Hidden processes, files, registry keys

Discussion in 'other anti-malware software' started by Wai_Wai, Oct 13, 2006.

Thread Status:
Not open for further replies.
  1. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Hidden processes, services, files, registry keys

    Before my questions, let define what the word "hidden" means here.
    It is meant to be thing that is truly hidden and stealthy.
    For processes, they won't show up in Windows Task Manager.
    For files, they would not show up in Windows Explorer even if you select "show hidden files".

    Questions:
    1) What tools do you recommend which can view any truly hidden items on my computer, including but not limited to:
    - processes
    - services
    - files and folders
    - registry keys
    - and other hidden things

    2) Why do you recommend these tools?

    Thank you.
     
    Last edited: Oct 14, 2006
  2. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Any help please?
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I know it's not the answer you want, but it might encourage you ...
    http://syssafety.com/releasenotes.html?pid=80
     
  4. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    probably the anti-rootkit stuff of which there are quite a few plus other system tools.

    You know the usual.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Last edited: Oct 21, 2006
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I assume you want a list of files that are MEANT TO BE HIDDEN, as opposed to files that have been hidden-by-malware (such as by a rootkit). If my assumption is correct, perhaps WinPatrol+ will do the job for you. See screenshot below.

    Otherwise, you need a rootkit detective -- one of those suggested by other posters, perhaps.
     

    Attached Files:

  7. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Actually I think Wai Wai meant the reverse of what you are saying. Though his wording seems to be confusing. "meant to be" = meant to be by who exactly??

    This sentence makes me think he is talking about malware, not files marked as hidden.

    Well there's the list at antirootkit.com obviously. i was thinking of making some no doubt clueless comments on each tool, but I'm not looking forward to having my comments recycled into WaiWai's 'advise to newbies' speech. :D
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    There's a rather in-depth review/testing of several rootkit hunter/killer apps over Yonder. Dated Oct 2006.
     
  9. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Thanks for your snapshot.

    However it appears it is merely a collection of hidden files.

    The hidden files can be easily seen if I turn on "show hidden files" in the setting.
     
  10. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    To everyone,
    Why would I like to see any hidden things in my computer (that I couldn't see otherwise by normal means)? It is multi-purpose. Although it is not particularly for detecting a malware, it could be one of the purposes.

    For example, some programs are nasty and leave tons of traces, some of them being hidden, behind my system even after I have uninstalled it. This bloats my system. I would like to get rid of all changes.

    It can be used to troubleshoot system/computer problems (not just malware issues).

    What's more, I can use this tool to have some malware hunting too.

    The possibilities are nearly unlimited. :)
     
  11. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Not quit what you are talking about.....

    but may help. if you are not already aware of it. This tweak will show all devices in device manager. You would be surprised what is left over as drivers after the un-install of some software.
    System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    Environment]
    Value Name: DEVMGR_SHOW_NONPRESENT_DEVICES
    Data Type: REG_SZ (String Value)
    Value Data: (1 = show all hidden devices)

    Then when in Device Manager click on View\Show hidden devices.
    As far as an application to show "super hidden" files folders, do not think they have come up with one yet.
     
  12. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Re: Not quit what you are talking about.....

    Thanks, ThunderZ.
    Yes, I realise this tweak.
    Hopefully this would really show all devices. ;)

    By the way, does anyone know why Bill Gates has such a design?

    Super hidden extensons
    Super hidden processes
    Super hidden registry keys
    Super hidden drivers
    Super hidden device
    ...
    ...

    Oh gosh!

    Why not make it simple?
    If we say "show all hidden", show all of them, not some of them.

    How could the programmer create super hidden things?
     
  13. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Re: Not quit what you are talking about.....


    I am figuring it has something to do with open source vs.non-open source = $$$$$ Just my .02
     
  14. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Re: Not quit what you are talking about.....

    The reasons are similar to why Bill Gates like to integrate IE with the operating system, or why does he like to super-hide Internet temporary and temp folders under docuemnts and settings, or why does he make it harder for average Joe to uninstall some of its programs (eg netmeeting, windows messenger)?

    Bad design because of $$$$. :doubt:
     
Loading...
Thread Status:
Not open for further replies.