hacked?

Discussion in 'General Mac Discussion' started by blackpeter, Apr 3, 2002.

  1. blackpeter macrumors 6502a

    Joined:
    Aug 14, 2001
    #1
    I just came across two files with Sherlock. They are both in the same hidden folder.

    -fakemail
    -movemail


    The weirdest thing is that I can find them when booted in OS9 but not OSX... Hmm?
    These files are probably harmless, but I have to ask... What are they, and should I have them on my system?
     
  2. Taft macrumors 65816

    Taft

    Joined:
    Jan 31, 2002
    Location:
    Chicago
    #2
    Huh.

    Never seen that before. Where was the hidden folder and what was it named?

    Matthew
     
  3. mymemory macrumors 68020

    mymemory

    Joined:
    May 9, 2001
    Location:
    Miami
  4. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
    #4
    Thanks mymemory.
    Delete the files. Ha. I get the joke. It's very funny. That razor-sharp Venezuelan wit gets me everytime.

    Can anyone really answer my question?

    mrTrumble - to answer your question. The file is in the hidden folder 'usr' on my OSX partition.
     
  5. evildead macrumors 65816

    evildead

    Joined:
    Jun 18, 2001
    Location:
    WestCost, USA
    #5
    what kind of files are they?

    what are the permissions for them? are they executable? are they binaries? do a more on them and take a look inside. Post what's inside of them here and maybe in can help interpret them. Also... take a look at what is in this file: /var/cron/tabs/AllUserNamesListed Check to see if there ay any jobs scheduled for those files. I have never seen those before and they could have been placed maliciously.


    -evildead
     
  6. Mr. Anderson Moderator emeritus

    Mr. Anderson

    Joined:
    Nov 1, 2001
    Location:
    VA
    #6
    Several years ago a woman at work decided to clean up files on her mac. She went into the system folder and removed anything she didn't recognize, then wondered why the machine didn't boot up correctly....:rolleyes:

    Definitely look to see what's in them, maybe you'll get lucky and be able to read them. You might need to view them in hex.
     
  7. eyelikeart Moderator emeritus

    eyelikeart

    Joined:
    Jan 2, 2001
    Location:
    Metairie, LA
    #7
    a common mistake many users who don't have a clue with do...

    delete things that just "look unimportant"...

    I did some research and generally it seems that "fakemail" is being regarded as spam mail...

    and I came up with this:
    movemail

    I could be way off here...but it seems like those 2 files are simply spam filters of some sort for a mail application u are running....maybe Mail? :confused:
     
  8. jefhatfield Retired

    jefhatfield

    Joined:
    Jul 9, 2000
    #8
    there is a troll on here? ....that put up a hyperlink with a virus or something else nasty on it and it crashed my mac twice

    you know who you are (if it was intentional)

    it was a hyperlink to a "story" which would not load up and i had to rebuild my desktop after trying to visit this link...and to add insult to injury, someone else supplied this same link

    i am not a javascript person and maybe my browser needs to be updated but i have never seen such a nasty reaction to a hyperlink before concerning my mac

    for a pc, well, that is a different story and i expect bad things:D
     
  9. eyelikeart Moderator emeritus

    eyelikeart

    Joined:
    Jan 2, 2001
    Location:
    Metairie, LA
    #9
    it wasn't me was it?! :confused: :eek:
     
  10. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
    #10
    Thanks for all the help guys!
    To answer some of your questions...

    The hidden folder is on my OSX partition in -

    usr/libexec/emacs/20.7/powerpc-apple-darwin1.4/fakemail
    usr/libexec/emacs/20.7/powerpc-apple-darwin1.4/movemail

    Again, these files can be found only when booted in OS9. Can anyone else with 9 & X run a Sherlock search from 9 to see if they can find these files too?
     
  11. makks macrumors newbie

    Joined:
    Apr 3, 2002
    Location:
    Portland, OR
    #11
    I've got those files there also. As the link referenced to earlier said, movemail is used by emacs and such to copy messages from the mailspool to a mail client. Fakemail probably does someting similar or maybe is used for killing a mail message that you're writing and decide to trash. I doubt either of these files will have any impact on anything but emacs.
     
  12. Taft macrumors 65816

    Taft

    Joined:
    Jan 31, 2002
    Location:
    Chicago
    #12
    emacs

    You threw me off by saying hidden folder. Its technically not hidden as opening a command prompt and typing 'ls' will show the folder. Its is, however, not visible from the Finder.

    But the files are emacs files and are not the result of a hacker.

    Matthew
     
  13. jefhatfield Retired

    jefhatfield

    Joined:
    Jul 9, 2000
    #13
    oh, a mac scriptkiddie:D
     
  14. oldMac macrumors 6502a

    Joined:
    Oct 25, 2001
    #14
    legit

    yup.

    These look to be legit binaries used by emacs.
     
  15. blackpeter thread starter macrumors 6502a

    Joined:
    Aug 14, 2001
    #15
    Thanks guys* I appreciate the info & stuff...

    "Just because you're paranoid, don't mean they're not after you..."
    -Kurt Cobain
     

Share This Page