As usual, I remember I can do these things, not how to do these things.

(I am looking for an invisible file)


-HandsOff

Hello,
I'm not sure what you mean by CLI. But ...
Invisible files are easily found by booting from a live CD, BartPE or Knoppix for that matter. BartPE will give you full NTFS permissions, so you will be able to delete and kill anything you wish.
Mrk

-{ Quote: "As usual, I remember I can do these things, not how to do these things.

(I am looking for an invisible file)


-HandsOff" }-
Agent Ransack (free) can find most.

Icesword as well but you have to know where to look.

Any help on cmds at the link below?

http://www.bitzenbytes.com/Content-Arcanum-18-1-83.html

There are quite a few Hidden file etc apps available, a number of them are posted throughout this thread http://www.sysinternals.com/Forum/forum_posts.asp?TID=962&PN=1&TPN=2 Make sure you have Show all hidden files/folders etc enabled on your computer as well. Come back and say what you used and found.


StevieO

Oh, sorry, but I guess I was not that clear about what I meant.

CLI means Command Line Interface. I have a love/hate relationship with CLI. on the one hand it is really straightforward and precise. On the other hand, it demands that you remember the exact names and usage and that means that you have to use them enough to remember i.e.

Run > cmd, c:\xxx\, cd\, chkdsk /f, ect....

and I don't mean hidden as in hidden malware, I mean hidden as in hidden system files. not the type that you can review by unchecking hidden or using the windows explorer settings. many files are invisible, but iff you know the name you can type the name in the run dialog box...What I don't remember is do you just type the path plus "\filename.ext" or are there other parameters. Sometimes you might want to see an invisible system file...to see if it is there, or it is the correct version, or whatever. I just don't remember how to Uncloak it!


-HandsOff

I'm not clear on exactly how you want to search, HandsOff, but at the command line, you could use a command like "dir /ash" to show all files and subdirectories in a directory that have both the system and hidden attributes set.

An extreme example would be using the command "dir /ash /s" from the root directory of a drive to show all files and folders having both the hidden and system attributes across the entire drive.

"dir /ashd /s" from the root of a drive would show only folders that have both the system and hidden attributes across the entire drive.

Sorry about the delay-


I had what I call an invisible file. one that, as far as I know will not be displayed in windows. I wanted to view the contents of its (undeletable) ADS Stream. Finally I think I figured out what the situation is. It is both comforting and alarming. I am 99% sure that what it is is the key that I double clicked on that was sent after I purchased a particular program. Actually more than one program uses this sort of key. They are much longer than a serial number. I guess they really are an decryption key. I say alarming because I do not like ADS Streams for just the reasons this whole episode illustrate. Despite the false sense of security that some ADS Streams programs give you, an average user like me really has a very incomplete picture, as some of the streams apparently are even more hideable than we know them to be. For instance, this one had a file name that did not consist of any printable characters. (This is legal?!) The name of this file is ß, where ß stands for unprintable character. Even though I know the file name (in a way) I do not have a character, so cannot name it. To make matters worse, it is, I believe, the key for the program that lets me view the contents of an ADS Stream.

Bottom line: Can't see = Can't trust = Vulnerability. That's how it looks to me. You may know them to be something good, but I don't like them.