4
Yesterday evening I installed the Bitcoin Core wallet (v0.11.2 (64-bit) from the Chocolatey repo to my Windows 10 machine). I had some coins in an old wallet.dat that I copied to the data directory. That worked fine. While the Blockchain was downloading, I transferred the balance from the old wallet to a new address (in my MultiBit HD wallet): 1JRyKhLLXMeVPpeEw3fvcJbUmrZYtRiojd.
Bitcoin Core wallet created a new transaction to that address in the transaction list. Unfortunately, a few seconds later, it also created a new transaction with the same amount, but to an unfamiliar address: 1Msx9dp6uVr1rrz6pUxXwqLL3oxB9fDn1j.
This new transaction was soon confirmed, while the transaction I entered remains with status Conflicted.
Here's (the relevant part of) the transaction list in Bitcoin Core wallet:
Here's the transaction I asked Bitcoin Core wallet to create, and the mystery transaction it created on it's own initiative:
What could have happened here? Is there any way I can find the PK for the mystery address (could it be a change address in the wallet or something like that)?


Huge red flags: "Chocolatey repo" and "Windows". Getting the Bitcoin software from anywhere other than the original source (bitcoin.org) is a huge risk. Also I personally would never run a Bitcoin wallet on Windows because of all the malware. Any random piece of malware can steal all your coins. I can't say whether that's what happened here (I hope not), but it surely is my first thought. – Jannes – 2016-03-01T19:04:36.820
I fear it might be malware, too. But I have run a test transaction (with a smaller amount!) that did not have the same problem (But then again, maybe the malware only strikes when the balance is high enough...). Virus and spyware scans find nothing. – André Risnes – 2016-03-01T19:29:25.743
Looking at the mystery transaction in Block Explorer: https://blockexplorer.com/tx/8f1fb5fa162e01430a09d49e97aa2f08c41da13f09f565dedfc8c2da8ad30902 -- we can see that the block was mined Mar 3, 2015! How could the wallet software create a transaction on Feb 29th this year, and get it included in a block from 2015?
– André Risnes – 2016-03-01T19:42:02.243"Chocolatey repo" is typically just source scripts that provide metadata about where the installers are and passing arguments that the installer natively provides. The executables are unchanged and is actualy verified by checksum before install. If you sign into the
chocolatey.org/packages/bitcoin.install#files, the install files are scanned and displayed by VirusTotal. For this package, it installs from the original source. The choco.exe is open source atgithub.com/chocolatey/choco.... As for Windows, as long as you are careful, there is no harm, just don't use it on a shared PC. – adam – 2016-06-16T21:02:28.823