Windows 10 bug corrupts your hard drive on seeing this file's icon.

[StDragon]

49 minutes ago, Master Disaster said:

So if I'm understanding this properly the command sets a folders attributes to that of a file in the data stream, in other words it just tells Windows that this folder is actually a file?

So basically as I understand it (this is all new to me as well), :$i30:$bitmap is always opened up behind the scenes when you browse the root directory structure via command prompt; because NTFS supports multiple alternate streams. So I'm not sure why running that command is even an issue.

 

Just a hypothesis (and pure conjecture), but perhaps a user initiated op-lock (read/write mode?) is attempting to gain access to what the kernel already has? So, this might be stunning pending write-backs out of sync. I suppose if you ran that command, then proceeded to write a whole bunch of data to disk after the fact, it might be so out of sync as to corrupt the volume?? Only way to know for sure is to test in a VM.

[Master Disaster]

If anyone has any suggestions I'll test them and if we can kill it permanently I'll revert, record and upload.

[leadeater]

5 minutes ago, Master Disaster said:

 

Would have to check the logs to see if any corruption actually existed and what was repaired (or nothing at all). When a file/folder corruption warning is triggered on the C drive it sets the boot time flag to do a check disk and repair, this itself is expected behavior. What's not clear is if running that command actually does cause corruption or it's a false positive error. A little more evidence that there actually is corruption would go a long way.

[Vishera]

Shortcut method: In theory it should impact only the shortcut file itself,and many people that tested it had this result.

There are speculations that it entirely corrupts SSD,but i didn't see evidence for it.

 

Command line method: I have no clue,should be tested extensively.

I wonder if the storage type matter (HDD/SSD)

 

I heard that Windows XP is affected as well.

Since i don't use Windows 10,nor XP i hope i am not at risk.

[Vishera]

15 minutes ago, leadeater said:

Would have to check the logs to see if any corruption actually existed and what was repaired (or nothing at all). When a file/folder corruption warning is triggered on the C drive it sets the boot time flag to do a check disk and repair, this itself is expected behavior. What's not clear is if running that command actually does cause corruption or it's a false positive error. A little more evidence that there actually is corruption would go a long way.

Like i said: 

9 minutes ago, Vishera said:

Shortcut method: In theory it should impact only the shortcut file itself,and many people that tested it had this result.

The OS will see any file with the string in question as corrupt so in the case of a shortcut it will be the only file corrupted,

The question is if the command line method will corrupt the drive since with this method there is no file containing the string in question.

In this case a blue screen is supposed to be triggered,like how Windows 7 reacts to it,but for some reason it doesn't trigger on Windows 10.

[Master Disaster]

15 minutes ago, leadeater said:

Would have to check the logs to see if any corruption actually existed and what was repaired (or nothing at all). When a file/folder corruption warning is triggered on the C drive it sets the boot time flag to do a check disk and repair, this itself is expected behavior. What's not clear is if running that command actually does cause corruption or it's a false positive error. A little more evidence that there actually is corruption would go a long way.

Sorry for the image, I have no easy way of getting a text file out of the VM onto my PC.

 

[Mark Kaine]

50 minutes ago, Master Disaster said:

If anyone has any suggestions I'll test them and if we can kill it permanently I'll revert, record and upload.

So you didn't get a pop up for file corruption as per this article? 

 

I'm on phone so I'm not sure if I missed it, but looks like you had to restart manually, is that expected behavior, I thought it would corrupt and restart "immediately"? 

[wanderingfool2]

52 minutes ago, Master Disaster said:

 

Oh, I don't have access to my VM's...so I would try running the command while transferring like a few gigs of files (like while it's actually transferring running the command)....seeing if it messes with the current IO transfer at all.

 

I'd also try creating a doc file, where it just links to the c:\ directory.  (Actually, I'd like to craft an excel doc that tries to reference data from that file...but I can't remember if that's possible.  Like setting up a data connection linked to a file, but if you can craft it so that the file in excel looks uses that string...I'd imagine that it would take manually manipulating the excel file though)

[Mark Kaine]

I still don't get why there wasn't a pop up... 

 

oh, maybe because it was from command line? 

 

[Kisai]

10 hours ago, Vishera said:

Shortcut method: In theory it should impact only the shortcut file itself,and many people that tested it had this result.

There are speculations that it entirely corrupts SSD,but i didn't see evidence for it.

 

Command line method: I have no clue,should be tested extensively.

I wonder if the storage type matter (HDD/SSD)

 

I heard that Windows XP is affected as well.

Since i don't use Windows 10,nor XP i hope i am not at risk.

My theory is that this is probably a missing sanity check from user-mode and the kernel should block it.

 

What is needed is a preventing of writing a file with $30 because writing a file with $ in it should have been illegal anyway, as this symbol is used as a variable indicator in some scripting languages. 

 

The big thing that is a problem here is that drive-by downloads can trigger this. If you automatically allow downloads, or download something like a torrent where the torrent contains it, poof hosed.

[WereCatf]

35 minutes ago, Kisai said:

because writing a file with $ in it should have been illegal anyway, as this symbol is used as a variable indicator in some scripting languages

There are a lot of symbols that are used in scripting-languages that are still valid in filenames, including things as common as parentheses. No, that's not a good reason to make it an illegal character. It's easy enough to escape such characters.

[Kisai]

34 minutes ago, WereCatf said:

There are a lot of symbols that are used in scripting-languages that are still valid in filenames, including things as common as parentheses. No, that's not a good reason to make it an illegal character. It's easy enough to escape such characters.

When Unicode became a thing, escaping it should have been easy. There are still incidents of extracting files on Windows that were compressed on another language system (eg Japanese or Russian) that result in files that can not be deleted without reformatting the drive, because the glyphs are mangled and tools can't delete them because they contain "illegal" characters.

[WereCatf]

3 hours ago, Kisai said:

When Unicode became a thing, escaping it should have been easy. There are still incidents of extracting files on Windows that were compressed on another language system (eg Japanese or Russian) that result in files that can not be deleted without reformatting the drive, because the glyphs are mangled and tools can't delete them because they contain "illegal" characters.

Can't delete the files without reformatting the partition? I doubledare you to find me one.

[RageTester]

15 hours ago, Master Disaster said:

Sorry for the image, I have no easy way of getting a text file out of the VM onto my PC.

 

shared folders... or shared clipboard are a thing. Worst case scenario you can upload text to pastebin...

[mariushm]

52 minutes ago, WereCatf said:

Can't delete the files without reformatting the partition? I doubledare you to find me one.

 

4 hours ago, Kisai said:

When Unicode became a thing, escaping it should have been easy. There are still incidents of extracting files on Windows that were compressed on another language system (eg Japanese or Russian) that result in files that can not be deleted without reformatting the drive, because the glyphs are mangled and tools can't delete them because they contain "illegal" characters.

You can delete those using UNC paths .... something like  \\?\\c:\folder\filename.extension

 

It's also useful when you need to rename a file because you can't delete it otherwise due to the total file path being bigger than around 250 characters.

 

 

[Master Disaster]

57 minutes ago, RageTester said:

shared folders... or shared clipboard are a thing. Worst case scenario you can upload text to pastebin...

AFAIK neither is possible from within ESXi since the VM is running on a server and not my local machine. I keep my homelab subnet isolated from the internet (though I suppose it would only take a few seconds to create a bridge) as you can see from the lack of network connection in the video. I do this because I mostly mess around with older operating systems and I don't want those getting internet access.

[WereCatf]

8 minutes ago, Master Disaster said:

I do this because I mostly mess around with older operating systems and I don't want those getting internet access

Wish more people were as conscious about that as you.

[RageTester]

I'll keep going off topic... because I don't use win10, win10X hopefully is better.

I don't know, why you fear having internet on VM so much, can always reinstall it... Some VM servers have better internet speeds than my home network, so if I need to download, cut, edit and re-upload some big video I might as well do it all through VM not touching my hard drive at all.

[Master Disaster]

32 minutes ago, RageTester said:

I'll keep going off topic... because I don't use win10, win10X hopefully is better.

I don't know, why you fear having internet on VM so much, can always reinstall it... Some VM servers have better internet speeds than my home network, so if I need to download, cut, edit and re-upload some big video I might as well do it all through VM not touching my hard drive at all.

Because I have 8TBs worth of important data on my NAS as well as a Ras Pi running Pi Hole (which tbf would be immune), 5TBs worth of data on my main rig (mostly game installs which I could easily DL again), another 1TB on my Laptop as well as my ESXi server all connected together through 2 routers and one switch. No matter how small the chances, the consequences of Ransomware getting onto my NAS would be catastrophic. Besides, its actually much more convenient to DL anything I need on my main rig or laptop, bang it into an ISO on my NAS and mount it in the VM. That way I always keep a copy of any random apps or drivers I grab on my NAS for the future.

 

I'm a bit confused what exactly you mean when you say your VM has a faster network than your main rig, if the VM is running on your main rig then it having a faster network would be literally impossible.

 

Edit - Also to clarify, when I say older OSes I'm talking about stuff from the 90s (Dos, Win 3.11, 95, 98 & NT) which doesn't really need internet access, its not like you can browse the modern internet on those anyway.

[jagdtigger]

Another year another data wiping bug from MS....

[leadeater]

1 hour ago, jagdtigger said:

Another year another data wiping bug from MS....

Well except it seems it doesn't so 

 

Everyone in the article comments that tested could not reproduce any data loss or corruption, same is true for the people of this forum that tested it. Just because something throws an error and says there is corruption doesn't actually mean there is, we all know how notoriously bad Windows error messages and application error messages in general can be. Like Windows can throw access denied or file not found errors just from file paths being too long within explorer and neither of those errors are actually correct.

[jagdtigger]

1 minute ago, leadeater said:

Well except it seems it doesn't so 

Except the tool that meant to fix issues is buggy too, MS should be really ashamed of themselves, win10's quality is pretty much non-existent.

[leadeater]

8 minutes ago, jagdtigger said:

Except the tool that meant to fix issues is buggy too, MS should be really ashamed of themselves, win10's quality is pretty much non-existent.

Well correct me if this is wrong but wasn't that once in 25-30 years of chkdsk existing and was specific to certain hardware platforms and SSDs so was not a "this will corrupt your data 100%" issue?

 

What I think is equally shameful is people purposefully seeking out every issue possible no matter how big or small, ignoring the details or if its even valid at all to have a meaningless dig. For all you and others make of it I and others simply do not experience the scale of issues you try and make out, far from. Sure I get not liking something, nobody has to actually like Windows 10 or prefer the changes like the GUI or the horrid Settings replacement for Control Panel but you know just as well as I do constantly bitching about it will not actually make a difference, when is the last time Microsoft actually listened to consumer feedback? Never?

[jagdtigger]

1 minute ago, leadeater said:

What I think is equally shameful is people purposefully seeking out every issue possible no matter how big or small

Well thats what happens when you have the umpteenth report on a data corrupting bug for an OS that is already labeled as a bugfest and shouldve been thrown into the rubbish bin where it belongs.... (to darn bad its like a bad drug and ppl addicted to it)

[RageTester]

1 hour ago, Master Disaster said:

I'm a bit confused what exactly you mean when you say your VM has a faster network than your main rig, if the VM is running on your main rig then it having a faster network would be literally impossible.

 

Edit - Also to clarify, when I say older OSes I'm talking about stuff from the 90s (Dos, Win 3.11, 95, 98 & NT) which doesn't really need internet access, its not like you can browse the modern internet on those anyway.

Because I don't run VM on local device, thought we were talking about servers...

 

It would be handy to run internet on win 98 for older multiplayer games, I have been trying to run windows on a smartphone as a side project... Most people have the phone, but many don't have x86 computers anymore...