Monday, July 2, 2012

...Whoah! Blue Pill?

Strange file behaviour.

I VNC'ed into a Ubuntu server and was happily doing some work... all the while copying files out of the same server to another windows machine via windows share from Samba. To which I was also in a VNC session. No problem.

I tried to copy a particular file from one machine to the other from the Windows machine... and got an error about "Cannot copy File. Check that the file is not in use etc"  on the Windows machine.  Weird?  I though that nothing was using the file... so I checked everything on the Ubuntu machine and it looked good.  The file had been there for days and the last process to use it had finished cleanly.
Then in the VNC session, I copied(duplicated) the file on the Ubuntu machine and moved the copy into a new folder just to prove to myself that I could work with the file.  File duplicated ok. I then tried again to copy it to the windows box... again with the same error about file in use... blah blah.  Stranger.

I then tried to open the file on the Ubuntu machine... the player did not have the correct that didnt work.  I then did some other work... and looked back at the VNC window and a new file had appeard with the same file name and some random seeming characters appended to the end.  Looked like a temp file or a cache or something.  I selected the new file in the Ubuntu session and watched the file size tick upward as some process wrote to the new file.... it stopped at about ~450MB and seemed to be done. All quiet for a while....

I then did some other work... came back to the VNC session and all three files were gone.  GONE.  I had not deleted them.  One was a duplicate in a different folder... WTF?

I checked the trash... I looked in all the other folders incase I had accidentally dragged them somewhere... they were write protected from the windows share... WTF?  The new folder was still there.  All the copy operations had already failed.  There were no files at the other end.... Seriously...WTF?

Something ate my file... and then ate the temp file and then hunted down and ate the copy of the file I had stored elsewhere.

The only thing I can think of is that Anti-virus on another machine saw the Share, scanned the files and decided it was evil for some reason and then killed it and ditto the copy; but its not in the history of any of the AV's on the network.... so I'm still at ..WTF? Where's my damn blue pill?

Edit: Later.

Yep.  It was an antivirus program on another machine proactivly scanning.  Found a trojan codec downloader embedded in the video. Usual scam crap.  Anyway, mystery solved. Not sure why it took so long to show up in the logs.... Thats probably the bit that bothered me the most.  I just could not find anything that would admit it was involved. 

Now I have backtracked to the torrent and found comments on another site about it being a scam file.... back to reality I guess...

No comments:

Post a Comment