Hidden directories in WinXP

E

erebus1

Limp Gawd
Joined
Aug 14, 2004
Messages
398
ive got a little problem here thats really bugging me... I have some hidden directories or hidden files that virus scanners arent finding. The only way I can even see the folders is if I run a program install file, If I try and view them from explorer theyre hidden from view.

I really want to get rid of em. Heres a snapshot to help explain what im talking about.
see the ?? folders... I want them gone.

hiddenfiles.png
 
Did you try booting into safe mode and deleting them via cmd?

I would try to find out what they are first, though. ;)
 
ill give it a shot, Im pretty sure I already tried that, but the thing about those folders is theyre hidden from windows explorer.
 
The weird part is those folders appear to be shared, i'd triple check for virus, spyware or rootkits ASAP

oldmx
 
I've had success with this sort of thing by making a dos bootdisk and deltree'ing the directories in question. You just have to be able to navigate through abbreviated dir. names.
 
OldMX said:
The weird part is those folders appear to be shared, i'd triple check for virus, spyware or rootkits ASAP

oldmx
Click to expand...
QFMFT

I have never seen those folders on ANY XP machine ever. I would seriously look into doing some systems scans. You got somethign going on there sir.
 
Ezekial said:
QFMFT

I have never seen those folders on ANY XP machine ever. I would seriously look into doing some systems scans. You got somethign going on there sir.
Click to expand...

agreed, your machine could be compromised.
 
I would also try to delete them by simply entering them into the directory path. I know that with some directories, like the infamous "content.ie5", you need to manually enter their names into the directory path in order to dump the files that they contain. You should also be able to "cd" to that directory via a command prompt, even within windows.
 
i downloaded ewido and nod32 and did a system scan, they didnt find anything, but a few weeks ago I had the spyfalcon bullshit, that was a real pain to get rid of..

i tried del, and rmdir from safe mode cmd, regular cmd with no success... I can actually get into the dir by cd'ing into it, theres no files in either one but I cant delete it.

I havent tried typing in the dir manually in explorer... Ill give that a try. Then Ill go ahead and try the boot disk if that doesnt work, and if the boot disk doesnt work, im going to fdisk, format, and reinstall. (hate to do it, but I really dont like shared folders I cant delete.)
 
just out of curiosity ... do those hidden shares have any size to them?


 
Do you have a Microsoft.NET folder and a ??crosoft.NET folder, or just a Microsoft.NET folder?
 
ThreeDee said:
just out of curiosity ... do those hidden shares have any size to them?

looks like theyre just empty folders.

maybe the bad files got removed with a scan but the folders didnt get deleted?
Click to expand...
 
Make a BartPE CD on a clean machine. Boot from it and see if the directories appear. It they do, and you still can't delete them. Run a "chkdsk /f c:". If the foldernames are invalid, that should take care of them.

If it doesn't.

It's going to take some doing to get rid of directories if the names actually start with "?" because that isn't normally a valid character in a file name and someone has used code to create the directories with extended ascii characters. There are probably some null characters in the title as well.

To be sure, your might just want to boot with the BArtPE CD, backup up what data you can't live without (after running a virus and adware scans from the BartPE CD), then delete all partitions and reformat the disk.

BartPE

Read the information on the Ad Aware, Spybot, and McAfee extradat support plugins.
 
Open a command prompt and navigate to the Program Files directory and run a dir /a -h command. "?" are invalid characters for a filename since they're wildcards. I can't imagine how it's possible those are there.

Are you pulling our leg here?
 
You must log in or register to reply here.
Back
Top