How to find hidden/cloak files in Windows 2003?

Posted by homemdelata on Server Fault See other posts from Server Fault or by homemdelata
Published on 2010-05-10T22:24:17Z Indexed on 2012/06/29 3:18 UTC
Read the original article Hit count: 470

Here is the point.

I set Windows to display all the hidden files and protected operating system files but even after that, my antivirus (Kaspersky) is still getting a ".dll" file on "c:\windows\system32" saying it's a riskware 'Hidden.Object'.

I tried to find this file everytime but it's not there. So I asked one of the developers to create a service that verifies the folder each 5 seconds and, if it founds the file, copies to another place.

If it copies to another place with the same name and extension, I still can't find the file on the other folder but Kaspersky now founds both. If I keep the same name but with a different extension, like ".temp123", I still can't find the file. Lastly, I created an empty text file and renamed with the same name as the other one, the file just gone too.

After all this research It's clear that every file with this same name on this specific server gets cloak, doesn't matter the file extension. I created a file with this same name on another server and nothing happens, the file is still there without problem.

How can I found this kind of file? How can I "uncloak" it? How can I know what this file is doing?

© Server Fault or respective owner

Related posts about windows-server-2003

Related posts about hidden-files