Skip navigation

Wierd .plist preference files getting corrupt?

2444 Views 17 Replies Latest reply: May 10, 2013 5:21 AM by diggety77 RSS
1 2 Previous Next
edgemusic Level 1 Level 1 (0 points)
Currently Being Moderated
May 12, 2012 2:49 PM

Hello people,

 

I've come here because I searched for the names of these .plist files on the net and got no results whatsover - ZERO.

 

Drive Genius 3 picks out the following .plist files as corrupt, on a fairly regular basis. When I delete them, they come back pretty quickly, and the first I hear about it is when DG3 points them out to me again - only days later:

 

/Users/Kev/Library/Preferences/com.Incoradial.Stomatic.plist: Unexpected character  at line 1

 

 

/Users/kev/Library/Preferences/com.Datawise.Mousquetaire.plist: Unexpected character  at line 1

 

 

I am not experiencing any strange behaviour that I could link to the presence of these files, I'm just curious at to where they orginate from and why they get picked up as possibly corrupt so quickly?

 

Like I say a quick search on the net brings up nothing at all for the names of these files. Sometimes there are about 3 more - but they all have names that I cannot relate to any applications I have on the Mac?

 

I had noticed some wierd looking preference files before when using MainMenu and seeing the list as it was processing the batch tasks - but never got round to investigating it properly.

 

Anyone know anything about these guys?....

Mac Pro, Mac OS X (10.6.8), RME Fireface 400/Logic 9.1.6
  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 12, 2012 3:07 PM (in response to edgemusic)

    What happens if you search for any of those names, together or separately, not just the specific .plists, using EasyFind?

     

    http://www.devontechnologies.com/products/freeware/

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 12, 2012 4:03 PM (in response to edgemusic)

    Have you got these .plist files?

    Nope. Very weird.

     

    Screen shot 2012-05-12 at 7.01.52 PM.png

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 15, 2012 5:01 AM (in response to edgemusic)

    Interesting that it appears somewhere else in the world and that it seems to be the same message, but with SuperMax (nothing clearly relevant found for that*) not Stomatic. Just a discussion of whether it's OK to trash it or not, but zero information about the file itself.

     

    *http://www.macintouch.com/reviews/supermax/

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 15, 2012 5:14 AM (in response to WZZZ)

    Probably nothing, but I think I'd be getting a bit paranoid if those files showed up on my computer. I might do a scan with ClamXav or Sophos Home.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    May 15, 2012 12:03 PM (in response to edgemusic)

    What I recommend you do is again use EasyFind to do four searches on the words Incoradial, Stomatic, Datawise, Mousquetaire but this time also search package contents and invisibles.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    May 15, 2012 4:54 PM (in response to edgemusic)

    Frankly ignore all malware reported by these so called virus detectors.  They are simply reporting false hits with their heuristics and pattern matchers matching on binary data.  That's why I think they are all useless and a waste of time.  And don't let them "quarantine" (move) anything automatically or you may end up breaking something (e.g., especially mail when it thinks it has a match in a mail message--you will break the mail message database).

     

    Look, this all started because you said there are two plists that you remove and then get automatically recreated (forget that they may have some garbage at the end of them).  There's no magic here.   There are two processes that create them.  So they are in your system somewhere.  They are not apple plists.  So they are something you installed implicitly or explicitly.

     

    Remove the plists again now.  Do they reappear?  No?  Then log out and log back in?  Do they reappear?

     

    If yes, then look in your login items and ~/Library/LaunchAgents in your home directory).

     

    If no, then reboot.  Do they appear now?  I assume they would.  So if yes, look in the following places:

     

    /Library/LaunchAgents

    /Library/LaunchDaemons

    /Library/StartupItems

     

    Post the files you see in these and your login items and ~/Library/LaunchAgents if it isn't obvious who is spawing the processes creating those plists.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 15, 2012 7:01 PM (in response to edgemusic)

    edgemusic wrote:

     

    About 100 emails came up as being various types of "spoofdomian" or "phishing" etc. I foolishly binned these straight away, only later checking some of the emails out on a second CX sweep of my Mail folder - seems the checker in CX is pretty sensitive on the email front - lots of emails from sources I trust were moved into the Quarantine folder! God knows what I've trashed out of my email account the previous time! Ooops!

    You should rebuild all your mailboxes as the mailbox indexes were corrupted when you quarantined those emails.

     

    Any time you see the word "Heuristics" in an infection name you should always read the message first. Heuristics means that no actual signature was found, but something about url formatting looked suspicious enough to warn you about it. After you've read it in your e-mail client, then use the delete function there to prevent damage and to make certain the message is removed from both your hard drive and your e-mail ISP's server.

  • low_notes Calculating status...
    Currently Being Moderated
    Nov 1, 2012 12:15 PM (in response to edgemusic)

    I too have been experiencing this. The only two file names that come up consistently are:

     

    com.Incoradial.Insist.plist

    com.Utterlus.Erythrocyte.plist

     

    Like you, these come up periodically but with no apparent pattern; and I'm not experiencing anything odd, as far as I know . Also, web searches produced no results except this thread for the "Incoradial" search.

     

    It seems strange to me that no one out in the ether has documented this experience.

     

    Like you, the only place I got an alert was from Drive Genius 3 to Verify Preferences listed.

     

    Running a full Sophos scan now just to see what it picks up. I'll chime back in with the results in a couple of days.

     

    Thanks everyone!

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.