Strange files keep appearing in my home directory Post: 302201257

Sponsored Content

Special Forums Cybersecurity Strange files keep appearing in my home directory Post 302201257 by schallstrom on Sunday 1st of June 2008 02:37:44 PM

06-01-2008

Registered User

Strange files keep appearing in my home directory

Hi everyone,

really strange files keep appearing in my home directory. I have absolutely no idea where they come from and I'm a little concerned that they could come from some kind of malware activity or Firefox exploit. I searched Google for parts of the file names but without a result. The domain mclink.net which appears in the file names seems to belong to some Spanish (?) internet provider. I am sure I never knowingly visited their web site since I don't even understand Spanish. The first set of files appeared at 2008-05-14. I moved them away and 11 days later a second set of files appeared which you can see in the output below. The concerned system is Ubuntu 8.04 with Firefox 3.0b5.

I would very much appreciate any hints on how to investigate what the origin of these files is.

Code:

$ ls -l
total 60
-rw-r--r-- 1 mo mo  429 2008-05-25 19:26 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.49201101.108x81_map.shtml
-rw-r--r-- 1 mo mo  433 2008-05-25 19:26 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.49201101.226x170_map.shtml
-rw-r--r-- 1 mo mo  429 2008-05-25 19:31 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.55990836.108x81_map.shtml
-rw-r--r-- 1 mo mo  433 2008-05-25 19:31 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.55990836.226x170_map.shtml

schallstrom

View Public Profile for schallstrom

Find all posts by schallstrom

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find recently updated files in home directory

Is there a shell command that will allow me to list index files in the /home directory for all users on a server that have been updated within the past 24 hours? (e.g. index.htm .html .php in/home/user1/public_html /home/user2/public_html /home/user3/public_html etc )

2. Solaris

Newbie questions about HOME directory files

Hi, I am newbie to Solaris and system administration in general, and I have a couple of questions about files in my HOME directory. When I perform ls -la, I get the following list of files: drwxr-xr-x 7 XXXYYY staff 17 Aug 24 07:31 . drwxr-xr-x 7 root root 7...

3. Shell Programming and Scripting

help with removing files from home directory

hey there folks! I cant figure out, for the life of me, how to procede in removing alll the files in my home directory that are not owned by me. would i have to list them, but after that what do i do. or is there some way I am not aware of. my employer heard i could script in unix, but i havent...

4. UNIX for Advanced & Expert Users

cksum for all files in home directory

I know i can run cksum <filename> . However, how i can run cksum on all the files and directories in the $HOME ?? (SUNOS)

5. Shell Programming and Scripting

users who have un-sanctioned(forbidden) files in their home directory.

Hello guys, I have to create a sh script which return users who have un-sanctioned(forbidden) files in their home directory. I tried to do: #!/bin/sh -x SHADOW_FILE="/etc/shadow" PASSWORD_FILE="/etc/passwd" for i in `grep -v '^+' $PASSWORD_FILE | cut -d: -f1,6` do username=`echo...

6. Solaris

what is the use of each login related files present in users home directory

# ls -l total 10 -rw-r--r-- 1 dummy2 other 140 Jun 19 21:37 local.cshrc -rw-r--r-- 1 dummy2 other 136 Jun 19 21:37 local.cshrc~ -rw-r--r-- 1 dummy2 other 157 Jun 19 21:37 local.login -rw-r--r-- 1 dummy2 other 178 Jun 19 21:37 local.profile...

7. UNIX for Dummies Questions & Answers

Duplicated file names with home directory symbol appearing in ls .

Why are there duplicated file names listed when I execute ls ? Result of my ls /root/Desktop : aaa ca new file~ what what~ Thanks.

8. UNIX for Advanced & Expert Users

Re-appearing Files

Gurus I am running an AIX 7.1 system and have come across a strange issue. I am trying to delete files from a folder using standard 'rm' syntax. After i delete the files , files re-appear again. File renaming or editing does not help. Files re-appear with 0 bytes again. They are always 0...

9. Shell Programming and Scripting

Remove empty files in home directory

how to remove empty files tried below command its remove only zero bytes not empty file which is greater then zero byte. for x in * do if then rm $x fi done

LEARN ABOUT OSF1

db_printlog

db_printlog(8)						      System Manager's Manual						    db_printlog(8)

NAME

       db_printlog - Displays database log file (Enhanced Security)

SYNOPSIS

       /usr/tcb/bin/db_printlog [-h home]

FLAGS

       Specify a home directory for the database.  The correct directory for enhanced security is /var/tcb/files.

DESCRIPTION

       A  customized  version of the Berkeley Database (Berkeley DB) is embedded in the operating system to provide high-performance database sup-
       port for critical security files.  The DB includes full transactional support and database recovery, using write-ahead logging  and  check-
       pointing to record changes.

       The db_printlog utility provides a way to view the log file associated with the security database.

RETURN VALUES

       The db_printlog utility exits 0 on success, and >0 if an error occurs.

ENVIRONMENT VARIABLES

       If  the	-h  option  is	not  specified and the environment variable DB_HOME is set, it is used as the path of the database home.  The home
       directory for security is /var/tcb/files.

FILES

       /var/tcb/files/auth.db

       /var/tcb/files/dblogs/*

RELATED INFORMATION

       Commands: db_checkpoint(8), db_recover(8), db_stat(8) delim off

																    db_printlog(8)