I have an optional suggestion (which you may or may not consider an improvement) to simplify the disk analysis part of the process.

You can use two dir commands in succession that will combine the inside hidden and unhidden files into a single file. The >> symbol in the following commands, appends the new output, to the file that has already been created.

You just have to boot to your computer, and generate a dir listing for the internal (inside) view. Then obtain the external (outside) view, by booting to a floppy. This way you will have only two files generated for comparison, though the number of files entries in the directory listings will remain the same.

The following example summarizes what I've described:

For each hard drive (here I use the C drive) -

Boot to the computer's hard drive and create a dir listing to get the inside view:
cd\
dir /s /ah /b C: > inside.txt
dir /s /a-h /b C: >> inside.txt

Boot to the floppy and create a dir listing from the floppy (the outside view):
dir /s /ah /b C: > outside.txt
dir /s /a-h /b C: >> outside.txt

Then compare inside.txt and outside.txt for each hard drive, to get the difference view.

Just try it on your C:\ directory to test (without using /s for brevity's sake) and you'll see the file that is created

Another improvement, is to put these commands into a batch file, so you don't have to retype them every time for each drive you scan. You can make the drive letter a variable and pass that, when you execute the batch:

Example to issue the command using a variable for the drive:

outside.bat C

Now, to get this to work you must replace the C: in the above commands with a %1 symbol.

For example, the commands in outside.bat would look like this:
dir /s /ah /b %1: > outside.txt
dir /s /a-h /b %1: >> outside.txt

Then you would execute the batch by calling it with the drive you are analyzing from the command line - here you want to analyze drive E:
outside.bat E

You can also make the output filename a variable so you can use the same two batch files repeatedly for the inside and outside views.:
Outside.bat would become:
dir /s /ah /b %1: > out%1.txt
dir /s /a-h /b %1: >> out%1.txt

Here the file created would be outE.txt. The %1 symbol is replaced by the drive letter you passed everywhere it appears.

Of course it is the actual comparison that takes the most time, but I thought this might organize the scanning of the various drives you have. I may be too late on that count.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

"Negts22,"

Thank you very much for that info. Except as I have so stated in previous messages, I am not a programmer, so the creation of a BAT file is not one of my talents. I will not include all of my talents here, but; let it be sufficient to say, "I am very good at creating BSOD and Fatal Error Messages."

I will make an attempt at that though. I also noticed there was not an order for my book I have offered to author, maybe you did recognize it would not be available for some time and would be about as large as an UnAbridged Dictionary. That was a feeble attempt at a JOKE, not very good.

Again thank you for reading my posts.

I do enjoy your sense of humor - lkkb.

Creating a batch is simple:
Open a notepad window by Clicking start->run->type notepad.exe
Hit Enter
Paste in the commands in bold into the notepad window:
cd\
dir /s /ah /b C: > inside.txt
dir /s /a-h /b C: >> inside.txt

Save the file to your desktop by setting the "Save as Type" to "all files", and save it as inside.bat

To run it - just double-click the inside.bat icon on your desktop (allow the script to run the batch and disable any script blocking programs).

Or , alternatively you can it execute from the command line - especially nececessary if you are running it from a floppy by typing the name of the batch at the command line like this . (in tis example, you are already in the root directory C

C:\>inside.bat

Here is a good reference for you to learn the basics:
http://www.computerhope.com/msdos.htm

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

"Negs22,"

Thank you for saying that, I was little worried I was going to have a need to write a book. I guess it would need to be started, "Once upon a time a long time ago . . ."

I will look into this when the sun comes up. Also I will Ctrl+C/Ctrl+V your above message to a TEXT file, in EditPad, read it over plus reference your link you have so graciously provided. I have created BAT files before and either I had too much input to the creation or had thingys in the wrong order. They did not work so I gave up. Maybe your instructions and link will be MY break through.

As usual I do thank you for reading my post toaties,

Negs22,

Negs22,

I have some odd questions to ask. I feel they should be asked off the threads, like PN if that is AOK with you. I await your reply on this point.

Reading the site you provided tells me about the '@ECHO Off' and 'REM' entries can allow Comments without them being executed. For some reason my system is still seeing them as CMD or somethingy other than REMs entries. If I still have those or can recreate them, I will include them in another post later. Also could the different Parts (partitions) be entered in a seperate .Bat file and use the 'Call' cmd to have all run as one entry?

Or should I start that book, "Once upon a time in a far far away place there lived Shnouck with visions of doing thingys that had not been done before by any Shnouckums." No, I think I will just leave that to those that KNOW what they are doing and just keep doing my THINGY.

Greetings again from LeonSprings,TexasUSofA,

I have new monitoring software on my system SSM (System Safety Monitor), I know you probably know that. The only problem I see is it tends to slow my system a bit.

I have some unknown files on my system, they are probably AOK, just would like an opinion other than mine. I do like the ExamDiff(TM) Version 1.7 and when running Dir /s /ax /on and not using the /b switch so there is a full display of info.

These show in Windows DOS Shell but do not show when booting from a floppy. What is posted is from DOS Shell in Win98SE2ME:

********************** H [HiddenFiles]*************************

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03
LAUNCHER EXE 16,384 10-12-06 3:42a launcher.exe
PATCHJRE EXE 4,490,872 10-12-06 3:41a patchjre.exe
ZIPPER EXE 16,384 10-12-06 3:41a zipper.exe
3 file(s) 4,523,640 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05

LAUNCHER EXE 16,384 11-10-05 1:38p launcher.exe
PATCHJRE EXE 3,946,152 11-10-05 1:38p patchjre.exe
ZIPPER EXE 16,384 11-10-05 1:38p zipper.exe
3 file(s) 3,978,920 bytes

***********************-H [UnHiddenFiles]**********************

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03
-
. <DIR> 12-03-06 10:27a .
.. <DIR> 12-03-06 10:27a ..
FONTCH~1 JAR 7,838 10-12-06 3:42a FontChecker.jar
REGUTILS DLL 143,473 10-12-06 3:42a RegUtils.dll
2 file(s) 151,311 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05

. <DIR> 03-29-06 3:52a .
.. <DIR> 03-29-06 3:52a ..
FONTCH~1 JAR 7,838 11-10-05 1:38p FontChecker.jar
REGUTILS DLL 127,089 11-10-05 1:38p RegUtils.dll
2 file(s) 134,927 bytes

***********************End of questionables********************

I like the full display then I can compare dates, size, times, even though the 8.3 requirements are in place in DOS. Also noted they are listed as being in JAVA folder and do not know if that is really a requirement of JAVA.

Thank you for reading my posties,

The Quick Reply will not allow me to post this short message so here is a repeat with my Edit that they would not allow either.

Edit by LkkB >Excuse me, CC will not allow me to go back in and edit that line where "Dir /s /ax /on" that should have been "/a(-/+)h" to do the searches for hidden or not.

Thank you for reading my POSTSS again,

[quote="lkkb"]Greetings again from LeonSprings,TexasUSofA,

I have new monitoring software on my system SSM (System Safety Monitor), I know you probably know that. The only problem I see is it tends to slow my system a bit.

I have some unknown files on my system, they are probably AOK, just would like an opinion other than mine. I do like the ExamDiff(TM) Version 1.7 and when running Dir /s /ax /on and not using the /b switch so there is a full display of info.

These show in Windows DOS Shell but do not show when booting from a floppy. What is posted is from DOS Shell in Win98SE2ME:

********************** H [HiddenFiles]*************************

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03
LAUNCHER EXE 16,384 10-12-06 3:42a launcher.exe
PATCHJRE EXE 4,490,872 10-12-06 3:41a patchjre.exe
ZIPPER EXE 16,384 10-12-06 3:41a zipper.exe
3 file(s) 4,523,640 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05

LAUNCHER EXE 16,384 11-10-05 1:38p launcher.exe
PATCHJRE EXE 3,946,152 11-10-05 1:38p patchjre.exe
ZIPPER EXE 16,384 11-10-05 1:38p zipper.exe
3 file(s) 3,978,920 bytes

***********************-H [UnHiddenFiles]**********************

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03
-
. <DIR> 12-03-06 10:27a .
.. <DIR> 12-03-06 10:27a ..
FONTCH~1 JAR 7,838 10-12-06 3:42a FontChecker.jar
REGUTILS DLL 143,473 10-12-06 3:42a RegUtils.dll
2 file(s) 151,311 bytes

Directory of C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05

. <DIR> 03-29-06 3:52a .
.. <DIR> 03-29-06 3:52a ..
FONTCH~1 JAR 7,838 11-10-05 1:38p FontChecker.jar
REGUTILS DLL 127,089 11-10-05 1:38p RegUtils.dll
2 file(s) 134,927 bytes

***********************End of questionables********************

I like the full display then I can compare dates, size, times, even though the 8.3 requirements are in place in DOS. Also noted they are listed as being in JAVA folder and do not know if that is really a requirement of JAVA.

Thank you for reading my posties,[/quote]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

If I were you I would uninstall Java and delete the entire Java folder from the common files.

Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.0.
Scroll down to where it says "Java Runtime Environment (JRE) 6u1 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

AbuIbrahim,

Thank you for this info. I have attempted to remove older parts of JAVA before and it would not run. Had to reinstall all of the other versions. I am presuming this will remove all of Java, including the Registry. This new version will not require all of those other portions.

Have installed another Security Software titled Safety Security Monitor, if you know what that is, if not just ask and I will provide links.

Note my updated sig.

Thank you for reading my post,

While downloading from Java of the software you had given a link for there is another connection out to "Rule 'TCP ack packet attack': Blocked: In TCP, a72-247-127-33.deploy.akamaitechnologies.com [72.247.127.33:80]-" as noted in my FW Log. Why is Akamai connected to my system?

Thank you for reading my post,

Many companies use Akamai technology to facillitate hi speed transfer of data, be it media or in the case of Microsft - Windows Updates.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

[quote="AbuIbrahim"][b][color=blue]Your Java is out of date.[/color][/b] Older versions have vulnerabilities that malware can use to infect your system.

Snip snip snip
[/list][/quote]

AbuIbrahim,

I finally managed to update my JAVA, next day did an update of FF to v2.0.0.4 now that JAVA is outdated again because it will not work with FF. Continuous never ending battle . . .

Thank you for the instructions . . now give some instructions to SUN MicroSystems, just joking, Have a great day,

Dear all..
my computer has the symptoms of a gromozon rootkit..
i cannot launch ccleaner, nor hijackthis, nor virit. even worse i cannot type into google "ccleaner" nor "hijackthis"..those looks to me like clear symptoms of a gromozon rootkit!
maybe related..i cannot open video files by doubleclicking the video file into the folder..as if i do so the folder freeze and is necessary a ctrl+alt+canc to close the "non answering" folder!
what is different from the gromozon rootkits described is that i cannot detect any hidden users into the documents and settings folder..
have you got any idea on how to start the removal of this problem?

please help!!

THanks!

@uhhman: Here's what I suggest that you do. You may have malware or possibly even a rootkit, but we should start at the beginning, and diagnose all problems. To get started, I recommend that you follow CastleCops' Malware Removal and Prevention procedure, a new system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you. If they determine that you do have a rootkit that requires our assistance, you will then be referred back to this forum for more help. This way, you can have your system comprehensively and systematically cleaned of all malware and rootkits if there are any.

You might also want to read this to learn more about rootkits:

http://wiki.castlecops.com/Rooting_Out_the_Dangers:_Rootkit_Removal_for_Beginners