Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Show Hidden files/File extensions


  • Please log in to reply
8 replies to this topic

#1 Wyte

Wyte

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 01 August 2009 - 10:13 PM

Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u

Press Enter.

This command will:

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.


ComboFix's uninstall hasn't been resetting my clock time back to normal. It's still in Military time.

EDIT: Moved to more appropriate forum

Can anyone please direct me to a batch file or command line string that will change this back? I really need it to be through Command Line and not the control panel!

Secondly, I'd really like to know how to SHOW file extensions and System files through the command line. If the ComboFix batch files weren't so freaking crazy and messy as to keep people guessing I would attempt to comment out those parts, but I just decided to not even bother. Please, I really hate that ComboFix hides these and would love to know how to fix it. Only through Command Line, though! I can do it in the UI but it takes far too long.


LARGE batch file
...

:Combo
copy "Software\Virus and Malware\ComboFix.exe" "C:\Combofix.exe"
start "" /WAIT "C:\ComboFix.exe"
goto SpecialMenu

:ComboUn
combofix /u
pause
goto SpecialMenu

...


Obviously the batch file is closed when starting ComboFix or it's uninstaller, so I use two different entry points. I want to add a separate option to show File Extensions and Hidden/System files.

Edited by garmanma, 02 August 2009 - 09:26 AM.


BC AdBot (Login to Remove)

 


#2 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:09:35 PM

Posted 01 August 2009 - 11:50 PM

What exactly is it that you're trying to accomplish?

Are you trying to run CF unattended or are you trying to modify its code? If so, you should direct your question to the tool's author as we do not discuss its inner workings on the forums (at his request). Sounds to me like you're asking about scripting, and possibly including CF in, another reason to direct your queries to him.

The settings you mention are in the registry. You'll have to find which key, and which command you could use to modify them.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:35 PM

Posted 01 August 2009 - 11:52 PM

Secondly, I'd really like to know how to SHOW file extensions and System files through the command line. If the ComboFix batch files weren't so freaking crazy and messy as to keep people guessing I would attempt to comment out those parts, but I just decided to not even bother. Please, I really hate that ComboFix hides these and would love to know how to fix it. Only through Command Line, though! I can do it in the UI but it takes far too long.

Correct me if I'm wrong, but I believe those scripts are copyrighted by the tool's author, and he would not be happy to find that people are stealing his scripts.

I'm sure you can google for the registry keys controlling those settings.

Why can you not just reset from the control panel?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Wyte

Wyte
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 02 August 2009 - 12:45 AM

The reason I have made this topic is to avoid modifying ComboFix.

Correct me if I'm wrong, but I believe those scripts are copyrighted by the tool's author, and he would not be happy to find that people are stealing his scripts.


Indeed, the specific code used may be copyrighted to the tool's author, but the operations performed are quite general and can be done by anyone once the method is known. I won't be using a batch file to extract certain variables, change them, and rewrite them. I'll just be registering a .reg file which Microsoft has given me the ability to do. I understand 90% of the people here are paranoid about people repackaging ComboFix under a different name or perhaps with some added code under the hood, but I assure you I'm involved in no such thing. In fact, I don't want to edit CF at all, hence this topic asking for help.

Why can you not just reset from the control panel?


ComboFix broke it via the command line and the Uninstall did not fix it(Or remove the left over files for that matter), so I should like to be able to run a batch file to correct the problems it fails to resolve.. Quickly and painlessly.

Galadriel, your bit of information at the end about the registry was spot-on, leading me to this: [hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced] The keys are "hidden", "hidefileext" and "showsuperhidden". Now all that is left is to figure out how to reset the time back to regular from Military and I'll be all set!

I do appreciate the luke-warm replies I've received for they have directed me truly thus far!

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:35 PM

Posted 02 August 2009 - 12:52 AM

Indeed, the specific code used may be copyrighted to the tool's author, but the operations performed are quite general and can be done by anyone once the method is known.

By disassembling the executable, to look at the "method" used, you have violated the copyright. The "method" behind several patented and copyrighted pieces of software is the entire reason they exist. The "method" is what is being copyrighted. Period. Research the method on your own, rather than disassembling others' tools.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 Wyte

Wyte
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 02 August 2009 - 01:08 AM

Indeed, the specific code used may be copyrighted to the tool's author, but the operations performed are quite general and can be done by anyone once the method is known.

By disassembling the executable, to look at the "method" used, you have violated the copyright. The "method" behind several patented and copyrighted pieces of software is the entire reason they exist. The "method" is what is being copyrighted. Period. Research the method on your own, rather than disassembling others' tools.

Billy3


I can see your side of the story entirely, and offer my apologies for my ignorance on the matter. However,
Spoiler
may or may not be considered disassembling the executable depending on several [bias] factors. I'm actually uninterested in this matter as it doesn't really concern me since I have neither the need nor want to explore such things as long as I can locate the information I need through conventional means.

Furthermore, the information I posted was gained from Googling the initial lead provided by Galadriel. I can only hope you realize there is no malicious intent in my words.

It still stands that I need the ability to reset the clock back to it's original format, would you surmise this is also in the Registry? I'm still searching.

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:35 PM

Posted 02 August 2009 - 01:19 AM

Just because it is easy to disassemble does not mean it is not disassembly.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 Wyte

Wyte
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 02 August 2009 - 01:23 AM

Just because it is easy to disassemble does not mean it is not disassembly.

Billy3


Hmm, perhaps. I have found this through Google:

[HKEY_CURRENT_USER\Control Panel\International]
"iTime"="0"
"iTLZero"="0"
"sTimeFormat"="h:mm:ss tt"

Thanks for your time and comments.

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:35 PM

Posted 02 August 2009 - 01:39 AM

Please do not take me the wrong way. I'm just not in a very good mood to be handing out answers to someone who claims their first action was to try to steal pieces of a tool written by a friend of mine. And there are several members here (not saying me, but maybe / maybe not :thumbsup: ) who have worked on subroutines of CF -- and they are also not exactly eager to hand out answers in such scenarios -- especially when what the person seeks seems to violate that tool's disclaimer ... i.e. running unattended on a large number of machines.

Have a nice night,
Billy3

Edited by Billy O'Neal, 02 August 2009 - 01:41 AM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users