I challenge you

  • Thread starter Thread starter wr
  • Start date Start date
W

wr

I have posted twice and no one has responded so I will try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a reply
just so I know that I am not alone.

Cheers

Bill
 
I just tried what you did, and got an error saying the file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also said the file
already exists.

What do you mean "you can't see it"? Can you define what you are seeing?

~Eric
 
It is not listed, it does not appear on the cathode ray
tube, it is bereft of photonic representation...to
paraphrase Monty Python's Cleese.;=)
"It" in this case is the word regedit.xxx on the screen
with or without an icon indicating that it is on the disk.

Perhaps there is no difference but this is a post in the
newsgroup windows 2000 File system.

I am a little unclear at what point you got the error
saying the file already exists? My explanation was quite
detailed in the steps perhaps you could do me the honour
of being just as detailed and tell me at what point you
got the error saying the file already exists. For instance
what directory you were saving it to, whether you saw the
file in the refreshed file list, explorer or on the
desktop after you did the save to.

Thanks for working on this with me.

Cheers

Bill
-----Original Message-----
I just tried what you did, and got an error saying the file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also said the file
already exists.

What do you mean "you can't see it"? Can you define what you are seeing?

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


wr said:
I have posted twice and no one has responded so I will try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a reply
just so I know that I am not alone.

Cheers

Bill


.
 
Maybe I followed the wrong steps. Can you give them to us, click by click?

~Eric


--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


wr said:
It is not listed, it does not appear on the cathode ray
tube, it is bereft of photonic representation...to
paraphrase Monty Python's Cleese.;=)
"It" in this case is the word regedit.xxx on the screen
with or without an icon indicating that it is on the disk.

Perhaps there is no difference but this is a post in the
newsgroup windows 2000 File system.

I am a little unclear at what point you got the error
saying the file already exists? My explanation was quite
detailed in the steps perhaps you could do me the honour
of being just as detailed and tell me at what point you
got the error saying the file already exists. For instance
what directory you were saving it to, whether you saw the
file in the refreshed file list, explorer or on the
desktop after you did the save to.

Thanks for working on this with me.

Cheers

Bill
-----Original Message-----
I just tried what you did, and got an error saying the file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also said the file
already exists.

What do you mean "you can't see it"? Can you define what you are seeing?

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


wr said:
I have posted twice and no one has responded so I will try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a reply
just so I know that I am not alone.

Cheers

Bill


.
 
BTW: am I the only one that feels like they are in a murder mystery? Maybe
it's just me..... :-)

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


wr said:
It is not listed, it does not appear on the cathode ray
tube, it is bereft of photonic representation...to
paraphrase Monty Python's Cleese.;=)
"It" in this case is the word regedit.xxx on the screen
with or without an icon indicating that it is on the disk.

Perhaps there is no difference but this is a post in the
newsgroup windows 2000 File system.

I am a little unclear at what point you got the error
saying the file already exists? My explanation was quite
detailed in the steps perhaps you could do me the honour
of being just as detailed and tell me at what point you
got the error saying the file already exists. For instance
what directory you were saving it to, whether you saw the
file in the refreshed file list, explorer or on the
desktop after you did the save to.

Thanks for working on this with me.

Cheers

Bill
-----Original Message-----
I just tried what you did, and got an error saying the file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also said the file
already exists.

What do you mean "you can't see it"? Can you define what you are seeing?

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights.


wr said:
I have posted twice and no one has responded so I will try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a reply
just so I know that I am not alone.

Cheers

Bill


.
 
wr said:
I have posted twice and no one has responded so I will try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

I can see the file. My XP SP1 system is not hiding files named regedit.???.
That appears to be what yours is doing, though it also appears that in your
frustration, you aren't stating the problem as clearly as you might. Having
gone back and found your previous messages, which I missed the first time, I
can see that you stated it more clearly the first time, but that's no excuse
for taking out your frustration on us.

Back to your original problem. First of all, do you have all the Explorer
options to make things helpful turned off? Select "Show hidden files and
folders", and turn off "Hide extensions for known file types" and "hide
protected operating system files (Recommended)". Secondly, why are you
copying Regedit.exe, or Regedt32.exe? You say you are sure that you don't
have a virus, but what did you do that could cause you to not have those
files?
Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

I can see it just fine. Check the options I mentioned above.

Phil
--
Philip D. Barila Windows DDK MVP
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
E-mail address is pointed at a domain squatter. Use reply-to instead.
 
First of all, thank you for taking the time to check this
out.

I am unsure what part of my posts caused "but that's no
excuse for taking out your frustration on us" but I will
make an assumption (always dangerous ;=)) that it was in
my response to Eric's post.

;=) is short hand for a smile and Monty Python ( John
Cleese) do a sketch called the Dead Parrot sketch where a
customer uses a long list of descriptors to get across the
idea that a parrot is dead. I was not "taking anything
out". I was trying to be funny. Dying is easy Comedy is
hard. I never learn. Communication is trickier in ascii
so I always read things twice just to be sure that offense
was intended.
You say you are sure that you don't
have a virus, but what did you do that could cause you to
not have those
files?

I did not say that I was sure I did not have a virus. I
said that I may have a bleeding edge virus. That is a
virus at the leading edge that has not yet been seen on
any radar and therefore does not exist. Virus checkers are
inherently reactive. It is also possible that one of the
patches provided by MS has caused a problem; thus my
interest in finding fellow sufferers.
cause you to not have those
files?
I have the files the OS just won't display their existence.

I am using win2k with all sp's updates etc etc.
Both respondents to my post have said they are on XP with
service packs. I have to assume that the fact that I am
in a win2k NG that the OS's are so similar that for this
problem there would be no difference.

As mentioned in my original post I have turned off all
impediments to viewing in explorer. I can see all other
hidden, system and file types with known extensions. By
the way MMC is also "missing". I appreciate that you are
being thorough.

What part of the OS is used when dir is used in the ms
window? It has to be the same as explorer.

Finally I am not "copying Regedit.exe, or
Regedt32.exe". The "I challenge you" post was an
attempt to get someone to try a simple test to determine
if I was alone. What that post failed to do was ensure
that the user deselected the "hide the file" feature set.
I assumed that my target audience would have that feature
set turned off right out of the box. Agreed...Bad
assumption.

But note that these settings are irrelevant because
attribute and file extensions which the feature set uses
to hide files are not what this bug is using it is the
filename that is being used to hide the file.

I discovered the problem by trying to run regedit.
Based on the two XP users that responded, I guess I am
alone.

I cannot think of any inciting event other than love-
san/blaster or some other trojan as yet undiscovered.
But if this is a new trojan it is clever.

Cheers
 
-----Original Message-----


OK, let's step back a bit and try a few basic things.

If you select Start -> Run, type in regedit, then click the OK button, does
regedit run?

No it says the file or one of it components is missing etc
etc
Assuming that it does, if you type:
dir /s C:\regedit.*
at the command prompt, does it find any files? No

Assuming (again), that it *doesn't* find it, what do you get if you type:
attrib C:\WINNT\regedit.exe
where C:\WINNT is the default Windows 2000 installation
directory?

file not found


Thanks again for your time. You are suggesting things
that I have already tried but that is good cause it forces
me to try them again to be thorough and reinforces the
troubleshooting discipline.

The test I laid out in my challenge is comprehensive in
displaying the behaviour on this machine. The sequence of
letters regedit and regedt32 as a filename will not
display on the monitor as a file. The extension used is
irrelevant.

My test shows that on some level the OS knows about the
existence of the file because if you try to save the
notepad created file twice with the same filename the OS
tells you that it already exists (although it is not
visible in a directory listing). Also if I put the file
on a floppy using another machine and then do a dir using
the affected machine it finds no files. But if I do a
chkdsk on the floppy it finds that there is one file and
reports the filesize correctly. Interesting huh?

Booting the machine from the Win2k CD and running recovery
console also allows me to dir and see that the files exist
on the disk. So ??

In the 20 years I have been working with Microsoft
products ( user from DOS 1.0 to Win2k) I have never dealt
with something like this.
Can you tell me with certainty the OS components that are
between the console display and the request for a file
listing, whether at the command prompt or in another form
in the gui? I want to find the component that is stripping
the info.

I could just nuke the OS but that would deprive us all of
finding out if this is a clever virus or a MS feature. [=)

Cheers

Bill
 
further to this I copied regedit.exe to a newly formatted
floppy on an unaffected machine.

On the affected machine:
I started Uedit a text editor and file open: the file was
not visible in the list but I entered regedit.exe and
specified the a: drive.
The file opened and as soon as it did a message came up:
File Changed!
a:regedit has been deleted, or is no longer available.Do
you wish to keep the file open in the editor.
Yes to keep the file, no to close it.

I select yes and then save as regedt.exe
This file is not visible in a directory listing.

In the text editor, if I file open regedt.exe it will open
but the error message does not appear.

Some process is actively intercepting or altering somethin
in these files to make them invisible.

I have used Resource hacker to determine that the
resources have been stripped from regedit.exe

Cheers
-----Original Message-----
-----Original Message-----


OK, let's step back a bit and try a few basic things.

If you select Start -> Run, type in regedit, then click the OK button, does
regedit run?

No it says the file or one of it components is missing etc
etc

Assuming that it does, if you type:
dir /s C:\regedit.*
at the command prompt, does it find any files? No

Assuming (again), that it *doesn't* find it, what do you get if you type:
attrib C:\WINNT\regedit.exe
where C:\WINNT is the default Windows 2000 installation
directory?

file not found


Thanks again for your time. You are suggesting things
that I have already tried but that is good cause it forces
me to try them again to be thorough and reinforces the
troubleshooting discipline.

The test I laid out in my challenge is comprehensive in
displaying the behaviour on this machine. The sequence of
letters regedit and regedt32 as a filename will not
display on the monitor as a file. The extension used is
irrelevant.

My test shows that on some level the OS knows about the
existence of the file because if you try to save the
notepad created file twice with the same filename the OS
tells you that it already exists (although it is not
visible in a directory listing). Also if I put the file
on a floppy using another machine and then do a dir using
the affected machine it finds no files. But if I do a
chkdsk on the floppy it finds that there is one file and
reports the filesize correctly. Interesting huh?

Booting the machine from the Win2k CD and running recovery
console also allows me to dir and see that the files exist
on the disk. So ??

In the 20 years I have been working with Microsoft
products ( user from DOS 1.0 to Win2k) I have never dealt
with something like this.
Can you tell me with certainty the OS components that are
between the console display and the request for a file
listing, whether at the command prompt or in another form
in the gui? I want to find the component that is stripping
the info.

I could just nuke the OS but that would deprive us all of
finding out if this is a clever virus or a MS feature. [=)

Cheers

Bill
Phil
--
Philip D. Barila Windows DDK MVP
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
E-mail address is pointed at a domain squatter. Use reply-to instead.



.
.
 
wr said:
further to this I copied regedit.exe to a newly formatted
floppy on an unaffected machine.

On the affected machine:
I started Uedit a text editor and file open: the file was
not visible in the list but I entered regedit.exe and
specified the a: drive.
The file opened and as soon as it did a message came up:
File Changed!
a:regedit has been deleted, or is no longer available.Do
you wish to keep the file open in the editor.
Yes to keep the file, no to close it.

[snip]

That's a virus. Sircam and VBS/Stages.A are two viruses known to screw with
regedit.exe.

Googling for:
regedit.exe delete
produced lots of info.

Time to act on the assumption that you've got a virus. If you can verify
that the latest virus defs from your AV vendor doesn't find it, and the
telltales for the known regedit attack viruses aren't there, then maybe you
have a new one.

Sorry you got bit, Bill.

Phil
--
Philip D. Barila Windows DDK MVP
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
E-mail address is pointed at a domain squatter. Use reply-to instead.
 
Gentlemen
I hope you have the image of John Cleese in the pet shop
talking about his dead parrot clearly in your mind. Smile

I am unable to run regedit because the OS cannot see it.
It returns from start run regedit with "file or one of its
components is missing." That started this journey out.

Please read my posts to Phil Barila they deepen the
mystery. Don't you think that a floppy with a filename of
regedit.exe that is visible on a listing on computer A
should also be visible on Computer B? Is is not strange
that the free area of the floppy is reported correctly on
computer B yet no files are listed? Is is not even
stranger when "if I type in a "DOS" window: dir
a:\reged*.* /s/a (/s looks in all
subfolders and /a includes all files, no matter which
attributes may be" NO files show up?

Imagine what your response would be if when you issued
those commands on your computer regedit.exe did not show
up. What would you think? Ah somehow they were deleted.
Then you might try an undelete utility and heavens to
Betsy regedit.exe isn't there. You boot off the CD and
use recovery console, do a dir on the winnt directory and
golly gee there is regedit large as life.

Now gentlemen Any ideas?

According to one of the many knowledge base articles I
have skimmed over the last two days, it is claimed that it
is not possible to hide a file on an ntfs system. By that
I mean the administrator can use commands to see a file no
matter what the attributes that have been set.
Now I know that a floppy is FAT but the floppy is just a
simpler easier to manage way of illustrating the problem.
The problem is exactly the same on the harddrive.
Well I have a computer who's operating system has
something in it that hates regedit and regedt32 and
refuses to show these words on a screen in a directory
listing of any kind.

You don't understand my complaint?

I am trying to figure out how someone could do this in the
win2k OS. What is the process followed by the OS from say
the command window when you type dir /a. Where and how
could a filter be placed to strip the information so that
no files of a particular filename are shown in the
directory listing?

If a third party has dropped this feature on my machine
then what else is possibly going on? If this originated in
one of the patches post msblaster then I would like to get
it repaired. These things concern me and I think they
should concern Microsoft. Ahem.
-----Original Message-----
Hi, Eric.

It's much less interesting than a murder, but it is a mystery. The mystery
is: just what is wr complaining about - and why?

Yes, Bill, I can see your two prior posts, dated 9/1 and 9/2, both
unanswered. I've read both of them - plus this one - and, like Eric, I
can't figure out just what your problem is.

If I type in a "DOS" window: dir \winnt\reged*.* /s/a (/s looks in all
subfolders and /a includes all files, no matter which attributes may be
set), I get a listing of 11 files in 6 folders, including:
\winnt\regedit.exe
\winnt\ServicePackFiles\i386\regedit.exe
\winnt\system32\regedt32.exe
\winnt\system32\dllcache\regedit.exe
\winnt\system32\dllcache\regedt32.exe

This is in WinXP Pro. My archived copy of Win2K shows a similar list of 10
such files, including regedit.exe twice and regedt32 four times. And they
all show up in Windows Explorer, with no attribute set except A for Archive.

And I used Notepad to create a short file and saved it as E:\regedit.txt. I
can easily see that file with either dir or Windows Explorer.

Does this help in any way, Bill?

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP

BTW: am I the only one that feels like they are in a murder mystery? Maybe
it's just me..... :-)

~Eric
and confers no
rights.
wr said:
It is not listed, it does not appear on the cathode ray
tube, it is bereft of photonic representation...to
paraphrase Monty Python's Cleese.;=)
"It" in this case is the word regedit.xxx on the screen
with or without an icon indicating that it is on the disk.

Perhaps there is no difference but this is a post in the
newsgroup windows 2000 File system.

I am a little unclear at what point you got the error
saying the file already exists? My explanation was quite
detailed in the steps perhaps you could do me the honour
of being just as detailed and tell me at what point you
got the error saying the file already exists. For instance
what directory you were saving it to, whether you saw the
file in the refreshed file list, explorer or on the
desktop after you did the save to.

Thanks for working on this with me.

Cheers

Bill
-----Original Message-----
I just tried what you did, and got an error saying the
file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also
said the file
already exists.

What do you mean "you can't see it"? Can you define what
you are seeing?

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and
confers no rights.


I have posted twice and no one has responded so I will
try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the
desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a
reply
just so I know that I am not alone.

Cheers

Bill


.
 
Phil figures virus sircam or other undiscovered.
So what does one do if one is a responsible computer? Who
does one talk to? Norton is happy but the computer is sad.

Yikes

Bill
-----Original Message-----
Hi, Eric.

It's much less interesting than a murder, but it is a mystery. The mystery
is: just what is wr complaining about - and why?

Yes, Bill, I can see your two prior posts, dated 9/1 and 9/2, both
unanswered. I've read both of them - plus this one - and, like Eric, I
can't figure out just what your problem is.

If I type in a "DOS" window: dir \winnt\reged*.* /s/a (/s looks in all
subfolders and /a includes all files, no matter which attributes may be
set), I get a listing of 11 files in 6 folders, including:
\winnt\regedit.exe
\winnt\ServicePackFiles\i386\regedit.exe
\winnt\system32\regedt32.exe
\winnt\system32\dllcache\regedit.exe
\winnt\system32\dllcache\regedt32.exe

This is in WinXP Pro. My archived copy of Win2K shows a similar list of 10
such files, including regedit.exe twice and regedt32 four times. And they
all show up in Windows Explorer, with no attribute set except A for Archive.

And I used Notepad to create a short file and saved it as E:\regedit.txt. I
can easily see that file with either dir or Windows Explorer.

Does this help in any way, Bill?

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP

BTW: am I the only one that feels like they are in a murder mystery? Maybe
it's just me..... :-)

~Eric
and confers no
rights.
wr said:
It is not listed, it does not appear on the cathode ray
tube, it is bereft of photonic representation...to
paraphrase Monty Python's Cleese.;=)
"It" in this case is the word regedit.xxx on the screen
with or without an icon indicating that it is on the disk.

Perhaps there is no difference but this is a post in the
newsgroup windows 2000 File system.

I am a little unclear at what point you got the error
saying the file already exists? My explanation was quite
detailed in the steps perhaps you could do me the honour
of being just as detailed and tell me at what point you
got the error saying the file already exists. For instance
what directory you were saving it to, whether you saw the
file in the refreshed file list, explorer or on the
desktop after you did the save to.

Thanks for working on this with me.

Cheers

Bill
-----Original Message-----
I just tried what you did, and got an error saying the
file already exists.
XP SP1 with all of the latest patches.
Also did the same on Server 2003 with all patches, also
said the file
already exists.

What do you mean "you can't see it"? Can you define what
you are seeing?

~Eric

--
Eric Fleischman [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and
confers no rights.


I have posted twice and no one has responded so I will
try
again.

If your machine is up to date with all the latest MS
patches and dribbleware.

open note pad
type anything you want
Save as regedit.ext where ext is anything you want and
save it to anywhere that you can remember but the
desktop
is easiest cause its most visible.

If you can see the file where you placed it good on ya.
You don't have the same feature I have but don't want.

Save as regedit.ext where ext is the extension you used
the first time. You should get a message saying it
already exists. Whoa but you can't see it. UH HUH!

Save as regedt.ext. You should see it (Note there is
no "i").

If anyone has the same feature please please post a
reply
just so I know that I am not alone.

Cheers

Bill


.
 
Back
Top