I was doing a bit of routine maintenance on my MacBook Pro over the weekend and I noticed an unusual item in the Users folder of my primary disk. At my local supermarket an “Unexpected Item In The Bagging Area” is the grocery shopper’s equivalent of an air raid warning, and is met with shivers, sweaty palms, red faces, and an overwhelming sense of wanting to go and hide in a deep hole. On a Mac, an unexpected User in the Users folder is even worse.
To make it worse, the unexpected user went by the name “tsninja”. Having any sort of ninja lurking, uninvited, on your computer does not bode well, and I immediately started panicking. How long had it been there, how did it get there, what was it doing there, and most importantly, what the heck had it been doing while it had been there.
What sane person creates a User account called 'tsninja'? |
Donning my best deerstalker, I began to investigate. Google didn’t proffer any useful indicators. I ran Malwarebytes again but it came up clean. I ran EtreCheck but nothing untoward there. I guess the smartest thing to have done now, would have been to attempt to delete the ‘fake’ user and get on with my life, but I couldn’t let it lie.
So I started to dig down into the tsninja folder, and this is what I found:
User folder tsninja appears to contain MS-Team configuration data |
This didn’t look much like a normal User folder. A little further investigation on the internet suggested that the files at the lowest level of folders were configuration data for Microsoft Azure, and everything in the entire tsninja folder was timestamped on the same date and at the same time. Sure enough, I’d installed Microsoft Teams (for research purposes) at about the same time according to the system logs. By this time, some of the panic was beginning to seep away, but I really wanted a second opinion.
I asked some chums on the Mac To The Future (MTTF) Facebook group if they’d encountered anything similar. I got a response pretty quickly saying that they’d used MS-Teams for about six months but couldn’t reproduce the issue. I checked my fiancee's laptop because we’d also installed MS-Teams on her MBA. Nothing was showing up on her machine either. Signs of panic were beginning to reappear. My MTTF FB chums weren’t making any reassuring noises.
I decided to try a brute force experiment. I deleted the whole ‘tsninja’ folder. Interestingly it just let me! Usually attempting to delete a Users folder would require a password at the very least. Anyhow it was gone, for now.
I relaunched MS-Teams and although it appeared to have to found a glitch it ran as expected. But lo and behold, as soon as I quit the programme, the ‘tsninja’ folder had reappeared in the Users directory. That was too much of a coincidence. But why was it showing up on my system but no-one else’s?
My only guess is that I had set my system up as the host for a Team, with my MBP effectively acting as a server, whereas my fiancée was a member of that team. The guys I was talking to on MTTF were also in a similar situation; they were members of other teams.
Ultimately, we collectively came to the solution that it is just shoddy programming by Microsoft. Despite (or maybe because of) Apple’s guidelines about where application support data files should be stored, Microsoft have a history of doing their own thing. In this instance, it’s cost me a bit of time trying to track down the root cause of the problem, and a few more ageing lines. And despite sending messages to the MS-Team product support people, they have declined to reply although I have now joined the MS-Teams community and started the discussion there. I’ll report back on any updates.
For now, I'm comfortable with my own explanation, and I'm not batoning down the hatches. But seriously, for a professional programmer writing business application software, creating a user folder called tsninja and sticking it in a reserved space should be a disciplinary offence. It's childish and unnecessary, and it's cost me a couple of lost days and an uncomfortable night. Time to grow up Micrsoft!
From the simplest iPhone screen repairs to the most complex liquid damage or data recovery for your Apple, Samsung,Huawei device, Repair My Phone Today is always here to help!
ReplyDeleteMacbook Repair Oxford
I was so afraid it was a virus! Thank you for making the connection between tsninja and microsoft teams!
ReplyDeleteThis is a really good site post, i am delighted I came across it. I will be back down the track to check out other posts that
ReplyDeletemacbook screen repair
Got a bit worried when I found this under users on my macbook, good thing I found your post. Thanks for that
ReplyDeleteI have face the almost same experiences while maintaining my my MacBook Pro. At the end you have found the reason but i was failed to find the reason of unusual item in the Users folder of my primary disk.
ReplyDeleterepair macbook dubai
Thanks, just found the same issue having recently installed Teams (who hasn't in 2020! :-D)
ReplyDeleteGreat post!Thank you such a great amount for sharing this pretty post,it was so acceptable to peruse and valuable to improve my insight as refreshed one,keep blogging.
ReplyDeleteIT AMC support in dubai
Wow, what a timely and informative piece! Your blog post on dealing with suspicious users in the Users folder was incredibly helpful. The reminder to 'Don't Panic' amidst such situations is invaluable. Moreover, your insight into Mac screen repair, seamlessly integrated into the discussion, adds another layer of practicality to your advice. Keep up the great work!
ReplyDelete