what is this I've been hacked I need to know how to remove a reboot

I don’t see anything odd or unexpected here.

sudo is not omnipotent.

Here, the ** command is encountering the built-in protections against hacking and malware.

I usually prefer the more readable commands, particularly when scripting stuff:

** —-human-readable —max-depth=1 —total /

Andreujw wrote:

I didn’t make any of these and when I try to remove them it will not allow me…

All of what has been posted is normal and expected. Here, Automator, and VoiceOver. No hacks.

More info on the two macOS apps shown in your most recent image:

… Automator User Guide for Mac - Apple Support

… Keyboard, Commanders category, VoiceOver Utility on Mac - Apple Support

As for trying to delete these or other macOS components, macOS protects its own components against deletion, and against corruptions.

Andreujw wrote:

Like can or is there a site or way I can get someone to help like screen share or walk me through removing or fixing this issue???

The ** shell command shown is working as expected (if not as had been intended), and with no indications of issues or hacks.

The only issue so far involves some gaps in your knowledge of the shell and its syntax, and some gaps in your knowledge of macOS security. (We all started knowing nothing about any of this too, so please do not take this comment as derogatory.)

I'd recommend against granting Full Disk Access until a little more familiar with the shell and shell syntax and some common errors, as mistakes here can mean using the local backups to recover or to restore from problems

If you want to enable Full Disk Access into macOS Ventura, open Settings, go to the Privacy and Security window, scroll to and select Full Disk Access, scroll and find Terminal.app in the slider and enable it, and enter your macOS Admin credentials if prompted. Restart the Mac.

But again, this overrides macOS protections against mistakes. It removes some of the "blade guards".

I usually prefer to test hazardous commands in a newly-created "spare" login, particularly if I'm testing some command or script that might delete or corrupt data. In that other login, and with no Full Disk Access, and with no access to my own files and data in my main login, I'm less likely to be visiting system backups to recover after a mistake.

I believe you have several issues. I don't have a ".Spotlight-V100" folder on the root of my Mac running Catalina. Does yours? If not, then the first error is understandable & correct.

Second is the spacing in your second attempt at the "**" command path. I copied the "Report" version into the "Code Insertion" tool "<>" on the forum editing toolbar which makes it easier to see the spacing:

sudo ** -hcd 1 / .Spotlight-V100/

You have a space after the first slash which is why you are getting some stats for some of the items on the root of the file system.

The other issue is what @MrHoffman mentioned regarding the new macOS security protections. At the very least you need to make sure to give the Terminal app "Full Disk Access", but even with Full Disk Access, you may still be denied access to certain areas of the macOS system area even with "sudo" root permissions. This seems to be the case here for all of the "operation not permitted" paths.

FYI, when posting items from the Terminal, it is best to use the Code Insertion "<>" tool on the forum editing toolbar so that formatting, characters, and especially spaces are more clearly seen.

Here are a some articles regarding a few of the new security features in macOS:

About the read-only system volume in macOS Catalina or later - Apple Support

Signed system volume security in iOS, iPadOS, and macOS - Apple Support

Control access to files and folders on Mac - Apple Support

Controlling app access to files in macOS - Apple Support

Keep in mind that in some cases it may not be possible even for an admin/root to even read some file system areas related to the core of macOS these days even with allowing Full Disk Access. The typical *nix permissions may still show you have access, when macOS itself is overriding them perhaps due to some ACLs or other methods.

Andreujw wrote:

So one of my employees, has it set up that Automator unopened at log in and the script writer

I don't see a question.

If you have questions about the work of your employees, direct discussions are usually best.

While I'd usually suggest an update to 16.1.2, this log entry is also several weeks old.

HWTech wrote:

sudo ** -hcd 1 / .Spotlight-V100/

Yes; correct. That’s exactly why I also included the command shown earlier and also used the long switches. Messing up with spaces in a shell can clobber parts of file systems. (Though with recent macOS changes, it’s far harder to clobber macOS itself.)