HELP!! Files seem to have unpackaged/moved themselves over-night?! Need help ASAP, will pay reward if problem solved!!
1 Attachment(s)
Hello everyone and thanks for taking the time to read this! I'm quite a noob with Linux and computers in general (but am trying to get better). I hope I get my problem across well enough & that Ive posted this in the right forum. Anyway, my problem is as such..
Been getting into crypto recently, been investing in a bunch of coins and over the last couple of weeks have been moving everything onto hardware wallets & cold storage to sit on for a while. Two days ago I was buying the last 2 crypto assets that I wanted in my portfolio - SHIP & TOMO For those unfamiliar, both tokens are only available atm on a pretty small, illiquid exchange called IDEX. I didnt have an account with IDEX before (because too small & illiquid) but decided to get one specifically for these 2 assets. Fast forwarding a little bit to get into the problem a bit quicker, to access your IDEX account (in the way I set it up with Keystore File) you have to open it with a JSON.file(which you download from them) + your password. I do all this and everything is fine, the file automatically saves itself in 'Computer > tmp > mozilla_mark > UTC_..' (UTC.. being the file in question that unlocks they account). So I log on, place my orders and log off, thinking I will come back in 1-2 days to see if my orders have filled, and if so, move them onto respective hardware wallets. 2 days later is today and when I go to log in and find my 'UTC...' file, it has disappeared?!?! the folder only goes as far as 'Computer > tmp >' now, and in its place for the other folders/files, are completely random ones Ive never seen before, varying in size & nonsense. I feel physically sick and am so scared, please if anyone can help me figure out: A) why the files moved/changed themselves like this? B) how can I reverse it? C) how can I prevent it happening again? I understand this may not be a specific Linux problem though IDK what else it could be, I've never had happen this before and am new to Linux since 2 weeks so hoping its just a easily fixed system fault! Like I said above, really urgently need some help on this, its a very large amount of money (for me) at risk of being lost forever because of this stupid file and will happily pay any1 who manages to help a reward fee, payable in BTC/LTC/XMR or FIAT If someone does read this and wants to try and help but I have missed out any info that might be useful please let me know and I will try and clarify a bit better! thanks so much anyone who read Mark |
I would advise you to contact IDEX.
/tmp is, as its name implies, a temporary directory. You should never rely on anything that is there staying there, especially after a reboot when many systems automatically delete the files in it. |
Quote:
If everything in the 'tmp' file gets deleted, how come other programs that I had downloaded but not used were not altered or deleted in the same way?? There is nothing in the recycle bin either, is there any way to do a a window-esque style system restore to 2days ago? Or surely there must be some way to retrieve the deleted file?? I find it hard to believe a laptop will permanently delete 1 specific file while leaving others, and then on top of that, making it all irreversable. especcially when there wasnt a large delayed timeframe too :(( any other ideas?? thank you for your reply anyway! |
If you installed a program like TimeShift, or have made a system backup/image/snapshot then you can roll back. If not, no.
You could try the file undeleters TestDisk and Photorec to see what you can find, but in that case I would advise you to use your system at the bare minimum, to lessen the chance of the deleted files' data being over-written, or, even better, make a complete backup of your disk/partition and then work on that data offline. |
I dont have any of the things you mentioned in your first line, no, and I don't know what you even said in the second one, I have only been using Linux 2 weeks and cannot stress enough how hopelessly retarded I am with technology, so when posting this in 'newbies' I would appreciate if you (or any future posters) could dumb-it-down as much as possible or just ELI5..
but unfortunately Im getting an increasing feeling of dread and that what your actually telling me is that its all completely gone and irreversible, correct? I still dont understand WHY though? why was this specific file de-packaged, moved around & deleted, but others stayed exactly as they were, no changes? |
To install TestDisk, enter the following command in the terminal:
Code:
apt install testdisk https://www.cgsecurity.org/wiki/Test..._file_for_ext2 |
Quote:
First thing, stop using the computer. Timeshift is software which performs a function similar to the windows recovery where you can set a complete backup to a previous state. Never used it myself but that is my understanding. Doesn't help in your case as it is too late. Might be useful in the future . The file/data is generally not deleted. An analogy would be to a book with an index, rather than deleting an entire chapter, it deletes the reference in the index. To get more detailed on how this works would require someone more knowledgeablt than myself. Stop using the computer, the more you use it the less likely you will be able to recover anything. If you have a Live CD/usb, use that. There is a program called extundelete which is available from a download link at the site below which also includes documentation on its usage. Might be a little complicated for your knowledge? http://extundelete.sourceforge.net/ TestDisk and Photorec can be downloaded to a Linux system and run from there. Their site is below with a link to Step-By-Step instructions. https://www.cgsecurity.org/wiki/TestDisk |
What version of Ubuntu are you running? In recent versions, /tmp is a tmpfs kept in RAM, not on the disk, and disappears when the system is shut down or rebooted.
Open up a terminal window and type "df /tmp". If the filesystem type is "tmpfs", then the files you saved there were never written to persistent storage. |
Am using Ubuntu 16.04.4.LTS
This is what comes up when I type cmd 'df /tmp' - Im not too sure what it means, good or no? mark@mark-ThinkPad-T400:~$ df /tmp Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/ubuntu--vg-root 222088868 6116460 204667860 3% / mark@mark-ThinkPad-T400:~$ |
Quote:
Quote:
|
Quote:
|
Quote:
|
1 Attachment(s)
Ive attached a screenshot btw of the random files that replaced the missing 'UTC' file, I am open to the idea it might have been automatically deleted somehow, but that doest explain the random occurence of these now new files, is it possible they got mistakenly depackaged or split somehow and if so could there could be a reversal?
- didnt realise it would display the attachment itself, hope that didnt sound rude! |
The standard location for downloading on most Linux systems (browsers) is the user Downloads directory. You can set that in your browser. Not sure which browser you are using but, if it is Firefox, you can click Edit then Preferences and scroll down to the section which allows you to select where to download. If you are using a different browser, you will certainly have that option but you'll have to look for it.
The image you posted of your /tmp directory looks standard. I have similar directories on the Ubuntu 16.04 I have installed. You see the lock icon because you are trying to access as a normal user so you need to do it as root. To open with root privileges from Ubuntu use gksu nautilus. If gksu is not installed, use sudo nautilus. The second method is discouraged by Ubuntu although I've never had a problem. You can then view the various directories and their contents. You could use the dd command to create an image of the partition. I've never used LVM so am not sure how you would do that. Another possibility is clonezilla, see the site below. http://clonezilla.org/ |
Quote:
|
All times are GMT -5. The time now is 12:03 PM. |