hacked?

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
I just came across two files with Sherlock. They are both in the same hidden folder.

-fakemail
-movemail


The weirdest thing is that I can find them when booted in OS9 but not OSX... Hmm?
These files are probably harmless, but I have to ask... What are they, and should I have them on my system?
 

Taft

macrumors 65816
Jan 31, 2002
1,319
0
Chicago
Huh.

Never seen that before. Where was the hidden folder and what was it named?

Matthew
 

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
Thanks mymemory.
Delete the files. Ha. I get the joke. It's very funny. That razor-sharp Venezuelan wit gets me everytime.

Can anyone really answer my question?

mrTrumble - to answer your question. The file is in the hidden folder 'usr' on my OSX partition.
 

evildead

macrumors 65816
Jun 18, 2001
1,275
0
WestCost, USA
what kind of files are they?

what are the permissions for them? are they executable? are they binaries? do a more on them and take a look inside. Post what's inside of them here and maybe in can help interpret them. Also... take a look at what is in this file: /var/cron/tabs/AllUserNamesListed Check to see if there ay any jobs scheduled for those files. I have never seen those before and they could have been placed maliciously.


-evildead
 

Mr. Anderson

Moderator emeritus
Nov 1, 2001
22,561
0
VA
Several years ago a woman at work decided to clean up files on her mac. She went into the system folder and removed anything she didn't recognize, then wondered why the machine didn't boot up correctly....:rolleyes:

Definitely look to see what's in them, maybe you'll get lucky and be able to read them. You might need to view them in hex.
 

eyelikeart

Moderator emeritus
Jan 2, 2001
11,897
0
Metairie, LA
a common mistake many users who don't have a clue with do...

delete things that just "look unimportant"...

I did some research and generally it seems that "fakemail" is being regarded as spam mail...

and I came up with this:
movemail

I could be way off here...but it seems like those 2 files are simply spam filters of some sort for a mail application u are running....maybe Mail? :confused:
 

jefhatfield

Retired
Jul 9, 2000
8,803
0
there is a troll on here? ....that put up a hyperlink with a virus or something else nasty on it and it crashed my mac twice

you know who you are (if it was intentional)

it was a hyperlink to a "story" which would not load up and i had to rebuild my desktop after trying to visit this link...and to add insult to injury, someone else supplied this same link

i am not a javascript person and maybe my browser needs to be updated but i have never seen such a nasty reaction to a hyperlink before concerning my mac

for a pc, well, that is a different story and i expect bad things:D
 

eyelikeart

Moderator emeritus
Jan 2, 2001
11,897
0
Metairie, LA
Originally posted by jefhatfield
there is a troll on here? ....that put up a hyperlink with a virus or something else nasty on it and it crashed my mac twice

you know who you are (if it was intentional)

it was a hyperlink to a "story" which would not load up and i had to rebuild my desktop after trying to visit this link...and to add insult to injury, someone else supplied this same link
it wasn't me was it?! :confused: :eek:
 

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
Thanks for all the help guys!
To answer some of your questions...

The hidden folder is on my OSX partition in -

usr/libexec/emacs/20.7/powerpc-apple-darwin1.4/fakemail
usr/libexec/emacs/20.7/powerpc-apple-darwin1.4/movemail

Again, these files can be found only when booted in OS9. Can anyone else with 9 & X run a Sherlock search from 9 to see if they can find these files too?
 

makks

macrumors newbie
Apr 3, 2002
11
0
Portland, OR
I've got those files there also. As the link referenced to earlier said, movemail is used by emacs and such to copy messages from the mailspool to a mail client. Fakemail probably does someting similar or maybe is used for killing a mail message that you're writing and decide to trash. I doubt either of these files will have any impact on anything but emacs.
 

Taft

macrumors 65816
Jan 31, 2002
1,319
0
Chicago
emacs

You threw me off by saying hidden folder. Its technically not hidden as opening a command prompt and typing 'ls' will show the folder. Its is, however, not visible from the Finder.

But the files are emacs files and are not the result of a hacker.

Matthew
 

blackpeter

macrumors 6502a
Original poster
Aug 14, 2001
919
0
Thanks guys* I appreciate the info & stuff...

"Just because you're paranoid, don't mean they're not after you..."
-Kurt Cobain