# 'Downloaded Program Files' directory contains files not visible to windows



## olderwest (Jun 27, 2004)

Hello and thank you in advance for any help with my question.

My OS is Win98SE.
I use IE 5.x with 128 bit encryption update
Internet access is 56K modem.

I have been reading and studying for some time now to try and learn about the various types of malware and how to deal with it. During this study I discovered some 'invisible' files that I have not been able to find any tech info about by my web searching techniques. Since at least two of the files are ones listed as malware I decided to try a post here requesting information/help. The two files are bridge.dll & bridge.inf but they are not the what I want help with at this time.

Here is what I discovered, the C:\WINDOWS\DOWNLOADED PROGRAM FILES directory when opened shows 24 objects in it. It shows the same thing when I access it via the view objects button in Internet Explorer. By chance I right clicked and did 'properties' on the folder and was very surprised to notice that the properties tab said there are 65 files in the folder. I tried the windows find files or folders function and found that the folder was not even visible to the find function. I have read some of the hiding techniques Microsoft uses in Windows but had not seen anything in relation to this particular folder so my interest was aroused. By going into DOS I was able to go to the folder and get a directory listing. Sure enough, 63 files and 2 directories (the roots). I might not have had too much concern even then if things had looked 'normal' but when I scanned the list of files and saw the two bridge files I realized there was more here than just Microsoft hiding things from users. I thought that a search for info on the directory and its hidden aspects along with it being a place for malware to hide would be a simple thing. After spending most of the last two days looking and reading however I have failed to turn up anything relating to the 'hidden file' aspects of the folder even though there are a lot of references to the folder because of its use for active-X objects.

I don't know if I am just doing a poor job of searching the web (certainly possible) or if I have found something unusual. Either way I decided it was time to call on some real expertise for help so here I am at your forum. If I have found anything unusual I will be more than happy to provide a listing of the files in the folder. At the present time I use Norton Anti-Virus (2002) but have not loaded or run any of the anti-spyware programs so none of the standard log files that people send in are at my fingertips.


----------



## Linkmaster (Aug 12, 2001)

Hi olderwest, Welcome to TSG !!
First, get Spybot here!! Read the tutorial

Second, get HijackThis here !! read the brief tutorial and post the log file here after you have scanned the system.


----------



## olderwest (Jun 27, 2004)

Hi TW56, thanks for the quick response. I will see about downloading, studying and using the two files as you recommend. I am a little lost though to understand how the anti-spyware programs will help me to get tech data on why Microsoft has made the folder partially invisible to Windows and if there is a fix or work around that will let the full folder be visible and searchable. I hope my initial post wasn't misleading on the info I was looking for. I only used the bridge files as an example of my concern that Microsoft left such a hidden area. There are similar hidden files in the 'fonts' folder and the 'temp internet files' folders but I have been able to find tach data on how to make those files visible to windows. I am looking for the same in this case. Meanwhile I will get back with the log file as soon as I get the spybot and hjt programs loaded and run. Thanks again.


----------



## Linkmaster (Aug 12, 2001)

Sometimes some files are considered system files by windows. 
Now you can go into Windows Explorer, View, File options, Check these boxes:
Display full path in the title bar
Show hidden files and folders

Uncheck theses:
Hide file exstentions for known file types
Hide protected operating system files(Now use this just to look at the file then I would check it back, to much room for error there)
Apply , then ok


----------



## aldiboronti (Apr 18, 2002)

I've just checked my Downloaded Files folder. Explorer shows 18 programs; I checked the Properties tag as you did and, lo and behold, 39 programs! I run Adaware and Spybot every day, Hijack This at least once a week. None of these report any problems, and they certainly don't list the extra programs. (I always set Options to show all files, extensions, etc).

So what's going on here?


----------



## Sjrily (Jul 16, 2004)

I've found the same thing and can make no sense of it. I'm running Windows XP Home and the Windows\Downloaded Program Files folder in my case shows zero files, but properties indicates 28 files at nearly 16 MG! I've run all diagnostics, etc. I have windows configured to show all files,extensions, etc., I have verified my ownership of the folder, I even deleted 'NeverShowExt' entries from the register. I created a word document, saved it there, still nothing. Explorer wouldn't even show me that. 

Now, here's the REALLY odd part - determined to see what was there (I recently cleaned several cases of spyware off the drive), I finally decided to zip the folder and see if I could view the archived items in the zip folder. It worked! I could see all items. I renamed the original folder with 'old,' zipped it again, worked again! Then I selected a file I knew wasn't anywhere else and ran a search on that file (two, actually, one for 'file name' and for files containing 'file name,' as I've found that sometimes 'search' only returns certain files if entered as 'containing text.' why, I don't know - still trying to stay hidden, I guess). Anyway, the two files in the zip folder were returned, but not the one still in the original folder. When I ran the 'containing text' search, it returned a reg backup file, log file and the two zipped files, still not the one in the Download folder.

Surely there's not a virus that can make the contents of one folder become entirely invisible - then again, dumb comment. Maybe I have more folders like this, I don't know, but I don't think so. I know these files aren't particularly needed, so I should be able to delete the entire folders, but still, I want to know what the heck is going on!

Any ideas?? Thanks!


----------



## Guest (Jul 16, 2004)

olderwest,

Go to Start>Programs>MS-Dos Prompt and open a dos window. 
Type "dir downlo~1 /a" without the quotation marks and then hit the "enter" key and the contents of your Downloaded Program Files folder should all be displayed.

If for example you see a hidden file such as "bad_file.exe", you can delete the file by typing
"del C:\WINDOWS\downlo~1\bad_file.exe" without the quotation marks and then hit the "enter" key.

If you accidentally delete something, there is a possibility of retrieving it using the "undelete" command. This, however, will only work for files just deleted. 
C:\undelete

Before deleting anything, I would have a look atUnderstanding and Getting Around in DOS to familiarize yourself a bit about viewing and managing files in dos.


----------



## olderwest (Jun 27, 2004)

Hi Mowergun,

I did use DOS mode to see the files just as you suggest (see my starting post). I had to use the /Ah switch with the dir command to get one hidden file to list however. The file that is hidden is the "desktop.ini" file that I suspect is involved in how Microsoft hides the contents of the directory from windows. There are a number of special directories that MS hides at least partially like the History, Temp Internet, and Fonts folders. I have found work arounds for most of them that let me make the contents visible to windows, most importantly the find files function. I have not been able to find such information for the Downloaded Program Files directory though and it is of considerable concern to me because the folder just "happens" to be one of the prime attack points for some of the worst malware on the internet. When I found that some non-ocx object malware files are also being placed in this directory I decided to post to a technical forum in an attempt to find a method of making this folders contents visible to windows also. I'm still hoping someone will have the answer I appreciate your help and suggestions.

OW


----------



## Elvandil (Aug 1, 2003)

It's interesting that using Agent Ransack ( http://www.mythicsoft.com/agentransack/download.aspx ) and searching for * shows all the files.

I've tried enabling the viewing of superhidden files, but they still don't show.

"Windows 2000 and XP have a special category of files reserved for internal operating system and filesystem uses, called "superhidden" files. If you want to be able to see these files for whatever reason, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced and set the DWORD ShowSuperHidden to 1."


----------



## Guest (Jul 17, 2004)

olderwest,

Oops, I guess I didn't read your post carefully or fully. It looks like you are way ahead of me.

I recently dealt with the same issue after discovering that there was hidden stuff in my Downloaded Programs directory after reading another thread on the same issue somewhere else.

I do a lot of my browsing of tech sites late at night after work and then I often forget what I had done by the next morning.

I found and used a utility called Halworks to view and delete hidden files from my Downloaded Programs directory.

The download link on the Halworks page did not work for me, but I found and downloaded the program installer, *hworks23.zip* from this page.


----------



## Elvandil (Aug 1, 2003)

The TrackerV3 file manager (free home use version) also reveals all the hidden files in that folder:

http://www.trackerv3.com/


----------



## olderwest (Jun 27, 2004)

Thank you very much for your time and trouble to respond and help. Your replies are the only ones so far that actually even acknowledge the questions I had in starting the thread. You guys have given me three new items to check out which I did not know about and they all sound like they may at least partially help solve my problem.

Elvandil, I have not tried the "super hidden" trick due to running Win98SE but it is good info as I have read references to it. For info if it is of any help to you, I am able to copy and manipulate files from the DPF folder when I'm in a DOS window just as Mowergun outlined.

Mowergun, I did not mean previous note as any kind of put down on you as I certainly have the exact same problem keeping track sometimes. You can see such a wide ranging mountain of information in even a single night of research that it is near impossible to keep all the detail sorted out. I have also woke up with my (usually aching) head on the keyboard more than a few times when doing late night research, so please keep the suggestions coming.

OW


----------



## Sjrily (Jul 16, 2004)

HELP! 

I think my problem must be something other than Windows simply not showing certain files. I have everything configured to show everything, including the setting in reg. as suggested by Elvandil.

My problem is that the ENTIRE CONTENTS of the "Downloaded Programs Files" is still invisible, regardless of what type of file it is. As I said earlier, I created a simple word document and saved it in this folder and IT TOO became invisible. When I manipulate to view the contents, there is (seemingly) nothing in there any different than what does show in other folders: doc,inf,dll,exe,ocx,osd. And none of these 'regular' files will appear when running a search. Why on earth would a Word document I created just disappear from sight when placed in this folder? 

I'm concerned that something has caused the folder to always appear empty and it's contents to always be inviable in attempts to prevent me from accessing the folder that, as Olderwesr stated, is often the prime target for malware. Is this possible?

Any input would be most appreciated.
thanks!
sharon


----------



## seanknh (Aug 22, 2004)

I saw your thread while searching for info on the exact same problem win98 se. I was able to show the super hidden files in my downloaded progam files folder by searching the registry for "downloaded program files". I had to hit f3 several times until i got to an entry which showed 6 files that were being hidden. I deleted the value for mediaticketinstaller, the file that I was searching for and voila, it showed up in the downloaded program files folder and I was able to delete it.
hope this helps. There are other entries related to microsoft xml and active x that I would leave alone. I only deleted the spyware file that I could not find any other way.
Sorry, I don't remember the exact location in the registry but you should be able to find it with the search feature.


----------



## WhitPhil (Oct 4, 2000)

olderwest said:


> When I found that some non-ocx object malware files are also being placed in this directory I decided to post to a technical forum in an attempt to find a method of making this folders contents visible to windows also.


Out of curiousity, what files are you finding in this folder that are not linked to an Activex control, and for what piece of malware?


----------



## SlyDaCat (Mar 24, 2005)

that folder can be made "VISIBLE" by simply deleting the destkop.ini
from the folder via dos  but cant see if things are not working such
as where shows "installed" the tabs on top change and you see file
names and not the "technical" or actually rather helpful names they
are by default ..so i suggest a rename ren desktop.ini desktop.txt
and can clean house and then "when done" can rename them back 
rename back ren desktop.txt desktop.ini and ya back to how was 
before....yes microsoft regardless of the "show all files and then...
system files and extentions" as if wasnt trying to hide enuf even it 
decided to "show cetain file extentions ONLY SHOW and ini, inf, dll
and others are well all hide and yes malmare goes there and many 
online checkers (virus checkers) would say found it there but well
"wouldnt be able to remove them" (BUT ID loook in explorer and be
like there aint no files named that there and like could couldnt get
and even said "what a fake antivirus app trying to sell ya BUY US
and made up as if i had more problems then really had (exagerated)
But anyway learned could see all in dos and "never had a problem"
in dos to be able to delete the files that way (if they not running)
it just rather is a pain when ya wanna "see all" that to Mocrosoft
ALL DONT MEAN ALL, just means lets hide in a different way and I
also had those bridge files and deleted them from dos....anyway I
actually deleted the desktop.ini (unlike advice that gave ...learned
the hard way and was searching for that silly INI file to replace so
"can see the proper names for them vs file name cause on most the
items the file name dont help at all and there was no properties or 
(pop up that helped ya any) vs before could see it as yahoo pool 2
yahoo cansta etc ...and I will check into that ini when i replace an
see if the actually ini that says HIDE THEM....would assume is since
well when ya remove it the layout of the tabs is different and ALSO
files arent hiden as well...id like to make it show "ALL" in the files in
the way they are originally (so can tell if functioning or a problem in
the app that way ....but dont hide NOTHING!! problem seem to be in
way tabs are set up (vs file name, type, date, etc) but keep this in
mind when help others who state "says was this virus etc and was 
supposed to been in the downloaded programs folder but isnt..they
likely didnt or a virus app didnt rid it "ages later even after bridge
was "for all i knew gone completely i ran into its "two files that virus
app told me was there and thus was not completely gone..but the
ex was so they wasnt a threat as i recall.....had been a while now
anyway will let ya know what i find out and if can change ini so all
files are shown but still have the ability to see if a problem with the
files (or applets or what have ya) still show as intended...think was
maybe MS"s oversight if ya set a folder (assuming this file will be in
it and to display them in a different manor "same as fonts folder is"
then ya are bound to see if someone tosses a text into font folder
well what do ya know "it dont know what it is and dont display its
there or whatever so allows things to hide from us who want to rid
them and clean up our pc's from virii, nasty spyware, maleware etc


----------



## VeryBizee (Aug 24, 2004)

:up: Thank you SO much, SlyDaCat!!! You fixed my problem! I have had adware in super hidden files in my downloaded program files for ages and haven't been able to find them myself. Norton found them every time but I couldn't, and I HAVE "show all hidden files" selected! Thanks again, maybe my blood pressure will settle down about this


----------



## Elvandil (Aug 1, 2003)

VeryBizee said:


> :up: Thank you SO much, SlyDaCat!!! You fixed my problem! I have had adware in super hidden files in my downloaded program files for ages and haven't been able to find them myself. Norton found them every time but I couldn't, and I HAVE "show all hidden files" selected! Thanks again, maybe my blood pressure will settle down about this


I'd suggest that for everyday use, you try the TrackerV3 file manager linked above. It shows most "ultrahidden" files that most people never see on their machines. Nemo works even better and shows all files, but is not free.

The desktop.ini track works well, but it will revert back as it was and you'll need to do this every time for every folder that you want to view.


----------



## SlyDaCat (Mar 24, 2005)

glad to have helped...
i know can drive ya mad when we think we can just go there and get the
files and rid them but even with show all to microsoft seems isnt "ALL"


----------

