![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
BBA said:Just want to know what it is, obviously it's a hidden folder or mouynt point, it's showing all over my defrag report. Basically there are $Secure:$---- files all fragmented all over the drive and O&O can't do anything with them.
Is this a root kit file or is it a normal MS file?
Hidden from Windows API.
These discrepancies are the ones exhibited by most rootkits, however, if you haven't checked the Hide NTFS metadata files you should expect to see a number of such entries on any NTFS volume since NTFS hides its metada files, such as $MFT and $Secure, from the Windows API. The metadata files present on NTFS volumes varies by version of NTFS and the NTFS features that have been enabled on the volume. There are also antivirus products, such as Kaspersky Antivirus, that use rootkit techniques to hide data they store in NTFS alternate data streams. If you are running such a virus scanner you'll see a Hidden from Windows API discrepancy for an alternate data stream on every NTFS file. RootkitRevealer does not support output filters because rootkits can take advantage of any filtering. Finally, if a file is deleted during a scan you may also see this discrepancy.
This is a list of NTFS metadata files defined as of Windows Server 2003:
$AttrDef
$BadClus
$BadClus:$Bad
$BitMap
$Boot
$LogFile
$Mft
$MftMirr
$Secure
$UpCase
$Volume
$Extend
$Extend\$Reparse
$Extend\$ObjId
$Extend\$UsnJrnl
$Extend\$UsnJrnl:$Max
$Extend\$Quota