Finding actual hidden folders...

R

Raines8416

[H]ard|Gawd
Joined
Jan 31, 2004
Messages
1,548
Well recently I somehow stumbled onto a folder on my harddrive. it was under C:\Uploads and looked like the storage facility to a game crack site or something. There was like 2,200 zip files and came out to about 2.5 gigs of space. The thing is, this folder does not show up on my C drive as a folder (Yes, even with "Show hidden folders" enabled), and doesnt show up when a run a DIR C:\ in the command prompt.

So is there like a program that can scan my comp for these hidden folders?

Here is why I'm asking... My disk comes up as 111gb, 97gb used. However, when I select all the folders in C:\ they only add up to 87gb. So I'm, missing 10 gigs here and wonder if it isnt more hidden stuff.
 
Can we say "rootkit"?

Actually, Windows won't count the stuff in the Recycle Bin or System Volume Information because you don't have a normal set of permisions for those folders. The System Volume Information is where System Restore points are kept. Those are the two areas I would look first.

If you can find the extra space in the above, reboot in Safe Mode and see if the values still conflict. If they are the same in Safe Mode, then I would say you have a rootkit cloaking something.
 
Sounds like spyware of some sorts, maybe even a virus. Are you running any antispyware/virus?
 
Get this: Rootkit Revealer

Do a scan and print a copy of the results.

Make a BartPE CD on a clean workstation with the latest versions of AdAware, Spybot, and the McAfee command line scanner (not Stinger, the one using the extra.dat executable). Scan while booted from BartPE. Then take on the remainder of what was found using Rookit Revealer.
 
I believe you can get hidden from hidden status with those fancy class id (clsid) guid registry thing-a-magigs.
 
I know exactly what that is. Some pirate hacked into your system and is using your hard drive space and bandwidth to upload their files since they ran out. I've seen it done before. I would reformat
 
Raines8416 said:
So is there like a program that can scan my comp for these hidden folders?

Here is why I'm asking... My disk comes up as 111gb, 97gb used. However, when I select all the folders in C:\ they only add up to 87gb. So I'm, missing 10 gigs here and wonder if it isnt more hidden stuff.
Click to expand...

Raxco's Diskstate program (30 day trial) can scan your system and give you a graphical representation of where your disk spaced is being used.
 
I dont really think I got hacked. Probably just some virus that made it through my firewall and virus scanner. All the zip files were exactly the same size and had just some 500kb file saying "Download your cracks from........." and i dont remember the site. So I really dont think my computer was used as a server, plus I never saw any activity through my firewall.

I used that Rootkit scanner thing and nothing came up?

Nonetheless, I'll play it safe and format in a few days.
 
BTW: to show hidden folder under a command/dos prompt, use "dir /ah".

It still won't show hidden folders within directories though, even if you issue a 'dir /s /ah', just the root folder.(/s shows all subfolders)

the /aX(where X is r, h, or s) will work for system attributes. If you run 'attrib' by itself, it will tell you what is applied to each file in the root folder you are at.

r= read only
h= hidden
s= system
 
You must log in or register to reply here.
Back
Top