RE: How to hide a file ?

["Matthew LaGrange" <lagra100 () chapman edu>]

On my Windows 5.1 system,

I did the following

C:\test>echo test > test.txt

C:\test>type c:\windows\notepad.exe > test.txt:test.exe

C:\test>start c:\test\test.txt:test.exe

And I get "test.txt:test.exe" in the task manager

Interesting.
Anyone else?
Matthew

---
Matthew LaGrange, MCP
Student Technology Services Manager
Office of Academic Computing, Chapman University
Phone: (714) 628-2720  - On-Campus x2720
E-mail: lagrange () chapman edu


-----Original Message-----
From: H C [mailto:keydet89 () yahoo com] 
Sent: Wednesday, January 09, 2002 6:59 AM
To: J. J. Horner
Cc: John Stauffacher; LaGrange, Matthew; vuln-dev () security-focus com
Subject: Re: How to hide a file ?

JJ,

First off, let me say that in the past, I've tested
the 'start' command like this, and hit hasn't worked. 
I'll have to do more testing...but I did what you did
below, verbatim...

> On Windows2k, I run the following commands:
>
> C:\ads>type c:\winnt\system32\sol.exe >
> c:\ads\explorer.exe:sol.exe
> C:\ads>start c:\ads\explorer.exe:sol.exe
>
> On task manager, it shows up as sol.exe, on pulist
> (from the resource kit) it shows
> up as explorer.exe.
>
> It works this way whether I run via Run or via
> command-line start.

When I ran the above, I didn't get a listing for
Sol.exe *at all*.  I tried using the Task Manager,
pulist.exe, as well as pslist.exe from SysInternals. 
In every case, the new process showed up as
'explorer.exe'.

Very odd behavoir.

Now, I made a change to the setup above.  Instead of
an executable, I put the ADS behind a text file:

C:\ads>type c:\winnt\system32\sol.exe > 
c:\ads\myfile2.txt:sol.exe

Running it w/ the 'start' command appears as
'myfile.txt' in Task Manager, pulist, and pslist. 



__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/