Because I am a curius person and rather concerned for my privacy, I regulary check for unknown processes, check the Application Support folder, use Little Snitch and VirusBarrier, use GPG, to give you an idea were I come from.
The last two days I have been looking for an invisible file that begins with .pbz for example .pbz.qriba-grpuabybtvrf.guvaxceb2
On the web I can find almost nothing, but now I stumbled across something. Every time I sync Devonthink (via Dropbox and Direct Connection) a file beginning with .pbz.qriba- is created.
It is a XML file containing email addresses, in some cases I checked the domains from the emails checked in the file, in two cases VirusBarrier warned me a webthreat is being downloaded to my computer.
Are there more people here that have these XML files in their preferences AND Application Support folders ?
<?xml version="1.0" encoding="UTF-8"?> 3562c5cfad8sa9 0 jk3q45mnsadf98 0.0 sj45embvc8alqz 2013-08-08T18:11:00Z w4j56bn45nbasf 9630-EFBg-10iE330-B6Q0-634B B013-Q99E-116E613-90E0-3ES4 0607-7FSx-1BF4407-i6F4-43x4 xSSi-g10F-11g6BSi-9S31-1QE9 xBS6-gi0B-11g6SS6-SB76-iFB3 0QEB-7Z66-1Q3xiEB-iQ1B-FSii Z0Q0-i94g-190gZQ0-7033-gZg0 64BF-1g3i-1x39EBF-444Q-0E4g xE69-g7E4-147S669-9EgS-iF63 xE6x-g7E7-147S66x-BEEB-7xB4 B7Bg-QE30-1Z04BBg-S70E-QF6F 964S-EFQZ-16F9Q4S-S6Q9-xEi6 Sg0S-F4SZ-171Q40S-BgBB-1Q49 iZF1-ZQ7Q-1gS9ZF1-1Z40-Bg0g iS3B-gZQ7-1i4Z63B-0SQB-F773 096i-70EF-1F4i96i-i96B-3ZSF 0SxQ-71i1-0xFE4xQ-3S1F-Zi69 0BxS-7iiZ-0xFE7xS-iBZS-BFF3 0SxQ-71i1-0BFE4xQ-3S1F-xB94 0BxS-7iiZ-0BFE7xS-iBZS-460E gx7g-x3F0-013E37g-FxS9-04xi 4SFE-3173-0SBFiFE-6S0E-S77S F0BZ-S93S-03606BZ-E034-F63F F0B6-S93B-03606B6-Q007-x7gg 64E6-1g6B-0x1QiE6-Z4ZZ-SZ7B 67Ei-1E6F-0x1Q1Ei-471i-S9B0 3iiQ-4Bx1-0ESZxiQ-1igF-40i6 104F-69Qi-0QB1B4F-30BQ-S3BF 134F-6xQi-0QB1S4F-33BF-g6Q6 S74B-FEQ6-0ZxSQ4B-B7FS-9ggx S74F-FEQi-0ZxSQ4F-x7BQ-S7xx BSZi-Q1gF-06SxEZi-9Sxi-134x Sg3B-F4B6-067Fi3B-xgQB-xEBF 0Sgg-71Z0-0Ei9Zgg-3S6E-ZxZi xZ71-gQFQ-04F9471-9ZQi-S7QB 61Zx-1Sg7-0SS7FZx-41xx-1SEx Q3Q0-Bx4g-0iF47Q0-E334-BS7F S1x6-FSiB-06x63x6-x1ZZ-S93x Sg3B-F4B6-06ZFi3B-xgQB-gQFx 303g-49B0-0gB493g-10QE-611E S67B-FFF6-06EB97B-x6SB-QES1 3gg0-44Zg-0g1x9g0-1gi3-SSE6 Qx7B-B3F6-0i7FZ7B-ExSS-x0EZ F4g9-SgZ4-0196Eg9-E4ZS-FZ91 F6gx-SFZ7-0196Qgx-Q669-1B03 FZgE-SQZ3-0196FgE-gZiE-409i QQZS-BZgZ-0i3g0ZS-EQxB-BSE3 6SB3-113E-0SS9FB3-4S40-760x ZxZ9-i3g4-0Bg47Z9-7xx9-i7gx 3i67-4BEx-0g71167-1i97-B3xi BSgB-Q1Z6-04Fi7gB-9SiS-FE1B BSZi-Q1gF-0BBxEZi-9Sxi-ES99 40F9-3974-040FgF9-6009-iEF0 99Z3-E0gE-0B7SEZ3-B9x7-gxS7 QZi0-BQxg-0EQxZi0-FZ93-i1iF 0xE6-736B-0iBxQE6-3xZ7-iEE9 3gx1-44iQ-0Z9gSx1-1gZZ-33x6EDIT: Removed email addresses. Please don’t post personal information on public forums, even of suspected pirates.