Hidden files in XP, revealed in DOS and Network Neighborhood

[Huang.Xingang]

Usually when I compile OpenSSL, a folder named out32dll is generated
with 34 files. I have been successfully doing this with every version
of OpenSSL on XP in the last 3 years, until yesterday.

After building, I found only 9 files in the folder. I thought something

wrong and tried to delete the folder. XP deleted those 9 files and told

me, "The directory is not empty."


I always check the "Show hidden files and folders" and uncheck "Hide
proected OS files" in the Folder Option. CheckedValue and DefaultValue
are 1 and 2 under the entry
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hi­dden\SHOWALL".



Guessing a certain process is holding the folder, I restarted and
failed to delete it again. Ending the explorer.exe process didn't help,

and Sysinternals Process Explorer didn't find any suspicious process
either.


Since there is a DOS from Windows 98 on the same computer, I booted
into DOS, and found the disappeared 25 files, which are just normal
files without RHS attributes. I deleted the folder in DOS, and came
back to XP to compiled it again. It's still the same. I found nothing
wrong in FAT and ROOT sectors with DiskEdit.


I thought something wrong with the FAT32 partition, but chkdsk's report

was OK. I created a new folder for OpenSSL on a NTFS partition and
compiled it again, the folder out32dll was still weird. So it has
nothing to do with the File System.


I heard Network Neighborhood might help, and shared the folder. Those
hidden files can been seen and copied on another computer. I copied and

shared them on the other computer, but the original computer cannot see

them. I zipped them and copied it back. The hidden files in zip can be
seen with WinRAR and Total Commander, but hidden again after unzip. I
know they are in the unzipped folder, becoz I can't delete the folder.


Closing Symantec AntiVirus didn't help, KillBox didn't work. Rootkit
Revealer found several registry entries hidden from Windows API, but
they seem not the reason.


Another thing is there are 2 exe files in the 9 normal files, which
can't be searched by Total Commander with *.exe, but can be searched
with *.*.


Thanks for your time to read this boring story. Any tip is appreciated.



Poor Alpha

 

[Mark L. Ferguson]

Use of certain characters as the first character can hide a file or folder
in XP, a space being one. If you tried a delete or rename with wildcards, it
might get them

ren ?*.* A*.*
del A*.*


--
Mark L. Ferguson
..
Usually when I compile OpenSSL, a folder named out32dll is generated
with 34 files. I have been successfully doing this with every version
of OpenSSL on XP in the last 3 years, until yesterday.

After building, I found only 9 files in the folder. I thought something

wrong and tried to delete the folder. XP deleted those 9 files and told

me, "The directory is not empty."


I always check the "Show hidden files and folders" and uncheck "Hide
proected OS files" in the Folder Option. CheckedValue and DefaultValue
are 1 and 2 under the entry
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hi­dden\SHOWALL".



Guessing a certain process is holding the folder, I restarted and
failed to delete it again. Ending the explorer.exe process didn't help,

and Sysinternals Process Explorer didn't find any suspicious process
either.


Since there is a DOS from Windows 98 on the same computer, I booted
into DOS, and found the disappeared 25 files, which are just normal
files without RHS attributes. I deleted the folder in DOS, and came
back to XP to compiled it again. It's still the same. I found nothing
wrong in FAT and ROOT sectors with DiskEdit.


I thought something wrong with the FAT32 partition, but chkdsk's report

was OK. I created a new folder for OpenSSL on a NTFS partition and
compiled it again, the folder out32dll was still weird. So it has
nothing to do with the File System.


I heard Network Neighborhood might help, and shared the folder. Those
hidden files can been seen and copied on another computer. I copied and

shared them on the other computer, but the original computer cannot see

them. I zipped them and copied it back. The hidden files in zip can be
seen with WinRAR and Total Commander, but hidden again after unzip. I
know they are in the unzipped folder, becoz I can't delete the folder.


Closing Symantec AntiVirus didn't help, KillBox didn't work. Rootkit
Revealer found several registry entries hidden from Windows API, but
they seem not the reason.


Another thing is there are 2 exe files in the 9 normal files, which
can't be searched by Total Commander with *.exe, but can be searched
with *.*.


Thanks for your time to read this boring story. Any tip is appreciated.



Poor Alpha

 

[Huang.Xingang]

Thanks for your reply, but I can't see anything wrong with the
filename.
Now I found another weird thing. If I pick any file on my computer,
rename it to one of the 25 hidden file names, it will disappear
immediately.

bftest.exe
bntest.exe
casttest.exe
destest.exe
dhtest.exe
dsatest.exe
ecdhtest.exe
ecdsatest.exe
ectest.exe
enginetest.exe
evp_test.exe
exptest.exe
hmactest.exe
ideatest.exe
md2test.exe
md4test.exe
md5test.exe
randtest.exe
rc2test.exe
rc4test.exe
rmdtest.exe
rsa_test.exe
sha1test.exe
shatest.exe
ssltest.exe

 

[Mark L. Ferguson]

Are you sure this is not just a case of a Folder Options setting to hide
system files? (control panel)