I have posted twice and no one has responded so I will try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a reply
just so I know that I am not alone.

Cheers

Bill

I just tried what you did, and got an error saying the file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also said the file
already exists.

What do you mean "you can't see it"? Can you define what you are seeing?

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


"wr" <(E-Mail Removed)> wrote in message
news:06a201c371c1$3ccd7330$(E-Mail Removed)...
> I have posted twice and no one has responded so I will try
> again.
>
> If your machine is up to date with all the latest MS
> patches and dribbleware.
>
> open note pad
> type anything you want
> Save as regedit.ext where ext is anything you want and
> save it to anywhere that you can remember but the desktop
> is easiest cause its most visible.
>
> If you can see the file where you placed it good on ya.
> You don't have the same feature I have but don't want.
>
> Save as regedit.ext where ext is the extension you used
> the first time. You should get a message saying it
> already exists. Whoa but you can't see it. UH HUH!
>
> Save as regedt.ext. You should see it (Note there is
> no "i").
>
> If anyone has the same feature please please post a reply
> just so I know that I am not alone.
>
> Cheers
>
> Bill

It is not listed, it does not appear on the cathode ray
tube, it is bereft of photonic representation...to
paraphrase Monty Python's Cleese.;=)
"It" in this case is the word regedit.xxx on the screen
with or without an icon indicating that it is on the disk.

Perhaps there is no difference but this is a post in the
newsgroup windows 2000 File system.

I am a little unclear at what point you got the error
saying the file already exists? My explanation was quite
detailed in the steps perhaps you could do me the honour
of being just as detailed and tell me at what point you
got the error saying the file already exists. For instance
what directory you were saving it to, whether you saw the
file in the refreshed file list, explorer or on the
desktop after you did the save to.

Thanks for working on this with me.

Cheers

Bill
>-----Original Message-----
>I just tried what you did, and got an error saying the
file already exists.
>XP SP1 with all of the latest patches.
>Also did the same on Server 2003 with all patches, also
said the file
>already exists.
>
>What do you mean "you can't see it"? Can you define what
you are seeing?
>
>~Eric
>
>--
>Eric Fleischman [MSFT]
>Directory Services
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>"wr" <(E-Mail Removed)> wrote in message
>news:06a201c371c1$3ccd7330$(E-Mail Removed)...
>> I have posted twice and no one has responded so I will
try
>> again.
>>
>> If your machine is up to date with all the latest MS
>> patches and dribbleware.
>>
>> open note pad
>> type anything you want
>> Save as regedit.ext where ext is anything you want and
>> save it to anywhere that you can remember but the
desktop
>> is easiest cause its most visible.
>>
>> If you can see the file where you placed it good on ya.
>> You don't have the same feature I have but don't want.
>>
>> Save as regedit.ext where ext is the extension you used
>> the first time. You should get a message saying it
>> already exists. Whoa but you can't see it. UH HUH!
>>
>> Save as regedt.ext. You should see it (Note there is
>> no "i").
>>
>> If anyone has the same feature please please post a
reply
>> just so I know that I am not alone.
>>
>> Cheers
>>
>> Bill
>
>
>.
>

Maybe I followed the wrong steps. Can you give them to us, click by click?

~Eric


--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


"wr" <(E-Mail Removed)> wrote in message
news:01ae01c371e3$c829bfc0$(E-Mail Removed)...
> It is not listed, it does not appear on the cathode ray
> tube, it is bereft of photonic representation...to
> paraphrase Monty Python's Cleese.;=)
> "It" in this case is the word regedit.xxx on the screen
> with or without an icon indicating that it is on the disk.
>
> Perhaps there is no difference but this is a post in the
> newsgroup windows 2000 File system.
>
> I am a little unclear at what point you got the error
> saying the file already exists? My explanation was quite
> detailed in the steps perhaps you could do me the honour
> of being just as detailed and tell me at what point you
> got the error saying the file already exists. For instance
> what directory you were saving it to, whether you saw the
> file in the refreshed file list, explorer or on the
> desktop after you did the save to.
>
> Thanks for working on this with me.
>
> Cheers
>
> Bill
> >-----Original Message-----
> >I just tried what you did, and got an error saying the
> file already exists.
> >XP SP1 with all of the latest patches.
> >Also did the same on Server 2003 with all patches, also
> said the file
> >already exists.
> >
> >What do you mean "you can't see it"? Can you define what
> you are seeing?
> >
> >~Eric
> >
> >--
> >Eric Fleischman [MSFT]
> >Directory Services
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >
> >"wr" <(E-Mail Removed)> wrote in message
> >news:06a201c371c1$3ccd7330$(E-Mail Removed)...
> >> I have posted twice and no one has responded so I will
> try
> >> again.
> >>
> >> If your machine is up to date with all the latest MS
> >> patches and dribbleware.
> >>
> >> open note pad
> >> type anything you want
> >> Save as regedit.ext where ext is anything you want and
> >> save it to anywhere that you can remember but the
> desktop
> >> is easiest cause its most visible.
> >>
> >> If you can see the file where you placed it good on ya.
> >> You don't have the same feature I have but don't want.
> >>
> >> Save as regedit.ext where ext is the extension you used
> >> the first time. You should get a message saying it
> >> already exists. Whoa but you can't see it. UH HUH!
> >>
> >> Save as regedt.ext. You should see it (Note there is
> >> no "i").
> >>
> >> If anyone has the same feature please please post a
> reply
> >> just so I know that I am not alone.
> >>
> >> Cheers
> >>
> >> Bill
> >
> >
> >.
> >

BTW: am I the only one that feels like they are in a murder mystery? Maybe
it's just me..... :-)

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


"wr" <(E-Mail Removed)> wrote in message
news:01ae01c371e3$c829bfc0$(E-Mail Removed)...
> It is not listed, it does not appear on the cathode ray
> tube, it is bereft of photonic representation...to
> paraphrase Monty Python's Cleese.;=)
> "It" in this case is the word regedit.xxx on the screen
> with or without an icon indicating that it is on the disk.
>
> Perhaps there is no difference but this is a post in the
> newsgroup windows 2000 File system.
>
> I am a little unclear at what point you got the error
> saying the file already exists? My explanation was quite
> detailed in the steps perhaps you could do me the honour
> of being just as detailed and tell me at what point you
> got the error saying the file already exists. For instance
> what directory you were saving it to, whether you saw the
> file in the refreshed file list, explorer or on the
> desktop after you did the save to.
>
> Thanks for working on this with me.
>
> Cheers
>
> Bill
> >-----Original Message-----
> >I just tried what you did, and got an error saying the
> file already exists.
> >XP SP1 with all of the latest patches.
> >Also did the same on Server 2003 with all patches, also
> said the file
> >already exists.
> >
> >What do you mean "you can't see it"? Can you define what
> you are seeing?
> >
> >~Eric
> >
> >--
> >Eric Fleischman [MSFT]
> >Directory Services
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >
> >"wr" <(E-Mail Removed)> wrote in message
> >news:06a201c371c1$3ccd7330$(E-Mail Removed)...
> >> I have posted twice and no one has responded so I will
> try
> >> again.
> >>
> >> If your machine is up to date with all the latest MS
> >> patches and dribbleware.
> >>
> >> open note pad
> >> type anything you want
> >> Save as regedit.ext where ext is anything you want and
> >> save it to anywhere that you can remember but the
> desktop
> >> is easiest cause its most visible.
> >>
> >> If you can see the file where you placed it good on ya.
> >> You don't have the same feature I have but don't want.
> >>
> >> Save as regedit.ext where ext is the extension you used
> >> the first time. You should get a message saying it
> >> already exists. Whoa but you can't see it. UH HUH!
> >>
> >> Save as regedt.ext. You should see it (Note there is
> >> no "i").
> >>
> >> If anyone has the same feature please please post a
> reply
> >> just so I know that I am not alone.
> >>
> >> Cheers
> >>
> >> Bill
> >
> >
> >.
> >

"wr" <(E-Mail Removed)> wrote in message
news:06a201c371c1$3ccd7330$(E-Mail Removed)...
> I have posted twice and no one has responded so I will try
> again.
>
> If your machine is up to date with all the latest MS
> patches and dribbleware.
>
> open note pad
> type anything you want
> Save as regedit.ext where ext is anything you want and
> save it to anywhere that you can remember but the desktop
> is easiest cause its most visible.
>
> If you can see the file where you placed it good on ya.
> You don't have the same feature I have but don't want.

I can see the file. My XP SP1 system is not hiding files named regedit.???.
That appears to be what yours is doing, though it also appears that in your
frustration, you aren't stating the problem as clearly as you might. Having
gone back and found your previous messages, which I missed the first time, I
can see that you stated it more clearly the first time, but that's no excuse
for taking out your frustration on us.

Back to your original problem. First of all, do you have all the Explorer
options to make things helpful turned off? Select "Show hidden files and
folders", and turn off "Hide extensions for known file types" and "hide
protected operating system files (Recommended)". Secondly, why are you
copying Regedit.exe, or Regedt32.exe? You say you are sure that you don't
have a virus, but what did you do that could cause you to not have those
files?

> Save as regedit.ext where ext is the extension you used
> the first time. You should get a message saying it
> already exists. Whoa but you can't see it. UH HUH!

I can see it just fine. Check the options I mentioned above.

Phil
--
Philip D. Barila Windows DDK MVP
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
E-mail address is pointed at a domain squatter. Use reply-to instead.

First of all, thank you for taking the time to check this
out.

I am unsure what part of my posts caused "but that's no
excuse for taking out your frustration on us" but I will
make an assumption (always dangerous ;=)) that it was in
my response to Eric's post.

;=) is short hand for a smile and Monty Python ( John
Cleese) do a sketch called the Dead Parrot sketch where a
customer uses a long list of descriptors to get across the
idea that a parrot is dead. I was not "taking anything
out". I was trying to be funny. Dying is easy Comedy is
hard. I never learn. Communication is trickier in ascii
so I always read things twice just to be sure that offense
was intended.

>You say you are sure that you don't
>have a virus, but what did you do that could cause you to
>not have those
>files?

I did not say that I was sure I did not have a virus. I
said that I may have a bleeding edge virus. That is a
virus at the leading edge that has not yet been seen on
any radar and therefore does not exist. Virus checkers are
inherently reactive. It is also possible that one of the
patches provided by MS has caused a problem; thus my
interest in finding fellow sufferers.

>cause you to not have those
>files?
I have the files the OS just won't display their existence.

I am using win2k with all sp's updates etc etc.
Both respondents to my post have said they are on XP with
service packs. I have to assume that the fact that I am
in a win2k NG that the OS's are so similar that for this
problem there would be no difference.

As mentioned in my original post I have turned off all
impediments to viewing in explorer. I can see all other
hidden, system and file types with known extensions. By
the way MMC is also "missing". I appreciate that you are
being thorough.

What part of the OS is used when dir is used in the ms
window? It has to be the same as explorer.

Finally I am not "copying Regedit.exe, or
Regedt32.exe". The "I challenge you" post was an
attempt to get someone to try a simple test to determine
if I was alone. What that post failed to do was ensure
that the user deselected the "hide the file" feature set.
I assumed that my target audience would have that feature
set turned off right out of the box. Agreed...Bad
assumption.

But note that these settings are irrelevant because
attribute and file extensions which the feature set uses
to hide files are not what this bug is using it is the
filename that is being used to hide the file.

I discovered the problem by trying to run regedit.
Based on the two XP users that responded, I guess I am
alone.

I cannot think of any inciting event other than love-
san/blaster or some other trojan as yet undiscovered.
But if this is a new trojan it is clever.

Cheers

>-----Original Message-----
>"wr" <(E-Mail Removed)> wrote in message
>news:06a201c371c1$3ccd7330$(E-Mail Removed)...
>> I have posted twice and no one has responded so I will
try
>> again.
>>
>> If your machine is up to date with all the latest MS
>> patches and dribbleware.
>>
>> open note pad
>> type anything you want
>> Save as regedit.ext where ext is anything you want and
>> save it to anywhere that you can remember but the
desktop
>> is easiest cause its most visible.
>>
>> If you can see the file where you placed it good on ya.
>> You don't have the same feature I have but don't want.
>
>I can see the file. My XP SP1 system is not hiding files
named regedit.???.
>That appears to be what yours is doing, though it also
appears that in your
>frustration, you aren't stating the problem as clearly as
you might. Having
>gone back and found your previous messages, which I
missed the first time, I
>can see that you stated it more clearly the first time,
but that's no excuse
>for taking out your frustration on us.
>
>Back to your original problem. First of all, do you have
all the Explorer
>options to make things helpful turned off? Select "Show
hidden files and
>folders", and turn off "Hide extensions for known file
types" and "hide
>protected operating system files (Recommended)".
Secondly, why are you
>copying Regedit.exe, or Regedt32.exe? >
>> Save as regedit.ext where ext is the extension you used
>> the first time. You should get a message saying it
>> already exists. Whoa but you can't see it. UH HUH!
>
>I can see it just fine. Check the options I mentioned
above.
>
>Phil
>--
>Philip D. Barila Windows DDK MVP
>Seagate Technology, LLC
>(720) 684-1842
>As if I need to say it: Not speaking for Seagate.
>E-mail address is pointed at a domain squatter. Use
reply-to instead.
>
>
>.
>

>-----Original Message-----
>"wr" <(E-Mail Removed)> wrote in message
>news:036401c3724e$0c5ccdd0$(E-Mail Removed)...
>> First of all, thank you for taking the time to check
this
>> out.
>
>OK, let's step back a bit and try a few basic things.
>
>If you select Start -> Run, type in regedit, then click
the OK button, does
>regedit run?

No it says the file or one of it components is missing etc
etc
>
>Assuming that it does, if you type:
>dir /s C:\regedit.*
>at the command prompt, does it find any files?
No
>
>Assuming (again), that it *doesn't* find it, what do you
get if you type:
>attrib C:\WINNT\regedit.exe
>where C:\WINNT is the default Windows 2000 installation
directory?

file not found


Thanks again for your time. You are suggesting things
that I have already tried but that is good cause it forces
me to try them again to be thorough and reinforces the
troubleshooting discipline.

The test I laid out in my challenge is comprehensive in
displaying the behaviour on this machine. The sequence of
letters regedit and regedt32 as a filename will not
display on the monitor as a file. The extension used is
irrelevant.

My test shows that on some level the OS knows about the
existence of the file because if you try to save the
notepad created file twice with the same filename the OS
tells you that it already exists (although it is not
visible in a directory listing). Also if I put the file
on a floppy using another machine and then do a dir using
the affected machine it finds no files. But if I do a
chkdsk on the floppy it finds that there is one file and
reports the filesize correctly. Interesting huh?

Booting the machine from the Win2k CD and running recovery
console also allows me to dir and see that the files exist
on the disk. So ??

In the 20 years I have been working with Microsoft
products ( user from DOS 1.0 to Win2k) I have never dealt
with something like this.
Can you tell me with certainty the OS components that are
between the console display and the request for a file
listing, whether at the command prompt or in another form
in the gui? I want to find the component that is stripping
the info.

I could just nuke the OS but that would deprive us all of
finding out if this is a clever virus or a MS feature. [=)

Cheers

Bill

>
>Phil
>--
>Philip D. Barila Windows DDK MVP
>Seagate Technology, LLC
>(720) 684-1842
>As if I need to say it: Not speaking for Seagate.
>E-mail address is pointed at a domain squatter. Use
reply-to instead.
>
>
>
>.
>

further to this I copied regedit.exe to a newly formatted
floppy on an unaffected machine.

On the affected machine:
I started Uedit a text editor and file open: the file was
not visible in the list but I entered regedit.exe and
specified the a: drive.
The file opened and as soon as it did a message came up:
File Changed!
a:regedit has been deleted, or is no longer available.Do
you wish to keep the file open in the editor.
Yes to keep the file, no to close it.

I select yes and then save as regedt.exe
This file is not visible in a directory listing.

In the text editor, if I file open regedt.exe it will open
but the error message does not appear.

Some process is actively intercepting or altering somethin
in these files to make them invisible.

I have used Resource hacker to determine that the
resources have been stripped from regedit.exe

Cheers
>-----Original Message-----
>
>>-----Original Message-----
>>"wr" <(E-Mail Removed)> wrote in message
>>news:036401c3724e$0c5ccdd0$(E-Mail Removed)...
>>> First of all, thank you for taking the time to check
>this
>>> out.
>>
>>OK, let's step back a bit and try a few basic things.
>>
>>If you select Start -> Run, type in regedit, then click
>the OK button, does
>>regedit run?
>
>No it says the file or one of it components is missing
etc
>etc
>>
>>Assuming that it does, if you type:
>>dir /s C:\regedit.*
>>at the command prompt, does it find any files?
>No
>>
>>Assuming (again), that it *doesn't* find it, what do you
>get if you type:
>>attrib C:\WINNT\regedit.exe
>>where C:\WINNT is the default Windows 2000 installation
>directory?
>
>file not found
>
>
>Thanks again for your time. You are suggesting things
>that I have already tried but that is good cause it
forces
>me to try them again to be thorough and reinforces the
>troubleshooting discipline.
>
>The test I laid out in my challenge is comprehensive in
>displaying the behaviour on this machine. The sequence of
>letters regedit and regedt32 as a filename will not
>display on the monitor as a file. The extension used is
>irrelevant.
>
>My test shows that on some level the OS knows about the
>existence of the file because if you try to save the
>notepad created file twice with the same filename the OS
>tells you that it already exists (although it is not
>visible in a directory listing). Also if I put the file
>on a floppy using another machine and then do a dir using
>the affected machine it finds no files. But if I do a
>chkdsk on the floppy it finds that there is one file and
>reports the filesize correctly. Interesting huh?
>
>Booting the machine from the Win2k CD and running
recovery
>console also allows me to dir and see that the files
exist
>on the disk. So ??
>
>In the 20 years I have been working with Microsoft
>products ( user from DOS 1.0 to Win2k) I have never dealt
>with something like this.
>Can you tell me with certainty the OS components that are
>between the console display and the request for a file
>listing, whether at the command prompt or in another form
>in the gui? I want to find the component that is
stripping
>the info.
>
>I could just nuke the OS but that would deprive us all of
>finding out if this is a clever virus or a MS feature. [=)
>
>Cheers
>
>Bill
>
>>
>>Phil
>>--
>>Philip D. Barila Windows DDK MVP
>>Seagate Technology, LLC
>>(720) 684-1842
>>As if I need to say it: Not speaking for Seagate.
>>E-mail address is pointed at a domain squatter. Use
>reply-to instead.
>>
>>
>>
>>.
>>
>.
>

"wr" <(E-Mail Removed)> wrote in message
news:164501c37290$27f79560$(E-Mail Removed)...
> further to this I copied regedit.exe to a newly formatted
> floppy on an unaffected machine.
>
> On the affected machine:
> I started Uedit a text editor and file open: the file was
> not visible in the list but I entered regedit.exe and
> specified the a: drive.
> The file opened and as soon as it did a message came up:
> File Changed!
> a:regedit has been deleted, or is no longer available.Do
> you wish to keep the file open in the editor.
> Yes to keep the file, no to close it.

[snip]

That's a virus. Sircam and VBS/Stages.A are two viruses known to screw with
regedit.exe.

Googling for:
regedit.exe delete
produced lots of info.

Time to act on the assumption that you've got a virus. If you can verify
that the latest virus defs from your AV vendor doesn't find it, and the
telltales for the known regedit attack viruses aren't there, then maybe you
have a new one.

Sorry you got bit, Bill.

Phil
--
Philip D. Barila Windows DDK MVP
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
E-mail address is pointed at a domain squatter. Use reply-to instead.