Files hidden from view in Windows explorer

[redbeard1]

A few months ago I ran into a fine piece of spyware. It could hide the dll it was using to reinfect the system from being seen in Windows explorer, even with view all files turned on. It could be seen at a command prompt however. It was in the system32 folder. I wondered out loud, in these forums, how Windows can prevent some files from being seen, but never found an answer.

Last week I was working on a system doing a spyware clean up and anti virus install. I installed Norton AV 2005. When I did a full system scan with Norton, it found a threat in a folder it could not get rid of. I went to this folder to manually remove the file and could not find it. Eventually the light bulb turned on over my head, and I looked at the folder from a command prompt using a "dir /a". Lo and behold there was the file and a whole bunch of others. I was able to delete the file with no problem once I could see it.

The folder location is "C:\Windows\Downloaded Program Files". I have checked this folder on a number of systems since then and found that there are numerous files in this folder on all of the systems that can't be seen. There seems to be a certain set that are common to each system, so Windows makes use of it.

Since everyone using a system with XP has the same folder, I'm hoping someone can figure out how to make all of the files in it viewable to Windows explorer. Thus, hopefully, finding an answer to my old original question.

 

[Trizzay]

Well, just make sure that "Show hidden files and Folders" is selected, and that "Hide protected operating system files" is unchecked. Other than that, I don't know what it could be.

 

[Jeffyboy]

yup... those are the only things to select...
or do an

attrib -r -h -s *.* in that directory

Jeff

 

[mechBgon]

That directory has some strange properties I browsed to it in Windows Explorer and in a CLI box. Windows Explorer shows four items. The command prompt shows five items. I used the md command to make a couple of subdirectories. They don't show in Windows Explorer, I can't get there by adding them onto the address in the address bar... but they show if I list the contents in the command-prompt box.

.

What was the threat you were mentioning in this instance, redbeard1, if you happen to recall? Just curious.

 

[redbeard1]

Unfortunately I do not remember the exact name. Norton called it a downloader/trojan though. While I was in that folder at the command prompt, I also found a file named sex.exe. Since I didn't think it was a legitimate file, I deleted it while I was there.

I had scanned this system with Panda Online and Pest Patrol Online, and both of them added files is this folder. Both of these online scanners use ActiveX applications.

 

[Anubis08]

There are such things as super-hidden files. I believe that was what they were called. I was just looking around the registry, I believe in the explorer file when I found it. Apparently there are files that cannot be shown unless you change the value in that file. I have not messed with it but it might be what you are looking for.

 

[mechBgon]

cue Twilight Zone theme music...

 

[flamingspinach]

Originally posted by: Anubis08
There are such things as super-hidden files. I believe that was what they were called. I was just looking around the registry, I believe in the explorer file when I found it. Apparently there are files that cannot be shown unless you change the value in that file. I have not messed with it but it might be what you are looking for.

This is true. Often they can be seen in the command prompt using dir -a though.

-fs

 

[redbeard1]

In my previous search, I came across the superhidden files thing. When I checked the registry on a couple of systems, they were already set, if I had read what I found correctly, to show those files. I was thinking of revisiting this again to be sure.

 

[redbeard1]

To me, it appears that the ability to view superhidden files gets enabled when you turn on "view all files" and "view protected files". Because any system I've checked that has those two options chosen, already has the registry changes set to view superhidden files.

 

[Raduque]

Do any of the folders with "superhidden files" have a file named "desktop.ini" in them? I know that if you go into \documents and settings\profilename\local settings\temporary internet files, and then put "desktop.ini" after that int he path, you can edit it to show you the random-named folders that IE stores it's actual cache files in, instead of a listing of files and cookies. What I do, is I edit the desktop.ini file to have nothing in it but a single period. Try that, redbeard, it might help.

 

[bsobel]

The problem you are running into is that some folders have shell renderers assigned to them. The extension determines what to display not the file system itself. In the directory your talking about (C:\Windows\Downloaded Program Files) you'll see that there is a hidden desktop.ini file. The desktop.ini file is parsed when explorer accesses the directory. You'll see it contains:

[.ShellClassInfo]
CLSID={88C6C381-2E85-11d0-94DE-444553540000}

That is the GUID of the extension that explorer will ask to render the folder. What is rendered is upto the extension and may not match the physical file system.

Going to the cmd interface is the correct way to access the files in these folders if you really need to.

Bill

 

[redbeard1]

It seems that more undesireable programs have found this folder. I seen both spyware cleaners and anti virus programs find files in there recently. I've started looking in there just to be sure it's clear. I found a version of virtual bouncer hiding in there the other day.

 

[redbeard1]

It seems there is no easy answer to getting all files or folders to be seen in Windows with one fell swoop.

So now my quest is to find a file manager/browser that does not play by Windows rules. Something that could be run from a cd would be best, while in the Windows desktop, that does not need an install.

Any suggestions?

 

[bsobel]

Originally posted by: redbeard1
It seems there is no easy answer to getting all files or folders to be seen in Windows with one fell swoop.

For clarification. You issue isn't with Windows or 'Windows rules', it's with Explorer, a file manager included with Windows which provides a quasi-physical view of your file structure (I saw quasi, because as you've found, it makes some decisions and reders things differently than the physical file system would suggest [usually for good reason, but that is another discussion])

Bill

 

[redbeard1]

I tried 7 file manager type programs, both freeware and shareware, and this is the only one that can view the contents of C:\Downloaded Program Files.

I installed it on one system and then copied the folder that it installed into, to another system, and was able to just run it, without having to install it. I don't think it would run from a cd, as it does make and use an .ini file to remember your settings.

EF Commander