Previous 1 2 Next 17 Replies Latest reply: May 10, 2013 5:21 AM by diggety77
edgemusic Level 1 (0 points)

Hello people,


I've come here because I searched for the names of these .plist files on the net and got no results whatsover - ZERO.


Drive Genius 3 picks out the following .plist files as corrupt, on a fairly regular basis. When I delete them, they come back pretty quickly, and the first I hear about it is when DG3 points them out to me again - only days later:


/Users/Kev/Library/Preferences/com.Incoradial.Stomatic.plist: Unexpected character  at line 1



/Users/kev/Library/Preferences/com.Datawise.Mousquetaire.plist: Unexpected character  at line 1



I am not experiencing any strange behaviour that I could link to the presence of these files, I'm just curious at to where they orginate from and why they get picked up as possibly corrupt so quickly?


Like I say a quick search on the net brings up nothing at all for the names of these files. Sometimes there are about 3 more - but they all have names that I cannot relate to any applications I have on the Mac?


I had noticed some wierd looking preference files before when using MainMenu and seeing the list as it was processing the batch tasks - but never got round to investigating it properly.


Anyone know anything about these guys?....

Mac Pro, Mac OS X (10.6.8), RME Fireface 400/Logic 9.1.6
  • WZZZ Level 6 (12,795 points)

    What happens if you search for any of those names, together or separately, not just the specific .plists, using EasyFind?


  • edgemusic Level 1 (0 points)

    Good question - thanks for responding!


    "Absolutely nothing" is the answer - I already have EasyFind - thanks for the link though!


    As I just deleted the "corrupt" prefs files, there's nothing for any of the words...


    Curious eh?....


    Have you got these .plist files?

  • WZZZ Level 6 (12,795 points)

    Have you got these .plist files?

    Nope. Very weird.


    Screen shot 2012-05-12 at 7.01.52 PM.png

  • edgemusic Level 1 (0 points)

    One of the words - "incoradial" actually brings up no results at all on Google - quite a feat!




    So, I've just managed to find ONE result on the web. It's some forum post on a French site from 2009:




    Still baffled.....

  • WZZZ Level 6 (12,795 points)

    Interesting that it appears somewhere else in the world and that it seems to be the same message, but with SuperMax (nothing clearly relevant found for that*) not Stomatic. Just a discussion of whether it's OK to trash it or not, but zero information about the file itself.



  • WZZZ Level 6 (12,795 points)

    Probably nothing, but I think I'd be getting a bit paranoid if those files showed up on my computer. I might do a scan with ClamXav or Sophos Home.

  • edgemusic Level 1 (0 points)

    Hmmm... I know what you mean....


    Thanks for the tip-offs for virus checkers - I'll do a scan and see what comes up....


    Again, thanks for your input here... strange goings-on indeed....

  • X423424X Level 6 (14,215 points)

    What I recommend you do is again use EasyFind to do four searches on the words Incoradial, Stomatic, Datawise, Mousquetaire but this time also search package contents and invisibles.

  • edgemusic Level 1 (0 points)

    I did this the first time, and just did it all again to double check - nada. I searched ALL my volumes, not just the system drive.


    I also did a sweep with ClamXav:

  files came up as carrying trojans - they were all files that would need to be opened in Windows, I have never opened them and don't have Windows on this Mac anyway. I secure deleted them  - they were not required.


    About 100 emails came up as being various types of "spoofdomian" or "phishing" etc. I foolishly binned these straight away, only later checking some of the emails out on a second CX sweep of my Mail folder - seems the checker in CX is pretty sensitive on the email front - lots of emails from sources I trust were moved into the Quarantine folder! God knows what I've trashed out of my email account the previous time! Ooops!


    As far as the mystery files go, nothing really significant as far as I can tell - mean anything to you?



    Is it worth doing a sweep with the Sophos app as well?


    Message was edited by: edgemusic - adding a question - afterthought...

  • X423424X Level 6 (14,215 points)

    Frankly ignore all malware reported by these so called virus detectors.  They are simply reporting false hits with their heuristics and pattern matchers matching on binary data.  That's why I think they are all useless and a waste of time.  And don't let them "quarantine" (move) anything automatically or you may end up breaking something (e.g., especially mail when it thinks it has a match in a mail message--you will break the mail message database).


    Look, this all started because you said there are two plists that you remove and then get automatically recreated (forget that they may have some garbage at the end of them).  There's no magic here.   There are two processes that create them.  So they are in your system somewhere.  They are not apple plists.  So they are something you installed implicitly or explicitly.


    Remove the plists again now.  Do they reappear?  No?  Then log out and log back in?  Do they reappear?


    If yes, then look in your login items and ~/Library/LaunchAgents in your home directory).


    If no, then reboot.  Do they appear now?  I assume they would.  So if yes, look in the following places:






    Post the files you see in these and your login items and ~/Library/LaunchAgents if it isn't obvious who is spawing the processes creating those plists.

  • MadMacs0 Level 5 (4,700 points)

    edgemusic wrote:


    About 100 emails came up as being various types of "spoofdomian" or "phishing" etc. I foolishly binned these straight away, only later checking some of the emails out on a second CX sweep of my Mail folder - seems the checker in CX is pretty sensitive on the email front - lots of emails from sources I trust were moved into the Quarantine folder! God knows what I've trashed out of my email account the previous time! Ooops!

    You should rebuild all your mailboxes as the mailbox indexes were corrupted when you quarantined those emails.


    Any time you see the word "Heuristics" in an infection name you should always read the message first. Heuristics means that no actual signature was found, but something about url formatting looked suspicious enough to warn you about it. After you've read it in your e-mail client, then use the delete function there to prevent damage and to make certain the message is removed from both your hard drive and your e-mail ISP's server.

  • edgemusic Level 1 (0 points)

    So, thanks for your input everyone.


    The plot thickens:


    The files do not reappear after logout/login. Nor do they reappear after a restart.


    I now have a few more weird ones for you - again brought to my attention by Drive Genius 3, telling me these are potentially corrupt - I've just started checking them on the net - the first one at least, has no results at all:








    No return of the previous ones since I did the virus check and deleted all those files...



    About the mailbox rebuild - I did do that, just in case - thanks!

  • edgemusic Level 1 (0 points)

    Hello people - well - the weirdness continues....


    I now have some more new ones coming in on the corrupt prefs front - all with totally unfamiliar names that mean nothing to me, and have little or no presence on the net when serached for..


    I have a .pdf of the contents at the locations  requested, but I can't see how to attach it here?


    I would really appreciate some light shed on this prefs stuff  - it's pretty weird to me....

  • low_notes Level 1 (0 points)

    I too have been experiencing this. The only two file names that come up consistently are:





    Like you, these come up periodically but with no apparent pattern; and I'm not experiencing anything odd, as far as I know . Also, web searches produced no results except this thread for the "Incoradial" search.


    It seems strange to me that no one out in the ether has documented this experience.


    Like you, the only place I got an alert was from Drive Genius 3 to Verify Preferences listed.


    Running a full Sophos scan now just to see what it picks up. I'll chime back in with the results in a couple of days.


    Thanks everyone!

Previous 1 2 Next