weird folder with ms printer drivers in my home folder

[NoOp]

On 11/11/2009 05:04 PM, Vitorio Okio wrote:
> On Wed, 11 Nov 2009 01:17:25 +0000, Vitorio Okio wrote:
> 
>> All at a sudden I've found a strange folder in /home on my Jaunty.
>> 
>> The folder is using apparently random 30 digits number for its name.  It
>> contains 2 sub-folders: /amd64 and /i386.  Each of those in their turn
>> contains a bunch of same files: several .dll's, .cat, .gpd, and .inf
>> files.  According to a time stamp the folder is about couple of months
>> old.
>> 
>> The .inf file in each mentioned above sub-folders suggests that these
>> are files for "Microsoft system driver files for XPSDrv print drivers."
>> 
>> I cannot imagine how possibly this crap could happen in my /home on a
>> pure Linux laptop that is operated within a pure Linux network
>> environment.
>> 
>> Any suggestions folks? Should I be worried about integrity of my little
>> network?
>> 
>> Though I do not see how possibly this junk could be used withing Ubuntu,
>> especially considering its weird location in /home folder.
> 
> Well, I do not know how I've missed to mention it yesterday (I guess I 
> was troubled by the story too much) but there was actually another folder 
> in my /home in addition to all above.  
> 
> The folder named Recycled and contained desktop.ini and INFO2 files. 
> INFO2 seemed to be a binary, since I was not able to open it in Text 
> Editor. Everything including folder itself obviously belonged to Windows 
> world.
> 
> The whole story does not make any sense to me.
> 
> No, I never installed/used MS Office under Wine, as Steven suggested.  
> And no Windows files and folders do not exist anywhere else on my hard 
> drive, as per Colin suggestion.
> 
> Here is the only speculation (possibly stupid) that comes into my head...
> 
> I did have a VirtualBox vm with WindowsXP guest at that time.  Could 
> VirtualBox perform something totally insane?
> 
> Otherwise I should admit that there was an attempt to install something 
> on my laptop without my knowledge remotely. Call it virus or warm, 
> whatever it was...  But there is no way to explain a mysterious 
> appearance of purely Windows files and folders in /home under Linux.
> 
> 

Revisiting this; I have a karmic install that also has a similar folder
in my file system:
/c127fa21dda8e53358be
owned by root and it contains both amd64 and i386 folders with
msxpsinc.ppd files & .dll etc files as listed here:
https://lists.ubuntu.com/archives/ubuntu-users/2009-April/179206.html

The do indeed seem to be MS related:
http://www.forum-22.com/19/6016476/
<quote>
Directory of E:\460673d8066b6c064cc8efc9029be6\amd64

14/03/2009 10:46 AM <DIR> .
14/03/2009 10:46 AM <DIR> ..
06/07/2008 10:06 PM 147,456 filterpipelineprintproc.dll
06/07/2008 10:06 PM 10,929 msxpsdrv.cat
19/06/2008 03:33 PM 2,204 msxpsdrv.inf
19/06/2008 10:03 AM 73 msxpsinc.gpd
19/06/2008 03:33 PM 72 msxpsinc.ppd
06/07/2008 10:06 PM 748,032 mxdwdrv.dll
06/07/2008 04:36 PM 2,936,832 xpssvcs.dll
7 File(s) 3,845,598 bytes
</quote>

and:
<http://www.vistaheads.com/forums/microsoft-public-windowsupdate/286054-leftover-folders-after-microsoft-update.html>

Now, I do dual boot the machine w/WinXP on the other drive & I do use
Ext2IFS on the WinXP machine, so it's possible that is where it came
from. I also can't recall if I ever had Wine installed... let me check -
nope, never. Perhaps they got there when I was testing different printer
drivers (Brother, Lexmark, Canon). The folder was created 2009-01-28,
but I see no history on that date, closest is 2009-01-30.
Anyway, can't recall where it came from, but it's obviously a Windows
printer driver from looking at the msxpsdrv.inf file. So I'm not much
worried about it; I'll archive the folder for now & have a look into it
further when I have more time.