(1) Hardware: late 2011 iMac (2) Software: HDD divided into two volumes; one running Snow Leopard, the other running Mountain Lion. The latter volume is not in use. (3) How the problems began: I noticed there were two icons for Word in the Dock. Checked in the finder, and found one was for Word 2004, which I own, and one for Word 2008, which I have never owned. One of these files was labelled /Applications/Microsoft Office 2008/.SM.gul.Microsoft Word. As far as I can recall this file was visible in the Finder. (4) Checked for files beginning with .SM.gul. using Terminal and found about 1100 invisible files scattered mainly through Application folders and Library folders. This is a sample: /Library/User Pictures/Sports/.SM.gul.Tennis.tif /System/Library/CoreServices/.SM.gul.SystemVersion.plist /System/Library/Extensions/.SM.gul..DS_Store /System/Library/Filesystems/.SM.gul..DS_Store /System/Library/Keychains/.SM.gul.X509Anchors /System/Library/Keychains/.SM.gul.X509Certificates.obsoleted /Users/Shared/.SM.gul..DS_Store (4) Checked on the net and found only two helpful sites: <http://reviews.cnet.com/8301-13727_7-57395772-263/residual-.sm.gul-files-in-os-x-may-confuse-your-mac/> <https://discussions.apple.com/thread/3358529?start=15&tstart=0>> (5) Using information from these two sites, I have been able to list SM.gul files in Terminal, and see them in the Finder. I began deleting them from the Finder manually but its simply going to take to long to find and delete 1100 files by hand. Moreover, if I do delete them in the Finder, the ones that have been deleted in the Finder are still visible in Terminal when I run locate .SM.gul. I have tried to remove the ones in the /Library file by running sudo rm -r /Library/*/.SM*sudo rm -r /Library/*/.SM*, but get back: There is no such file or directory. (6) I have three questions: (a) Is there any way I can remove these files in Terminal? (b) Can I get rid of them by doing a clean install? (c) How can I prevent them recurring? A third site (<https://gist.github.com/vyyral/1561453>), suggested that: the app/script that created these clone files was necessarily operating with elevated privileges in order to create and access files in system directories, and went on to suggest that they may have been created by some virus or malware. Is this a real risk?