Login or Register to Ask a Question and Join Our Community


Cybersecurity

Strange files keep appearing in my home directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Strange files keep appearing in my home directory
# 1  
Old 06-01-2008
Strange files keep appearing in my home directory
Hi everyone,

really strange files keep appearing in my home directory. I have absolutely no idea where they come from and I'm a little concerned that they could come from some kind of malware activity or Firefox exploit. I searched Google for parts of the file names but without a result. The domain mclink.net which appears in the file names seems to belong to some Spanish (?) internet provider. I am sure I never knowingly visited their web site since I don't even understand Spanish. The first set of files appeared at 2008-05-14. I moved them away and 11 days later a second set of files appeared which you can see in the output below. The concerned system is Ubuntu 8.04 with Firefox 3.0b5.

I would very much appreciate any hints on how to investigate what the origin of these files is.

Code:
$ ls -l
total 60
-rw-r--r-- 1 mo mo  429 2008-05-25 19:26 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.49201101.108x81_map.shtml
-rw-r--r-- 1 mo mo  433 2008-05-25 19:26 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.49201101.226x170_map.shtml
-rw-r--r-- 1 mo mo  429 2008-05-25 19:31 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.55990836.108x81_map.shtml
-rw-r--r-- 1 mo mo  433 2008-05-25 19:31 ads-format=468x30_aff_img&client=ca-pandemia@mclink.net&channel=feed&output=png&\
cuid=1c6.JOj7kT.55990836.226x170_map.shtml

# 2  
Old 06-02-2008
thanks............
# 3  
Old 06-03-2008
What for? Please could anyone with a clue comment on this?
# 4  
Old 06-06-2008
Does your Firefox history offer any hints? Can you grep for e.g. mclink.net in ~/.mozilla/firefox/*.default/Cache/* and see if you get any hits?
# 5  
Old 06-06-2008
era, thanks for the good idea! Unfortunately the only result I get is the cached page of this thread. But if I the files will appear again I will grep the Firefox cache asap.
# 6  
Old 06-10-2008
What are the files? Are they actually PNG files? If so, try to open them with a viewer. The images may clue you in to their origin.

Have you read through the "how to tell if you've been hacked" thread in this forum?
# 7  
Old 06-15-2008
Through long-term observation I found out, that miro is to blame. The files only appear after using miro and I found some relevant strings from the file names in ~/.miro/sqlitedb.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Remove empty files in home directory

how to remove empty files tried below command its remove only zero bytes not empty file which is greater then zero byte. for x in * do if then rm $x fi done (8 Replies)
Discussion started by: Kalia
8 Replies

2. UNIX for Advanced & Expert Users

Re-appearing Files

Gurus I am running an AIX 7.1 system and have come across a strange issue. I am trying to delete files from a folder using standard 'rm' syntax. After i delete the files , files re-appear again. File renaming or editing does not help. Files re-appear with 0 bytes again. They are always 0... (5 Replies)
Discussion started by: abhijeet
5 Replies

3. UNIX for Dummies Questions & Answers

Duplicated file names with home directory symbol appearing in ls .

Why are there duplicated file names listed when I execute ls ? Result of my ls /root/Desktop : aaa ca new file~ what what~ Thanks. (4 Replies)
Discussion started by: Hijanoqu
4 Replies

4. Solaris

what is the use of each login related files present in users home directory

# ls -l total 10 -rw-r--r-- 1 dummy2 other 140 Jun 19 21:37 local.cshrc -rw-r--r-- 1 dummy2 other 136 Jun 19 21:37 local.cshrc~ -rw-r--r-- 1 dummy2 other 157 Jun 19 21:37 local.login -rw-r--r-- 1 dummy2 other 178 Jun 19 21:37 local.profile... (6 Replies)
Discussion started by: chidori
6 Replies

5. Shell Programming and Scripting

users who have un-sanctioned(forbidden) files in their home directory.

Hello guys, I have to create a sh script which return users who have un-sanctioned(forbidden) files in their home directory. I tried to do: #!/bin/sh -x SHADOW_FILE="/etc/shadow" PASSWORD_FILE="/etc/passwd" for i in `grep -v '^+' $PASSWORD_FILE | cut -d: -f1,6` do username=`echo... (6 Replies)
Discussion started by: catalint
6 Replies

6. UNIX for Advanced & Expert Users

cksum for all files in home directory

I know i can run cksum <filename> . However, how i can run cksum on all the files and directories in the $HOME ?? (SUNOS) (4 Replies)
Discussion started by: moe458
4 Replies

7. Shell Programming and Scripting

help with removing files from home directory

hey there folks! I cant figure out, for the life of me, how to procede in removing alll the files in my home directory that are not owned by me. would i have to list them, but after that what do i do. or is there some way I am not aware of. my employer heard i could script in unix, but i havent... (3 Replies)
Discussion started by: Ginkosu
3 Replies

8. Solaris

Newbie questions about HOME directory files

Hi, I am newbie to Solaris and system administration in general, and I have a couple of questions about files in my HOME directory. When I perform ls -la, I get the following list of files: drwxr-xr-x 7 XXXYYY staff 17 Aug 24 07:31 . drwxr-xr-x 7 root root 7... (2 Replies)
Discussion started by: JVerstry
2 Replies

9. Shell Programming and Scripting

Find recently updated files in home directory

Is there a shell command that will allow me to list index files in the /home directory for all users on a server that have been updated within the past 24 hours? (e.g. index.htm .html .php in/home/user1/public_html /home/user2/public_html /home/user3/public_html etc ) (2 Replies)
Discussion started by: Kain
2 Replies
Login or Register to Ask a Question