Hi everyone,

really strange files keep appearing in my home directory. I have absolutely no idea where they come from and I'm a little concerned that they could come from some kind of malware activity or Firefox exploit. I searched Google for parts of the file names but without a result. The domain mclink.net which appears in the file names seems to belong to some Spanish (?) internet provider. I am sure I never knowingly visited their web site since I don't even understand Spanish. The first set of files appeared at 2008-05-14. I moved them away and 11 days later a second set of files appeared which you can see in the output below. The concerned system is Ubuntu 8.04 with Firefox 3.0b5.

I would very much appreciate any hints on how to investigate what the origin of these files is.

thanks............

What for? Please could anyone with a clue comment on this?

Does your Firefox history offer any hints? Can you grep for e.g. mclink.net in ~/.mozilla/firefox/*.default/Cache/* and see if you get any hits?

era, thanks for the good idea! Unfortunately the only result I get is the cached page of this thread. But if I the files will appear again I will grep the Firefox cache asap.

What are the files? Are they actually PNG files? If so, try to open them with a viewer. The images may clue you in to their origin.

Have you read through the "how to tell if you've been hacked" thread in this forum?

Through long-term observation I found out, that miro is to blame. The files only appear after using miro and I found some relevant strings from the file names in ~/.miro/sqlitedb.