Q: What's up with this? Catacomb folder?

My many Macs have ALL been acting very odd. I wrote it off as Sierra or something with the moon (I live in california). Anyway this is what my folders look like when I try to access them in Recovery mode by booting up with Cmd + R and then going to the Disk Utility option and clicking any of the options to see the Finder/directories that are available. And it won't let me enter the Catacomb...

 

Is this some new Mac issue? Yes they exist, plenty of news stories.  But really can anyone verify if this is normal behavior?

MacBook Pro with Retina display, macOS Sierra (10.12.3)

Posted on Jan 27, 2017 7:41 PM

  • Helpful answers
  • All replies
  • by ChaseDaniel,

     ChaseDaniel Jan 27, 2017 7:48 PM in response to ChaseDaniel
    Level 1 Level 1 (17 points)
    expertise.macosx
    Mac OS X
    Jan 27, 2017 7:48 PM in response to ChaseDaniel

    IMG_2091.JPG

    Jan 27, 2017 7:48 PM

  • by Barney-15E,

     Barney-15E Jan 28, 2017 5:27 AM in response to ChaseDaniel
    Level 9 Level 9 (55,873 points)
    expertise.macosx
    Mac OS X
    Jan 28, 2017 5:27 AM in response to ChaseDaniel

    If by "normal" you mean, is it part of the OS, then no, it is not.

    Jan 28, 2017 5:27 AM

  • by advk,

     advk Feb 2, 2017 2:52 PM in response to Barney-15E
    Level 1 Level 1 (13 points)
    expertise.macosx
    Mac OS X
    Feb 2, 2017 2:52 PM in response to Barney-15E

    Does anyone know what this could be responsible for?

    Feb 2, 2017 2:52 PM

  • by EndCannabisProhibitionNOW,

     EndCannabisProhibitionNOW Feb 2, 2017 4:03 PM in response to advk
    Level 1 Level 1 (8 points)
    expertise.macosx
    Mac OS X
    Feb 2, 2017 4:03 PM in response to advk

    I wonder too

    Feb 2, 2017 4:03 PM

  • by John Galt,

     John Galt Feb 2, 2017 8:49 PM in response to ChaseDaniel
    Level 9 Level 9 (65,979 points)
    expertise.appletv
    Apple TV
    Feb 2, 2017 8:49 PM in response to ChaseDaniel

    Whatever it is, it's something you or someone else installed. Apple didn't put it there.

     

    Perhaps http://catacomb.tigris.org?

     

    If that is it, it's very old, appears to be dead, and you should probably just get rid of it.

    Feb 2, 2017 8:49 PM

  • by ChaseDaniel,

     ChaseDaniel Feb 22, 2017 11:05 AM in response to John Galt
    Level 1 Level 1 (17 points)
    expertise.macosx
    Mac OS X
    Feb 22, 2017 11:05 AM in response to John Galt

    Hi. Thanks for replying I'll make this short since my last attempt to answer was cut short. I took a screen capture of "it" in action. (Side note: My computer just logged out again as I was typing) I have two videos here one is the Catacombs changing permissions and the other is (logged out again) a bunch of stuff but mostly the a related folder being identified and requested for removal by Gatekeeper only to reappear seconds later.

     

    I called Apple care....and was told that it must be a system file, but there was no explanation as to what it's for or why it's there only that it must be ok. Along with this I was told that a date that I found suspiciously linked to everything questionable on my computer 7/30/16 was "the day my computer was built." It's a 2016 MBP I'm referring to and while that's possible I highly doubt that's correct. In fact I know it was "built," first initiated that is, around Nov. 9th 2016. Also, while using a screen sharing session with Apple, Garage Band was listed in my processes but I do not have it on my computer and in have never once in my life even used the application. There was no legitimate explanation provided to me and I was told that everything is perfectly normal...weather balloons in fact.

     

    Video of permissions being automatically readjusted on Catacomb files.

    https://www.youtube.com/watch?v=X1uBvhc8wT4'

     

    Long video of a lot of sketchy stuff but mostly Gatekeeper finding a related file and it saying I need to delete it. Right after it reappears. All kinda between 6'30" and 7'30." https://www.youtube.com/watch?v=4DJI3MuWHXk

     

    I'm fairly certain it's ransomware that's not fully developed yet. It's stealing my fingerprints.

    Feb 22, 2017 11:05 AM

  • by John Galt,

     John Galt Feb 22, 2017 11:17 AM in response to ChaseDaniel
    Level 9 Level 9 (65,979 points)
    expertise.appletv
    Apple TV
    Feb 22, 2017 11:17 AM in response to ChaseDaniel

    There is little information shown in your screenshot to determine what the problem may be, and I do not use YouTube. The screenshot does show obvious problems though — the presence of question marks where folders ought to be are as much an unknown as the Catacomb folder. The dev folder and .pcapng files are not installed by Apple either, meaning that you should know what they are and why you need them.

     

    There was no legitimate explanation provided to me and I was told that everything is perfectly normal...

     

    I would not consider that an acceptable answer and neither should you.

     

    Given the uncertainty you describe and the concerns you express, it doesn't really matter though: that Mac is a candidate for a complete erasure and reconfiguration. I would consider nothing less than that.

    Feb 22, 2017 11:17 AM

  • by leroydouglas,

     leroydouglas Feb 24, 2017 6:18 PM in response to ChaseDaniel
    Level 7 Level 7 (27,768 points)
    expertise.notebooks
    Notebooks
    Feb 24, 2017 6:18 PM in response to ChaseDaniel

    Feb 24, 2017 6:18 PM

  • by ChaseDaniel,

     ChaseDaniel Feb 25, 2017 11:32 AM in response to leroydouglas
    Level 1 Level 1 (17 points)
    expertise.macosx
    Mac OS X
    Feb 25, 2017 11:32 AM in response to leroydouglas

    Thank you! I'm slightly more at ease now. Still a little concerned because my _mbupsetuser has shown that it's logged in randomly and days after installing the OS with several shutdowns in between. I haven't read everything in this article or the one it mentions closely yet so I apologize if that's covered in there.

     

    I've seen a lot of strange errors in the installer logs too but I know these errors tend to be confusingly less-panicworthy than someone might infer from the terminology the Console provides.

    Feb 25, 2017 11:32 AM

  • by EndCannabisProhibitionNOW,

     EndCannabisProhibitionNOW Apr 24, 2017 12:49 PM in response to ChaseDaniel
    Level 1 Level 1 (8 points)
    expertise.macosx
    Mac OS X
    Apr 24, 2017 12:49 PM in response to ChaseDaniel

    I'm fairly convinced that the article listed here as an explanation is totally fake and given the measures that the person went to they're probably responsible. I've seen the date change on my MacBook Pro anywhere from 1969 to 2015 too. Whoever is going to these lengths to activate my webcam and do other spying/identity theft/ whatever is very clever. I think my MacBook Pro has fake parts too but am about to send it to Apple to have them inspect it and verify if the parts are fake or not. If they say yes I have a feeling they will try to blame

    me since a manager at the Cesars Palace forum shops store already did and is having some fraud investigator look into. Well if they suspect me they're about as useless as my $3200 computer is...

     

    The installer log when wiping the computer and doing internet recovery or any form of reinstalling the OS esssntially says it's an ancient OS being installed with all these hidden nodes and other mystifying items. I'm two seconds away from buying another one, taking it to the middle of nowhere with no other devices around to turn it on for the first time and investigating all the differences between a real factory default computer and whatever is happening on my computer. I think it either acts as a server to other malware infected computers or is the client but something is very wrong with it. We need to form some kind of group to get the attention of people bc 99% of people aren't informed enough to know that what they're experiencing is a problem. It's being done by some very smart people who are taking advantage of the extremely untrue belief almost everyone has that Macs are impervious to hacking/viruses/malware or other related issues. No, they're well equipped from the factory with many of the things needed to perform such activities like outdated SSH, Directory Utility, NetBios, poor certificate default settings, generally insecure other settings, Bluetooth and shared folder configured to allow easy access, loop (lo0) network interfaces, the awful iBridge "feature", Remote Desktop, vnc, plist specifications that are so antiquated they just list "?????", no way to monitor for system modifications, and on and on.

     

    My 2016 laptop was taken off the plane in china for 30 minutes after being cleared at customs and I think that has something to do with it. Plenty of time to send my device to the chop shop and workers at the factory  would be the perfect insiders to be commiting such an act. I'm also suspicious of the so called "port to nowhere." No it's not to nowhere, it's to a chip that is made by a company recently bought by intel and the computer doesn't work without it attached. *** is that chip? Is it some hidden spy device or something?

     

    I realize this sounds paranoid but God as my witness there is something really wrong with my machine too and I am treated like a con artist by the people who are supposed to help. How they sleep at night is beyond me. I'm so done with the glowing fruit, if this isn't resolved properly and I'm

    not given a brand new computer as a result of this I will start looking into legal remedies and will attempt to calculate the damages I've suffered from having my privacy invaded to such a degree and being told that everything is normal by people who for the most part have no clue what a kext even is.

    Apr 24, 2017 12:49 PM

  • by dodstots,

     dodstots Jul 24, 2017 9:17 PM in response to Barney-15E
    Level 1 Level 1 (8 points)
    expertise.macosx
    Mac OS X
    Jul 24, 2017 9:17 PM in response to Barney-15E

    How do you know it's not part of the SO?

    Jul 24, 2017 9:17 PM

  • by Barney-15E,

     Barney-15E Jul 25, 2017 7:46 AM in response to dodstots
    Level 9 Level 9 (55,873 points)
    expertise.macosx
    Mac OS X
    Jul 25, 2017 7:46 AM in response to dodstots

    How do you know it's not part of the SO?

    I didn't because it wasn't installed on either of my Macs. However, it appears to be part of the touch bar Macs.

    The visible parts of the OS rarely differ between the types of Macs.

    Jul 25, 2017 7:46 AM