dbworker1
asked on
Why daily download of "Net//DNS//RR//NIMLOC5.8.9.3pm" on MAc OSX 10.6.8 every day since April 7th
Mac OSX running OS version 10.6.8 is downloading a file "Net//DNS//RR//NIMLOC5.8.9
The command started running a few days ago on boot up. The screen also seems to flash a message that is un-compressing a file but the dialog flashes too fast to view the text.
It would appear that it is requesting a DNS resource record or something like that. However, I don't know how to trace it to its source.
The first few lines of the downloaded or results file are:
.\" Automatically generated by Pod::Man 2.12 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
.\" ==========================
.de Sh \" Subsection heading
.br
.if t .Sp
The last few lines are:
Returns the record's data section as binary data.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (c) 1997\-2002 Michael Fuhr.
.PP
Portions Copyright (c) 2002\-2004 Chris Reinhardt.
.PP
All rights reserved. This program is free software; you may redistribute
it and/or modify it under the same terms as Perl itself.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIperl\fR\|(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
Net::DNS::Header, Net::DNS::Question, Net::DNS::RR,
draft\-ietf\-nimrod\-dns\-
What triggers this and what does it do?
Thank you.
The command started running a few days ago on boot up. The screen also seems to flash a message that is un-compressing a file but the dialog flashes too fast to view the text.
It would appear that it is requesting a DNS resource record or something like that. However, I don't know how to trace it to its source.
The first few lines of the downloaded or results file are:
.\" Automatically generated by Pod::Man 2.12 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
.\" ==========================
.de Sh \" Subsection heading
.br
.if t .Sp
The last few lines are:
Returns the record's data section as binary data.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (c) 1997\-2002 Michael Fuhr.
.PP
Portions Copyright (c) 2002\-2004 Chris Reinhardt.
.PP
All rights reserved. This program is free software; you may redistribute
it and/or modify it under the same terms as Perl itself.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIperl\fR\|(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
Net::DNS::Header, Net::DNS::Question, Net::DNS::RR,
draft\-ietf\-nimrod\-dns\-
What triggers this and what does it do?
Thank you.
have you checked for virus's
Check for the Flashback trojan: https://www.drweb.com/flashback/
ASKER
Thanks for the replies. Had already checked for Flashback, no infection.
Item is listed in login items and and the selection cannot be hidden or removed. Where is the list or files for the login items saved?
The full contents of the file is:
.\" Automatically generated by Pod::Man 2.12 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
.\" ==========================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(
. ds , \\k:\h'-(\\n(.wu*8/10)',\h
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ==========================
.\"
.IX Title "Net::DNS::RR::NIMLOC 3"
.TH Net::DNS::RR::NIMLOC 3 "2009-01-26" "perl v5.8.9" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Net::DNS::RR::NIMLOC \- DNS NIMLOC resource record
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\f(CW\*(C`use Net::DNS::RR\*(C'\fR;
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Class for \s-1DNS\s0 Nimrod Locator (\s-1NIMLOC\s0) resource records.
.SH "METHODS"
.IX Header "METHODS"
.Sh "rdlength"
.IX Subsection "rdlength"
.Vb 1
\& print "rdlength = ", $rr\->rdlength, "\en";
.Ve
.PP
Returns the length of the record's data section.
.Sh "rdata"
.IX Subsection "rdata"
.Vb 1
\& $rdata = $rr\->rdata;
.Ve
.PP
Returns the record's data section as binary data.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (c) 1997\-2002 Michael Fuhr.
.PP
Portions Copyright (c) 2002\-2004 Chris Reinhardt.
.PP
All rights reserved. This program is free software; you may redistribute
it and/or modify it under the same terms as Perl itself.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIperl\fR\|(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
Net::DNS::Header, Net::DNS::Question, Net::DNS::RR,
draft\-ietf\-nimrod\-dns\-
Item is listed in login items and and the selection cannot be hidden or removed. Where is the list or files for the login items saved?
The full contents of the file is:
.\" Automatically generated by Pod::Man 2.12 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
.\" ==========================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(
. ds , \\k:\h'-(\\n(.wu*8/10)',\h
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ==========================
.\"
.IX Title "Net::DNS::RR::NIMLOC 3"
.TH Net::DNS::RR::NIMLOC 3 "2009-01-26" "perl v5.8.9" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Net::DNS::RR::NIMLOC \- DNS NIMLOC resource record
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\f(CW\*(C`use Net::DNS::RR\*(C'\fR;
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Class for \s-1DNS\s0 Nimrod Locator (\s-1NIMLOC\s0) resource records.
.SH "METHODS"
.IX Header "METHODS"
.Sh "rdlength"
.IX Subsection "rdlength"
.Vb 1
\& print "rdlength = ", $rr\->rdlength, "\en";
.Ve
.PP
Returns the length of the record's data section.
.Sh "rdata"
.IX Subsection "rdata"
.Vb 1
\& $rdata = $rr\->rdata;
.Ve
.PP
Returns the record's data section as binary data.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (c) 1997\-2002 Michael Fuhr.
.PP
Portions Copyright (c) 2002\-2004 Chris Reinhardt.
.PP
All rights reserved. This program is free software; you may redistribute
it and/or modify it under the same terms as Perl itself.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIperl\fR\|(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
Net::DNS::Header, Net::DNS::Question, Net::DNS::RR,
draft\-ietf\-nimrod\-dns\-
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, if you right click on the item in the log on items panel, you will get a contextual menu for "show in finder", so you can find the file that is being loaded and simply delete it.
I would be interested to know the name of the file.
I would be interested to know the name of the file.
ASKER
Thanks again for all the comments.
[-] on login items removed the item even though the lock was on.
The item was removed before I read the comment about the contextual menu to find in finder (a VERY useful feature, thanks). So I could not use this feature to see the file.
However, the name of the menu item was net//dns//rr and the item was a compressed file.
Removing the item from the login items stopped the download of the file into the download folder.
Doing a find for a file name for net//dns/rr produces only the various downloaded files in the download directory.
It has been a while since I have run grep and I could probably run a search for "net//dns/rr" since it has to be somewhere on the HD. I'll have to find my Unix manuals.
My guess of the origin is Google Voice addon to Google Apps, but only a guess since it was installed and the issue started the following day on the next startup.
I would like to know just where this came from so I can "kill it" if it pops up again.
[-] on login items removed the item even though the lock was on.
The item was removed before I read the comment about the contextual menu to find in finder (a VERY useful feature, thanks). So I could not use this feature to see the file.
However, the name of the menu item was net//dns//rr and the item was a compressed file.
Removing the item from the login items stopped the download of the file into the download folder.
Doing a find for a file name for net//dns/rr produces only the various downloaded files in the download directory.
It has been a while since I have run grep and I could probably run a search for "net//dns/rr" since it has to be somewhere on the HD. I'll have to find my Unix manuals.
My guess of the origin is Google Voice addon to Google Apps, but only a guess since it was installed and the issue started the following day on the next startup.
I would like to know just where this came from so I can "kill it" if it pops up again.
However check Startup Items in your account prefs to see if there is something in there set to download this file.