Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Identifying some hidden files?

Status
Not open for further replies.
CondorMan

CondorMan

Technical User
Jan 23, 2005
211
GB
Hi everyone

I overheard a conversation between some folks who were speaking very loudly so several people around could also hear. They mentioned creating a list of the files on a PC (via Start>CMD>dir /s/a > C:\WindowsList.txt) and then rebooting with something like BartsPE before doing the a similar maoeuvre (Start>CMD>dir /s/a > C:\BartList.txt). The lists are compared via a utility to see if there are any files in one but not in the other.

I understand the mechanics of this, but don't know why there should (or could) be any difference. Under what circumstances could this occur? I didn't feel bold enough to approach them and ask for an explanation as they were complete strangers!

I'm quite happy to research this myself (to fill this gap in my knowledge), but I'll need some "key phrases" for the research.

Thanks for your patience.
 
Sort by date Sort by votes
No, I don't think it's this. I've created a file containing all the file and folder names. The content.ie5 and history.ie5 folders (and subfolders/files) were the first that I sought. They're clearly listed in the file created when Windows is the OS. I intend doing the same over the weekend, having booted with BartsPE, to see if there are any discrepancies.

I've thought about this and just wonder if any discrepancy in the files listed (when in Windows and a non-Windows OS) may relate to malware of some sort. Does that sound feasible?
 
Upvote 0 Downvote
That is usually used in conjunction with a sys-diff type app that compares the two systems and points out any differences. Example would be a .dll file that is of a different version or date or a .ocx file. Sometimes different applications can use the same .dll name but a different version so when you load that application it unfortunately breaks the other application that shared that .dll because of the version difference.

Clear as mud?

Cheers

"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy"
Albert Einstein
 
Upvote 0 Downvote
I understand the mechanics of this, but don't know why there should (or could) be any difference. Under what circumstances could this occur? I didn't feel bold enough to approach them and ask for an explanation as they were complete strangers!
Click to expand...

System comparison probably is what they were doing.

A lot of files get hidden by the system on such a scan. For example, "search all files and folders" will not search the Internet cache, no matter how much you would want it to.
 
Upvote 0 Downvote
Thank you - I think I'm getting somewhere now!

BadFrog - yes, I did have to read your post a few times! You mentioned a "sys-diff type app". The method of comparing the files that I know is WINDIFF. Do any other pieces of software spring to mind? I'd rather take a recommendation from someone who definitely knows about such things (i.e. a contributor here) than merely googling and downloading some shareware that may be full of malwere!

smah - this sounds scary. I'll try this simple "compare files" trick on my system, as overheard, an hope that the two log files correspond. I might just go ahead with some rootkit revealing software. I have no reason to suspect that I've been compromised but, who knows?

It looks like I have a bit of homework.
 
Upvote 0 Downvote
...having booted with BartsPE, to see if there are any discrepancies.

...(when in Windows and a non-Windows OS)
Click to expand...
JFYI - BartPE = Windows OS... a NON windows OS would be, ie. Linux or OS-X...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Thank you Ben - my mistake in terminology. What I really meant was accessing my PC via something other than Windows on the hard drive. I know that BartsPE is built from a Windows system. I don't have any experience of 'nix but I'm getting *very* close to playing around with Linux, Knoppix etc., particularly as I can use one of these without having to install it on my PC.
 
Upvote 0 Downvote
That is what I thought, that you just mixed up the TERMINOLOGY...

Yes, Linux (Knoppix, SuSE, Mandrake, etc.) can be fun to play with... they also can come in handy when it comes to troubleshooting Hardware, OS and what have you...

wish you luck in dabbling with Linux...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Renaming Files 3
Replies
11
Views
660
dik
dik
Shengfu
  • Locked
  • Question
PROBLEM WITH FILES IN FLASHDRIVE
Replies
3
Views
469
mikrom
mikrom
pjw001
  • Locked
  • Question
Windows 11 File Explorer Preview Pane for PDF files
Replies
2
Views
537
pjw001
pjw001
Thespian
  • Locked
  • Question
Transfer files and applications from a hard drive to a new system
Replies
4
Views
377
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Batch rename files with part of original file name 4
Replies
10
Views
524
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top