writing and decide to trash. I doubt either of these files will have any impact on anything but emacs.

You threw me off by saying hidden folder. Its technically not hidden as opening a command prompt and typing 'ls' will show the folder. Its is, however, not visible from the Finder.

But the files are emacs files and are not the result of a hacker.

Matthew

Originally posted by eyelikeart


it wasn't me was it?! :confused: :eek:

oh, a mac scriptkiddie:D

yup.

These look to be legit binaries used by emacs.

Thanks guys* I appreciate the info & stuff...

"Just because you're paranoid, don't mean they're not after you..."
-Kurt Cobain