Have found something ' odd', .exe in my download folder....

Discussion in 'Mac Basics and Help' started by marbles, Mar 17, 2009.

  1. marbles macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #1
    I don't know how these got downloaded, I've only just set up my new machine, I installed all the updates basics and picked up my MU promo bundle from last year and downloaded all ten of those via MU oh and a couple of extensions for FF.
    I think it's odd because I haven't dl these to the best of my knowledge
    so ye...these are the names of the 'documents'
    xv7qAdwt.exe.part 464KB
    dcluzZh9.exe.part 644KB

    any ideas?
     
  2. jonbravo77 macrumors 6502a

    jonbravo77

    Joined:
    Feb 20, 2008
    Location:
    Phoenix, AZ
    #2
    Looks to me like some type of spyware or such. Possibly downloaded when you did your updates.
     
  3. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #3
    Windows spyware ... stay away from those shady adult sites. :D
     
  4. marbles thread starter macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #4

    Seriously, all I did was software update first thing, then downloaded 10 apps via MacUpdate promo bundle, you know the one with LittleSnitch iWow TechTool etc and that's it....not had chance to go any shady sites , yet :) which is another reason I thought it 'odd'.
    ..arrGGh my new Mini has been soiled...what to do?

    ~m
     
  5. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #5
    Place them in the trash. Empty the trash.

    They're Windows executables. They can't harm you. Aren't you glad you bought a Mac now?
     
  6. marbles thread starter macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #6
    "Executeables " my oh my ..Av always had Macs thank goodness....really crazy how these .exe's have got on my machine though ...I don't get it..
    The sites I used where... Apple.com and the MUpromo site which linked to dev site for apps obviously, so that's less than a dozen sites and BAM.


    Noticed something else,the .exe's are only visible in the download icon in the dock but not if I choose downloads from my browser- hmm the sneaky feckers.

    I'm looking to make leopard as secure as poss....first time Leopard user here feeling little strange having only ever used Panther and Tiger.....any pointers ?



    thanks

    ~m
     
  7. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #7
    Safari's downloads window is just a list of files that have been downloaded, not an index of the downloads folder. I don't remember what the default setting is, but I have Safari configured to remove items from the downloads window as soon as the download completes.
     
  8. marbles thread starter macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #8
    ...I've set mine to save all downloads though ...? only whe I use FF though. which I did after the initial use of Safari to the Apple site to get FF.

    How can I get rid of this, for certain.

    ...I know trash secure erase but if it's spyware or similar I want to make sure you know, then I don't send this gunk on to my friends with windows.
     
  9. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #9
    Hmm...so the Mac Update site harbors spyware? I'm glad I don't visit that site. I guess it just goes to show you can get spyware in lots of places.
     
  10. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #10
    What would be the point in putting Windows spyware on MacUpdate? I'm not sure where they came from, but I doubt they were from there.
     
  11. MacsRgr8 macrumors 604

    MacsRgr8

    Joined:
    Sep 8, 2002
    Location:
    The Netherlands
    #11
    I agree.

    MacUpdate.com is a site I visit regularly and I never got spyware from there.
    Those "shady".exe's ususally come from sites that are not that, eh... ya know. ;)
     
  12. jonbravo77 macrumors 6502a

    jonbravo77

    Joined:
    Feb 20, 2008
    Location:
    Phoenix, AZ
    #12
    I think they came from when the OP downloaded the extensions for FireFox. Since FF is widely used on Windows as well.
     
  13. sawmaster macrumors regular

    #13
    Yeah, EXE files cant harm you.

    Here's some safty tips.

    If you download a photo or video or song file, and it asks you to install it, dont! You dont install music. (Please wait... Your music is being installed.... :p. Please wait.... your movie is installing...., LOL!)

    Before opening a music file or anything like that, get the info and see if it's an application. Look at the "Kind" part. (how to get to the info of a file: Method 1: Select the file(s) and hit "command (apple key)+I". Method 2: Right click the file and click Get Info)

    Thats all I know out of the top of my head.
     
  14. sawmaster macrumors regular

    #14
    You should keep it in the downloads folder. I did just find a mysterious file, i think. Forgot where i found it.

    Keeping the downloads on the browser is good. Although, I downloaded alot of stuff once and got it kicked from the list.

    If mac update did have windows spyware, then whoever put it on there is a stupid idiot.
     
  15. jive turkey macrumors 6502

    Joined:
    Mar 15, 2008
    #15
    On January 13, I had a few of those show up in my downloads folder as well, but names were a little different (+6roUtlx.exe and HkPqPlib.exe, plus 2 or 3 more). I never was able to figure out where the came from as I don't visit any untward sites, and I did not download any bundles from MU or anything like that.

    I just deleted them and forgot about it, but I really do wish I could figure out why they were there.
     
  16. sawmaster macrumors regular

    #16
    Yeah, i got that curiosity feeling in my chest. But while trying to find out i killed some cat.
     
  17. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #17

    It's your firefox, probably "extensions" site. Or "adult codec".

    Doesn't happen in Safari.

    You obviously been to some unsecure sites and did not block pop-ups.
     
  18. OneBlueFire macrumors member

    OneBlueFire

    Joined:
    Oct 12, 2008
    Location:
    Manila, Philippines
    #18
    Most of the people who replied to your inquiry are right.

    You most likely got the EXE files from some site you navigated to.

    Your Mac's fine. EXE files can't run natively on Mac OS. Just delete these files as you normally would by emptying the recycle bin.

    You asked about how to make sure the files are gone because you don't want to inadvertently send them to your friends? Well, technically, once you empty the trash, you have no direct access to these files anymore. If you really wanna be secure (although I don't see the point in doing so), you can do a "Erase Free Space" via Disk Utility.

    1. Open Disk Utility
    2. Highlight or select the Drive on the left which you want to "clean"
    3. Click on "Erase Free Space"

    You'll have the option of doing "Zero Out Deleted Files" or "7-Pass Erase" or "35-Pass Erase"

    Take note that 7 and 35 take a long time to complete.
     
  19. marbles thread starter macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #19
    No, I doubt the MU site does- more like one of the sites I visited to collect the apps in the bundle that I was picking up had it

    Me too, I doubt they where on MacUpdate, I think a couple of the apps had windows versions also so maybe it was one of those? .

    ye thing is the only sites I had visited at the time are Macudate, the sites of about 10 app's that were in a MU bundle and Apple.com to pick up Firefox

    Nope as I said in the OP and since I did only go to Apple, Macupdate and about 10 sites to DL some apps in a MU bundle, obviously the 'add on' site for FF but that is a https connection ..and I only took 2 add ons ...the usual base additions ... for security funnily enough...so I doubt that was the cause...my suspisions are more pointed toward the applications in the bundle...I haven't installed anyof them yet (except for Little Snitch) , maybe I won't and ...

    EDIT* Now I've had an idea, I'll go through the whole procedure again.

    I'll put these two .exe documents into secure file elsewhere then go through each place I went to exactly as before ...then recheck each time I dl something to see if new .exe's have arrived in my documents folder in the dock thus showing me where the things came from , that way i can pin point it exactly and at the least let the dev (or whoever) know so they can do something about it .....

    To me it's really strange though that these two .exe's are not showing up in finder.



    No shadey sites involved , at all.
     
  20. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #20
    I don't see the point either. There is no way for an application to restore itself after deletion, even if it is not securely wiped. That function is only available for privacy reasons.
     
  21. marbles thread starter macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #21
    Not something I'll be doing tbh...I was just trying to protect my windows friends.....Not fussed if I do get spyware on this machine really as I don't do banking or anything like that online, it's just a general browsing machine for the family.


    I'll do the sequence of downloading again a little later on in the day and see where it was I picked them up.
     
  22. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #22
    Yeah, I'd be interested to find out myself. It's a bit of a mystery.

    I wouldn't worry too much about passing them along to your friends. Since they won't run on your computer, they also won't be able to infect other files that you may end up passing along. Unless you end up sending them directly, your friends should be perfectly safe.

    If you get the chance, you might want to try scanning with a Windows virus scanner.
     
  23. madog macrumors 65816

    madog

    Joined:
    Nov 25, 2004
    Location:
    Korova Milkbar
    #23
    Admittedly, the only time my Mac ever downloaded a file on its own was when I watched a special sort of movie from Limewire. Once the movie launched, Safari was already open in the background and started downloading some exe file. By chance I only had the download window open, so once it began I noticed it immediately.

    Was pretty crazy, but even though all viruses and most trojans are Win only, some do have basic code such as that, that can redirect to sites or downloads through the web.

    Even if it was a Mac file, it couldn't open automatically and would require your admin password and such.
     
  24. marbles thread starter macrumors 68000

    marbles

    Joined:
    Apr 30, 2008
    Location:
    EU mostly
    #24
    to get

    OK , an update, I've been tobusy to follow the procedure I did as described above BUT, I went to macupdate to get stuffit expander and guess what..another file came down with stuffit(see pic)
    Now a weird thing happened I clicked the lower icon in the pic and got the " no application is assigned to open blah b;ah" .....then , it vanished .. right there , gone .
    what the f is this ??...I'll make time to follow the procedure I did when setting up the machine the other day if only just to find out where the .exe files came from.

    Have to say this, I have n_o_t visited any dodgy sites, pr0n or gambling or anything like that.Just to be super crystal clear.-

    This ' .part ' concerns me a little more as it has a .dmg prefix and not .exe,
     

    Attached Files:

  25. kastenbrust macrumors 68030

    kastenbrust

    Joined:
    Dec 26, 2008
    Location:
    North Korea
    #25
    .part means not fully downloaded.

    Its a temporary file where your broswer (Firefox or Safari) stores the data while it downloads it. Windows gets this too but you dont see the file. Perfectly normal. If the download finished but you can still see the .part then the download might not work because its not finished.
     

Share This Page