Announcement

Collapse
No announcement yet.

Windows 10 and magically hidden files.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Windows 10 and magically hidden files.

    Does anyone have access to a Windows 10 Home machine they can test something for me with?

    I got one here. I'm trying to put Group Policy Editor on it. I found directions on how to do it. Anyways, I go to an elevated command prompt after running the setup program they gave me. I type:
    Code:
    cd \windows\SysWOW64\GroupPolicy
    xcopy c:\windows\SysWOW64\GroupPolicy\adm /s /e c:\windows\system32\GroupPolicy
    I messed up with the xcopy command. The command I typed should have put the files that are inside the adm directory inside the C:\windows\system32\GroupPolicy directory, not the C:\windows\system32\GroupPolicy\adm directory like I wanted. Now, this is where it gets weird...

    While I'm in the c:\windows\SysWOW64 directory, this is what I type and see:
    Code:
    C:\Windows\SysWOW64>attrib \windows\system32\GroupPolicy\*
    A      C:\windows\system32\GroupPolicy\conf.adm
    A      C:\windows\system32\GroupPolicy\gpt.ini
    A      C:\windows\system32\GroupPolicy\inetres.adm
    A      C:\windows\system32\GroupPolicy\system.adm
    A      C:\windows\system32\GroupPolicy\wmplayer.adm
    A      C:\windows\system32\GroupPolicy\wuau.adm
    Now, if I change directories to anything, this is what I get:
    Code:
    C:\Windows\SysWOW64>cd GroupPolicy
    
    C:\Windows\SysWOW64\GroupPolicy>attrib \windows\system32\GroupPolicy\*
    A      C:\windows\system32\GroupPolicy\gpt.ini
    Here's the dir command...
    Code:
    C:\Windows\SysWOW64>dir \windows\system32\GroupPolicy\*
     Volume in drive C has no label.
     Volume Serial Number is 6C09-E3A7
    
     Directory of C:\windows\system32\GroupPolicy
    
    06/27/2016 04:08 PM  <DIR>     .
    06/27/2016 04:08 PM  <DIR>     ..
    06/27/2016 03:57 PM  <DIR>     adm
    06/27/2016 03:45 PM        128 gpt.ini
    01/09/2016 05:24 PM  <DIR>     Machine
    01/09/2016 05:24 PM  <DIR>     User
            1 File(s)      128 bytes
            5 Dir(s) 79,991,689,216 bytes free
    
    C:\Windows>dir \windows\system32\GroupPolicy\*
     Volume in drive C has no label.
     Volume Serial Number is 6C09-E3A7
    
     Directory of C:\windows\system32\GroupPolicy
    
    06/27/2016 04:08 PM  <DIR>     .
    06/27/2016 04:08 PM  <DIR>     ..
    06/27/2016 03:57 PM  <DIR>     adm
    06/27/2016 03:45 PM        128 gpt.ini
    01/09/2016 05:24 PM  <DIR>     Machine
    01/09/2016 05:24 PM  <DIR>     User
            1 File(s)      128 bytes
            5 Dir(s) 79,991,689,216 bytes free
    It gets even weirder. If I go into the c:\windows\system32\GroupPolicy directory, I can create a file like conf.adm....and whatever I put in that file, it'll stay once I save it. But if I go back to the c:\windows\SysWOW64\ directory and try opening c:\windows\system32\GroupPolicy\conf.adm, I get the original one that I xcopy'd.

    Does anyone know what might be going on and how I can fix this? I was thinking maybe there was some sort of root kit installed but Norton doesn't find anything. I ran some rootkit detection program as well and that came back negative. I mean, I can run some other programs to test for infection, but at this point in time, I'd like to rule out yet another Windows 10 bug.

    Can anyone test to see if they have the same issue? Thanks!
    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

    #2
    Re: Windows 10 and magically hidden files.

    Why even bother? The odds won't be any different "just because" you happen to be working on that POS- you're a fool to think that...

    Attached Files
    "pokemon go... to hell!"

    EOL it...
    Originally posted by shango066
    All style and no substance.
    Originally posted by smashstuff30
    guilty,guilty,guilty,guilty!
    guilty of being cheap-made!

    Comment


      #3
      Re: Windows 10 and magically hidden files.

      Windows 10 IS the Rootkit.

      Comment


        #4
        Re: Windows 10 and magically hidden files.

        Originally posted by Sparkey55 View Post
        Windows 10 IS the Rootkit.
        It's been the #1 mal/scam/spy/whatever ware over the last year or so.

        Haven't we noticed that, unlike the past few "seasons," where there'd be a new flavor of "trash" making the rounds, all we have this time around is this abomination?
        "pokemon go... to hell!"

        EOL it...
        Originally posted by shango066
        All style and no substance.
        Originally posted by smashstuff30
        guilty,guilty,guilty,guilty!
        guilty of being cheap-made!

        Comment


          #5
          Re: Windows 10 and magically hidden files.

          lol

          even wih XP if you want full filesystem control you need to use a Linux live-disk.
          otherwise it's "file locked", or "file in use" or "you do not have permission" or just "what fucking file!"

          Comment


            #6
            Re: Windows 10 and magically hidden files.

            Originally posted by stj View Post
            lol

            even wih XP if you want full filesystem control you need to use a Linux live-disk.
            otherwise it's "file locked", or "file in use" or "you do not have permission" or just "what fucking file!"
            I'll see what the filesystem looks like after booting off a live disc or I'll pull the drive and try mounting it. Maybe that'll give me a clue to if it's a bug with 10 or if there's something malicious going on.
            -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

            Comment


              #7
              Re: Windows 10 and magically hidden files.

              Originally posted by kaboom View Post
              Why even bother? The odds won't be any different "just because" you happen to be working on that POS- you're a fool to think that...

              Why even bother? That's kind of a foolish question I think. The idea is to try and figure out if this machine is infected or if this is just another Windows 10 "bug".

              I currently only have access to this one machine running Windows 10, it's very hard for me to test this on another machine running Windows 10. If someone else has access to Windows 10, they could run a simple test and see if we receive different results or similar results. If the files disappear on their end, I'll assume it's something with 10. If the files exist, I'll maybe assume there's some virus on this machine.

              Regardless of how I personally feel about Windows 10 is irrelevant. Whether I like it, whether I hate it, it doesn't matter. Out of the various PC repair places in the area, someone picked me. They always decided, for whatever reason, to purchase this hp laptop with Windows 10 Home on it. They didn't ask me to purchase Windows 7 and install that on there (which would cost a good bit of money), they didn't ask me to put Linux on there, they didn't ask me to do anything but try to make it run a bit faster, remove some of the non-essential programs, update it and try to secure it a bit more. That's what I'm getting paid to do.

              I noticed something very wrong. I don't run Windows, I run Linux, so maybe this is just a well known 10 bug or something? I couldn't find anything on it when I was researching it though.
              -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

              Comment


                #8
                Re: Windows 10 and magically hidden files.

                I don't see why you have tried some gpedit hack on a customers PC, what were you hoping to achieve ?
                Maybe it's not working as you expect as it wasn't done correctly ?

                Comment


                  #9
                  Re: Windows 10 and magically hidden files.

                  Originally posted by diif View Post
                  I don't see why you have tried some gpedit hack on a customers PC, what were you hoping to achieve ?
                  Maybe it's not working as you expect as it wasn't done correctly ?
                  gpedit was a mistake, I was trying to set a security policy, just a test, when I realized the filesystem stuff. I didn't realize that gpedit, or the registry hacks for gpedit, are disabled in Home edition, so even though gpedit runs, it doesn't seem to do anything, the values set are pretty useless. I'm guessing changing setting the various registry values have the same effect.

                  Any suggestions on how to disable access to a program? I've always thought it was done with gpedit.msc -> Windows Settings -> Security Settings -> Software Restrictions -> Additional Rules.

                  I think I figured out what was going on though. I think because I was in the SysWOW64 directory, I was executing 32-bit binaries. When I was in there, instead of accessing the 64-bit version of xcopy, I accessed the 32-bit version of xcopy. Same with attrib. So....with the command:
                  Code:
                  C:\Windows\SysWOW64>attrib c:\windows\system32\GroupPolicy
                  because I'm in SysWOW64 directory running the 32-bit version of attrib, it points any requests that are made to c:\windows\system32 to c:\windows\SysWOW64\

                  When I went and checked the c:\windows\SysWOW64\GroupPolicy directory, I found the missing files.

                  This probably isn't a Windows 10 specific thing but more or less a 64-bit version of Windows feature I'm guessing. This is probably how Microsoft provides backwards compatibility to 32-bit applications.


                  Also, is not okay to use hacks / tweaks like that on customer's PCs? For people who wanted to stick to 7 and get rid of that pesky Upgrade to 10 Now "feature", I've been running a third party program on their machines that remove the Get Windows 10 Now icon and disables the update. It's got the options of putting it back, if they want. Should I not be using stuff like that?
                  Last edited by Spork Schivago; 06-28-2016, 02:22 AM.
                  -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                  Comment


                    #10
                    Re: Windows 10 and magically hidden files.

                    Diif,

                    I now know why I shouldn't have been trying to run gpedit.msc on a customer's Home machine. I didn't realize I was actually patching the system
                    -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                    Comment


                      #11
                      Re: Windows 10 and magically hidden files.

                      What program are you trying to stop access to ?
                      Installing never 10 or gwx control panel is not what id class as a hack.
                      Opening up cmd and typing stuff in when nothing is broken is.
                      Always remwber KISS, keep it simple stupid. Dont make work for yourself that doesn't need doing by over complicating things.
                      I put 10 on a spare PC for playing with. Ive tried to discourage my customers and most have listened but im sure I'll encounter some that have it.

                      Comment


                        #12
                        Re: Windows 10 and magically hidden files.

                        Well, there was more policy's that I wanted to adjust besides preventing access to certain programs. But they wanted internet explorer blocked completely. I don't know if it has something to do with children and viruses or what. I didn't ask. I told them I might not be able to either. I'm not sure, but I almost remember something about it being completely integrated into Windows.

                        I don't think opening a command prompt and using xcopy to copy some files from one directory to another is considered a hack. The program I used to install gpedit.msc though, I think that might be one. I think it might replace system files to allow gpedit.msc to run. I've since undone that though. I know this is probably going to sound like a waste of time to some people, but I almost always clone the customers hard drive before I start working on it in Linux using dd. Then, after I'm done, depending on the work I did, I'll either delete it or talk to the customer and tell them about it and hold on to the image for a few months. If I format / reinstall, I'll hold onto the image in case they call me in a week or two and say hey, there was this really important file that isn't here now! I forgot to tell you I needed that backed up as well!

                        How did you install 10 on a spare PC? I'd like to do that to play around with it, to learn it a bit. My wife had it for a little bit but went back to 7 shortly after. Did you have to pay for a product key or did you install it in a virtual machine or something?

                        The interface seems to be a lot like 7, but there's some differences and I'd like to learn them. I just don't want to have to pay for a copy to play around with. I'd rather just install it directly on a machine and mess around with it for a bit. Is there some trial mode or something? That'd be better than running in a virtual machine. I got this old Dell OptiPlex 745 a customer gave me. I bet that'd run it okay like.

                        Also, Microsoft has changed their license policy a bit. They say I'm not allowed to do certain things the way I used to do them before and to deploy stuff like a fully updated 8 image, I might need to install Server Edition. I got a copy of 2012 around here somewhere I can install, but I just wanted to let you guys know in case you play with reference and master images and stuff.
                        -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                        Comment


                          #13
                          Re: Windows 10 and magically hidden files.

                          TL;DR; You can install Windows 10 without a product key but some features will be disabled until you activate.
                          Originally posted by PeteS in CA
                          Remember that by the time consequences of a short-sighted decision are experienced, the idiot who made the bad decision may have already been promoted or moved on to a better job at another company.
                          A working TV? How boring!

                          Comment


                            #14
                            Re: Windows 10 and magically hidden files.

                            Doing something that it's not supposed to do is what I'd consider a hack.
                            I had a PC with 7 on but I needed to read a disc from an 8.1 laptop.
                            I did do the upgrade first but it just sat at 99% complete.
                            I downloaded the media tool, created a USB stick and installed it that way.

                            Comment


                              #15
                              Re: Windows 10 and magically hidden files.

                              Originally posted by diif View Post
                              Doing something that it's not supposed to do is what I'd consider a hack.
                              I had a PC with 7 on but I needed to read a disc from an 8.1 laptop.
                              I did do the upgrade first but it just sat at 99% complete.
                              I downloaded the media tool, created a USB stick and installed it that way.
                              I gotcha. The xcopy command and attrib commands at the command prompt weren't actually doing anything really. The first command, xcopy, was just copying files from one directory to another. They were just .cfg files for the MMC snap-in. The second command just showed attributes on the files, to see if they were hidden.

                              With the PC that you have 10 on, you went for the free upgrade? Do you know if that's over with yet? I'm pretty sure I can get 7 on this Dell here. If I could go for the free 10 upgrade still, that'd be great. Just to play with, you know?
                              -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                              Comment


                                #16
                                Re: Windows 10 and magically hidden files.

                                Originally posted by Th3_uN1Qu3 View Post
                                TL;DR; You can install Windows 10 without a product key but some features will be disabled until you activate.
                                Thank you. Will it stop working after a certain amount of time? I honestly can't really see me using the PC after I get comfortable with 10. I can't really play video games and almost all the stuff I do on a PC, I do in Linux now-a-days.

                                Thanks!
                                -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                                Comment


                                  #17
                                  Re: Windows 10 and magically hidden files.

                                  Originally posted by Spork Schivago View Post
                                  I gotcha. The xcopy command and attrib commands at the command prompt weren't actually doing anything really. The first command, xcopy, was just copying files from one directory to another. They were just .cfg files for the MMC snap-in. The second command just showed attributes on the files, to see if they were hidden.

                                  With the PC that you have 10 on, you went for the free upgrade? Do you know if that's over with yet? I'm pretty sure I can get 7 on this Dell here. If I could go for the free 10 upgrade still, that'd be great. Just to play with, you know?
                                  I did it 2 days ago. BTW why try and stop IE from running ? What about Edge which is even crapper than IE.

                                  Comment


                                    #18
                                    Re: Windows 10 and magically hidden files.

                                    IE is used as a backend for a lot of "phone-home" type activity.

                                    Comment


                                      #19
                                      Re: Windows 10 and magically hidden files.

                                      Spork Well, there was more policy's that I wanted to adjust besides preventing access to certain programs. But they wanted internet explorer blocked completely. I don't know if it has something to do with children and viruses or what. I didn't ask. I told them I might not be able to either. I'm not sure, but I almost remember something about it being completely integrated into Windows.

                                      It is completely integrated. One can not just get rid of it and I suppose blocking it would have the same result. I have gotten rid of the internet explorer before. It will get rid of the other internet browsers on your machine and will make it so you can not go out on the internet. So say if you have Google Chrome downloaded onto your machine and you get rid of internet explorer your Google Chrome with disappear and any other browser on your machine and you will not be able to go out on the internet for anything. I kind of think this is unfair because they are saying you have to have our browser on your machine if you want to go out on the internet.

                                      Comment


                                        #20
                                        Re: Windows 10 and magically hidden files.

                                        Originally posted by diif View Post
                                        I did it 2 days ago. BTW why try and stop IE from running ? What about Edge which is even crapper than IE.
                                        Hrmm, is Edge a separate browser? I haven't been able to play a lot with this machine. I gotta get this done tomorrow but there's been a lot of bad stuff happening around here. My mum fell and broke her humerous or something like that, the long bone in your upper arm, and then some carpol type bone thingy, which is bad. I got in a big fight with my sister, we just got really move and get out of here! Too much stress, that's for sure!

                                        I can't let the business suffer though because of my personal problems. The fact that I thought Edge was just the new IE, I guess that shows how much I need to learn 10 to really start fixing these dang things. I wish Microsoft just kept 7 going!!!
                                        -- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full

                                        Comment

                                        Working...
                                        X