weird folder with ms printer drivers in my home folder
On Tue, 10 Nov 2009 21:42:00 -0500, Rashkae wrote:
> Rashkae wrote:
>> Vitorio Okio wrote:
>>> All at a sudden I've found a strange folder in /home on my Jaunty.
>>>
>>> The folder is using apparently random 30 digits number for its name.
>>> It contains 2 sub-folders: /amd64 and /i386. Each of those in their
>>> turn contains a bunch of same files: several .dll's, .cat, .gpd, and
>>> .inf files. According to a time stamp the folder is about couple of
>>> months old.
>>>
>>> The .inf file in each mentioned above sub-folders suggests that these
>>> are files for "Microsoft system driver files for XPSDrv print
>>> drivers."
>>>
>>> I cannot imagine how possibly this crap could happen in my /home on a
>>> pure Linux laptop that is operated within a pure Linux network
>>> environment.
>>>
>>> Any suggestions folks? Should I be worried about integrity of my
>>> little network?
>>>
>>> Though I do not see how possibly this junk could be used withing
>>> Ubuntu, especially considering its weird location in /home folder.
>>
>> I've been compromised by a worm before, and well know it's possible,
>> but this doesn't look anything like that.
>>
>> If I were to make a wild arse guess, I think you must at some time have
>> installed a package that provides universal Cups printer driver for
>> windows network clients. I'm not at all certain the files are supposed
>> to be located in /home, but perhaps they got moved there by accident?
>
> Nope, that's not it, the cups windows driver is i386 only.... so I think
> you must at some point in time have connected to a printer from windows
> via samba, with administrative rights, and uploaded the driver, which
> should have gone into /var/lib/samba/printers
Last time I had Windows on one of my PSs was a couple of years ago. I
even removed samba from my linux installs. Andd the folder in question is
a couple months old.
Sincerely it does not look to me like a worm or something of the kind.
But the fact I do not understand it sudden appearance bothers me a lot.
Plus a location is really weird.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
11-11-2009, 02:20 AM
Derek Broughton
weird folder with ms printer drivers in my home folder
Mark Traceur wrote:
>> The folder is using apparently random 30 digits number for its name. It
>> contains 2 sub-folders: /amd64 and /i386. Each of those in their turn
>> contains a bunch of same files: several .dll's, .cat, .gpd, and .inf
>> files. According to a time stamp the folder is about couple of months
>> old.
>>
>> The .inf file in each mentioned above sub-folders suggests that these are
>> files for "Microsoft system driver files for XPSDrv print drivers."
>
> A....virus? Do you perchance have WINE? Run any strange programs recently?
>
> And you haven't done anything with printers recently, have you?
A virus to install printer drivers would be pretty odd, but then they
probably wouldn't actually _be_ drivers. However, if you install network
printers on Samba networks, the drivers have to be stored somewhere...
--
derek
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
11-11-2009, 07:59 AM
Colin Law
weird folder with ms printer drivers in my home folder
2009/11/11 Vitorio Okio <ovitorio@hotmail.com>:
> All at a sudden I've found a strange folder in /home on my Jaunty.
>
> The folder is using apparently random 30 digits number for its name. *It
> contains 2 sub-folders: /amd64 and /i386. *Each of those in their turn
> contains a bunch of same files: several .dll's, .cat, .gpd, and .inf
> files. *According to a time stamp the folder is about couple of months
> old.
>
> The .inf file in each mentioned above sub-folders suggests that these are
> files for "Microsoft system driver files for XPSDrv print drivers."
>
Could they have been put there temporarily by something, with the
intention of removing them after installing them wherever they were
supposed to go, but then they failed to get deleted for some reason?
Do any of the files exist anywhere else on the machine?
Colin
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
11-11-2009, 04:38 PM
Steven Susbauer
weird folder with ms printer drivers in my home folder
On 11/11/2009 02:59 AM, Colin Law wrote:
> 2009/11/11 Vitorio Okio <ovitorio@hotmail.com>:
>> All at a sudden I've found a strange folder in /home on my Jaunty.
>>
>> The folder is using apparently random 30 digits number for its name. It
>> contains 2 sub-folders: /amd64 and /i386. Each of those in their turn
>> contains a bunch of same files: several .dll's, .cat, .gpd, and .inf
>> files. According to a time stamp the folder is about couple of months
>> old.
>>
>> The .inf file in each mentioned above sub-folders suggests that these are
>> files for "Microsoft system driver files for XPSDrv print drivers."
>>
>
> Could they have been put there temporarily by something, with the
> intention of removing them after installing them wherever they were
> supposed to go, but then they failed to get deleted for some reason?
> Do any of the files exist anywhere else on the machine?
The Microsoft XPS Printer Drivers are installed by Microsoft Office (and
probably others), you wouldn't happen to have Office in WINE would you?
It is a print to file system, similar to PDF printers. Probably does
some more advanced stuff as well.
It is also common for Office to store a cache folder somewhere on the
drive. I couldn't explain why it is in your home folder, usually it is
stored in the root of the drive.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
11-12-2009, 12:04 AM
Vitorio Okio
weird folder with ms printer drivers in my home folder
On Wed, 11 Nov 2009 01:17:25 +0000, Vitorio Okio wrote:
> All at a sudden I've found a strange folder in /home on my Jaunty.
>
> The folder is using apparently random 30 digits number for its name. It
> contains 2 sub-folders: /amd64 and /i386. Each of those in their turn
> contains a bunch of same files: several .dll's, .cat, .gpd, and .inf
> files. According to a time stamp the folder is about couple of months
> old.
>
> The .inf file in each mentioned above sub-folders suggests that these
> are files for "Microsoft system driver files for XPSDrv print drivers."
>
> I cannot imagine how possibly this crap could happen in my /home on a
> pure Linux laptop that is operated within a pure Linux network
> environment.
>
> Any suggestions folks? Should I be worried about integrity of my little
> network?
>
> Though I do not see how possibly this junk could be used withing Ubuntu,
> especially considering its weird location in /home folder.
Well, I do not know how I've missed to mention it yesterday (I guess I
was troubled by the story too much) but there was actually another folder
in my /home in addition to all above.
The folder named Recycled and contained desktop.ini and INFO2 files.
INFO2 seemed to be a binary, since I was not able to open it in Text
Editor. Everything including folder itself obviously belonged to Windows
world.
The whole story does not make any sense to me.
No, I never installed/used MS Office under Wine, as Steven suggested.
And no Windows files and folders do not exist anywhere else on my hard
drive, as per Colin suggestion.
Here is the only speculation (possibly stupid) that comes into my head...
I did have a VirtualBox vm with WindowsXP guest at that time. Could
VirtualBox perform something totally insane?
Otherwise I should admit that there was an attempt to install something
on my laptop without my knowledge remotely. Call it virus or warm,
whatever it was... But there is no way to explain a mysterious
appearance of purely Windows files and folders in /home under Linux.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
11-29-2009, 07:42 PM
NoOp
weird folder with ms printer drivers in my home folder
On 11/11/2009 05:04 PM, Vitorio Okio wrote:
> On Wed, 11 Nov 2009 01:17:25 +0000, Vitorio Okio wrote:
>
>> All at a sudden I've found a strange folder in /home on my Jaunty.
>>
>> The folder is using apparently random 30 digits number for its name. It
>> contains 2 sub-folders: /amd64 and /i386. Each of those in their turn
>> contains a bunch of same files: several .dll's, .cat, .gpd, and .inf
>> files. According to a time stamp the folder is about couple of months
>> old.
>>
>> The .inf file in each mentioned above sub-folders suggests that these
>> are files for "Microsoft system driver files for XPSDrv print drivers."
>>
>> I cannot imagine how possibly this crap could happen in my /home on a
>> pure Linux laptop that is operated within a pure Linux network
>> environment.
>>
>> Any suggestions folks? Should I be worried about integrity of my little
>> network?
>>
>> Though I do not see how possibly this junk could be used withing Ubuntu,
>> especially considering its weird location in /home folder.
>
> Well, I do not know how I've missed to mention it yesterday (I guess I
> was troubled by the story too much) but there was actually another folder
> in my /home in addition to all above.
>
> The folder named Recycled and contained desktop.ini and INFO2 files.
> INFO2 seemed to be a binary, since I was not able to open it in Text
> Editor. Everything including folder itself obviously belonged to Windows
> world.
>
> The whole story does not make any sense to me.
>
> No, I never installed/used MS Office under Wine, as Steven suggested.
> And no Windows files and folders do not exist anywhere else on my hard
> drive, as per Colin suggestion.
>
> Here is the only speculation (possibly stupid) that comes into my head...
>
> I did have a VirtualBox vm with WindowsXP guest at that time. Could
> VirtualBox perform something totally insane?
>
> Otherwise I should admit that there was an attempt to install something
> on my laptop without my knowledge remotely. Call it virus or warm,
> whatever it was... But there is no way to explain a mysterious
> appearance of purely Windows files and folders in /home under Linux.
>
>
Revisiting this; I have a karmic install that also has a similar folder
in my file system:
/c127fa21dda8e53358be
owned by root and it contains both amd64 and i386 folders with
msxpsinc.ppd files & .dll etc files as listed here:
https://lists.ubuntu.com/archives/ubuntu-users/2009-April/179206.html
The do indeed seem to be MS related:
http://www.forum-22.com/19/6016476/
<quote>
Directory of E:460673d8066b6c064cc8efc9029be6amd64
Now, I do dual boot the machine w/WinXP on the other drive & I do use
Ext2IFS on the WinXP machine, so it's possible that is where it came
from. I also can't recall if I ever had Wine installed... let me check -
nope, never. Perhaps they got there when I was testing different printer
drivers (Brother, Lexmark, Canon). The folder was created 2009-01-28,
but I see no history on that date, closest is 2009-01-30.
Anyway, can't recall where it came from, but it's obviously a Windows
printer driver from looking at the msxpsdrv.inf file. So I'm not much
worried about it; I'll archive the folder for now & have a look into it
further when I have more time.
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
weird folder with ms printer drivers in my home folder
