Beagled for MS installed ??? - Mandriva

This is a discussion on Beagled for MS installed ??? - Mandriva ; I did a ps -eF, and found this running: beagled /usr/lib64/beagle/BeagleDaemon.exe --bg WTF? Beagle should not be running, and .exe? The results of file * and ls -l in /usr/lib64/beagle appear below. My question is, has my machine been cracked? ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Beagled for MS installed ???

  1. Beagled for MS installed ???

    I did a ps -eF, and found this running:
    beagled /usr/lib64/beagle/BeagleDaemon.exe --bg

    WTF? Beagle should not be running, and .exe?

    The results of file * and ls -l in /usr/lib64/beagle appear below.
    My question is, has my machine been cracked? I installed compiz
    last Saturday to play with it a little, but have disabled that.

    I do download an indexing package from a remote server, which
    is reported as having an incorrect authentication, but unless
    there is a man in the middle relaying everything both ways in
    addition to its malbeahavior this should not be the problem.

    Does anyone else have this stuff on the system?

    [jim@localhost beagle]$ pwd
    /usr/lib64/beagle
    [jim@localhost beagle]$ file *
    Backends: directory
    BeagleDaemon.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    BeagleDaemon.exe.mdb: data
    BeagleDaemonLib.dll: MS-DOS executable PE for MS Windows
    (DLL) (console) Intel 80386 32-bit Mono/.Net assembly
    BeagleDaemonLib.dll.mdb: data
    BeagleDaemonPlugins.dll: MS-DOS executable PE for MS Windows
    (DLL) (console) Intel 80386 32-bit Mono/.Net assembly
    BeagleDaemonPlugins.dll.mdb: data
    beagled-index-helper: Bourne shell script text executable
    Beagle.dll: MS-DOS executable PE for MS Windows
    (DLL) (console) Intel 80386 32-bit Mono/.Net assembly
    Beagle.dll.mdb: data
    BuildIndex.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    BuildIndex.exe.mdb: data
    Config.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    Config.exe.mdb: data
    DocExtractor.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    DocExtractor.exe.mdb: data
    DumpIndex.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    DumpIndex.exe.mdb: data
    ExtractContent.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    ExtractContent.exe.mdb: data
    Filters: directory
    IndexHelper.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    IndexHelper.exe.mdb: data
    Info.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    Info.exe.mdb: data
    libbeagleglue.so: symbolic link to `libbeagleglue.so.0.0.0'
    libbeagleglue.so.0: symbolic link to `libbeagleglue.so.0.0.0'
    libbeagleglue.so.0.0.0: ELF 64-bit LSB shared object, x86-64,
    version 1 (SYSV), stripped
    ManageIndex.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    ManageIndex.exe.mdb: data
    Query.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    Query.exe.mdb: data
    Shutdown.exe: MS-DOS executable PE for MS Windows
    (console) Intel 80386 32-bit Mono/.Net assembly
    Shutdown.exe.mdb: data
    Util.dll: MS-DOS executable PE for MS Windows
    (DLL) (console) Intel 80386 32-bit Mono/.Net assembly
    Util.dll.config: ASCII text
    Util.dll.mdb: data

    [jim@localhost beagle]$ pwd
    /usr/lib64/beagle
    [jim@localhost beagle]$ ls -l
    total 2568
    drwxr-xr-x 2 root root 4096 2008-07-29 20:22 Backends/
    -rw-r--r-- 1 root root 27648 2008-07-29 17:41 BeagleDaemon.exe
    -rw-r--r-- 1 root root 8052 2008-07-29 17:41 BeagleDaemon.exe.mdb
    -rw-r--r-- 1 root root 702976 2008-07-29 17:41 BeagleDaemonLib.dll
    -rw-r--r-- 1 root root 705990 2008-07-29 17:41 BeagleDaemonLib.dll.mdb
    -rw-r--r-- 1 root root 15872 2008-07-29 17:41 BeagleDaemonPlugins.dll
    -rw-r--r-- 1 root root 11929 2008-07-29 17:41
    BeagleDaemonPlugins.dll.mdb
    -rwxr-xr-x 1 root root 1380 2008-07-29 17:41 beagled-index-helper*
    -rw-r--r-- 1 root root 53760 2008-07-29 17:41 Beagle.dll
    -rw-r--r-- 1 root root 46643 2008-07-29 17:41 Beagle.dll.mdb
    -rw-r--r-- 1 root root 22016 2008-07-29 17:41 BuildIndex.exe
    -rw-r--r-- 1 root root 7903 2008-07-29 17:41 BuildIndex.exe.mdb
    -rw-r--r-- 1 root root 13824 2008-07-29 17:41 Config.exe
    -rw-r--r-- 1 root root 4896 2008-07-29 17:41 Config.exe.mdb
    -rw-r--r-- 1 root root 5120 2008-07-29 17:41 DocExtractor.exe
    -rw-r--r-- 1 root root 880 2008-07-29 17:41 DocExtractor.exe.mdb
    -rw-r--r-- 1 root root 13312 2008-07-29 17:41 DumpIndex.exe
    -rw-r--r-- 1 root root 4468 2008-07-29 17:41 DumpIndex.exe.mdb
    -rw-r--r-- 1 root root 12288 2008-07-29 17:41 ExtractContent.exe
    -rw-r--r-- 1 root root 5590 2008-07-29 17:41 ExtractContent.exe.mdb
    drwxr-xr-x 2 root root 4096 2008-07-29 20:22 Filters/
    -rw-r--r-- 1 root root 12800 2008-07-29 17:41 IndexHelper.exe
    -rw-r--r-- 1 root root 3837 2008-07-29 17:41 IndexHelper.exe.mdb
    -rw-r--r-- 1 root root 9728 2008-07-29 17:41 Info.exe
    -rw-r--r-- 1 root root 2495 2008-07-29 17:41 Info.exe.mdb
    lrwxrwxrwx 1 root root 22 2008-07-29 20:22 libbeagleglue.so ->
    libbeagleglue.so.0.0.0*
    lrwxrwxrwx 1 root root 22 2008-07-29 20:22 libbeagleglue.so.0 ->
    libbeagleglue.so.0.0.0*
    -rwxr-xr-x 1 root root 46280 2008-07-29 17:41 libbeagleglue.so.0.0.0*
    -rw-r--r-- 1 root root 7680 2008-07-29 17:41 ManageIndex.exe
    -rw-r--r-- 1 root root 1689 2008-07-29 17:41 ManageIndex.exe.mdb
    -rw-r--r-- 1 root root 13824 2008-07-29 17:41 Query.exe
    -rw-r--r-- 1 root root 3322 2008-07-29 17:41 Query.exe.mdb
    -rw-r--r-- 1 root root 3584 2008-07-29 17:41 Shutdown.exe
    -rw-r--r-- 1 root root 437 2008-07-29 17:41 Shutdown.exe.mdb
    -rw-r--r-- 1 root root 414720 2008-07-29 17:41 Util.dll
    -rw-r--r-- 1 root root 85 2008-07-29 17:41 Util.dll.config
    -rw-r--r-- 1 root root 347550 2008-07-29 17:41 Util.dll.mdb

    jim b.

    --
    UNIX is not user unfriendly; it merely
    expects users to be computer-friendly.

  2. Re: Beagled for MS installed ???

    Hmmm. Seems I may have gone off half-****ed, or my
    system has been cracked for months. Took at look at
    backups dating back to February, and these and other
    *.exe files were on the system.

    Guess that demonstrates I do not look at everything
    on my system.

    jim b.

    --
    UNIX is not user unfriendly; it merely
    expects users to be computer-friendly.

  3. Re: Beagled for MS installed ???

    On Mon, 18 Aug 2008 22:19:26 -0400, Jim Beard wrote:

    > Hmmm. Seems I may have gone off half-****ed, or my
    > system has been cracked for months. Took at look at
    > backups dating back to February, and these and other
    > *.exe files were on the system.


    Those are normal files for beagle ...
    $ rpm -q -f /usr/lib/beagle/BeagleDaemon.exe
    beagle-0.3.3-7.1mdv2008.1

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  4. Re: Beagled for MS installed ???

    David W. Hodgins wrote:
    > On Mon, 18 Aug 2008 22:19:26 -0400, Jim Beard wrote:
    >
    >> Hmmm. Seems I may have gone off half-****ed, or my
    >> system has been cracked for months. Took at look at
    >> backups dating back to February, and these and other
    >> *.exe files were on the system.

    >
    > Those are normal files for beagle ...
    > $ rpm -q -f /usr/lib/beagle/BeagleDaemon.exe
    > beagle-0.3.3-7.1mdv2008.1


    Thanks for confirmation.

    I am a little unhappy that file * returned "MS-DOS executable PE
    for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly "

    I expected it to work as file does under Solaris, i.e. check the
    first 512 bytes, look for magic numbers, and generally discriminate
    between things that are M$ executables and things that just have a
    name that looks like a M$ executable.

    No cheers on this version of file.

    jim b.

    --
    UNIX is not user unfriendly; it merely
    expects users to be computer-friendly.

  5. Re: Beagled for MS installed ???

    On Tue, 19 Aug 2008 20:25:38 -0400, Jim Beard wrote:

    > David W. Hodgins wrote:
    >> Those are normal files for beagle ...
    >> $ rpm -q -f /usr/lib/beagle/BeagleDaemon.exe
    >> beagle-0.3.3-7.1mdv2008.1

    >
    > I expected it to work as file does under Solaris, i.e. check the
    > first 512 bytes, look for magic numbers, and generally discriminate
    > between things that are M$ executables and things that just have a
    > name that looks like a M$ executable.


    If you look at /usr/lib/beagle/BeagleDaemon.exe, it certainly looks like a
    windows executable. Starts with MZ, has "This program cannot be run in DOS mode",
    so it looks like a PE format file to me.

    Now why beagle is using PE format executables, on linux, I have no idea.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  6. Re: Beagled for MS installed ???

    Em Quarta, 20 de Agosto de 2008 03:15, David W. Hodgins escreveu:

    >>

    > If you look at /usr/lib/beagle/BeagleDaemon.exe, it certainly looks like a
    > windows executable. Starts with MZ, has "This program cannot be run in
    > DOS mode", so it looks like a PE format file to me.
    >
    > Now why beagle is using PE format executables, on linux, I have no idea.


    I have the idea that these binarys doesn't even run at all, unless in a
    emulated enviroment... i don't have that program installed, but took a look
    at the list of files in the package and there is a lot of EXEs in there.

    beagle has been added to my list of "never install this".

    regards


+ Reply to Thread