How To Find Hidden Malware, View hidden files and folders and double-extension files Options

[Cris]

Most of the times, malware files don't stay where everybody can see them. They "install" themselves in system folders (C:\Windows, C:\Windows\System32, C:\Documents and settings etc...).

Even more, they use some techniques to hide themselves from the eyes of the user, by settings their attributes to Hidden and/or System. By doing this, they will become practically invisible in Windows Explorer. This happens because, by default, Windows is set not to show hidden files and folders. Why?
Because, in normal conditions, hidden files and folders and System files are the most important files of the Operating System and should be protected against accidental deletion and/or modification from inexperienced users.

Fortunately, you can always make Windows Explorer (or any other File Manager that you use) to show these files, by doing this:

1. Open Windows Explorer
2. Click Tools -> Folder options... -> View
3. In the list of options, search for the category Hidden files and folders and enable Show hidden files and folders
4. Also, disable the option Hide protected operating system files (Recommended). When you disable this option, Windows will show a confirmation message, asking if you are sure about this change. Confirm by pressing Yes
5. Click OK to close the Folder Options dialog.
6. Now you can view in Explorer all hidden files and folders

Warning! If you are not very experienced with Windows, I recommend that you leave these options at their default setting, to prevent accidental changes.


Another method used by malware is to add double-extension to their files, resulting in files named like: .mp3.exe or .jpg.exe. By default, Windows is set to hide the extensions for known type of files, so these malware files won't appear with their double-extension (you will only see them as .mp3 or .jpg).
This is not a method of hiding the files, to prevent you from seeing them. On the contrary, it's more a method to invite you to listen to a good song, or to view a cool picture when, in reality, you'll open an infected executable and you'll infect the computer.
Also, there are malware applications (executables) that mask themselves as folders: they have the icon of a Windows folder and, when you try to see what that folder contains, you'll actually open an infected application.
Example:
 Folder_executable.jpg ( 21.77K ) Number of downloads: 58


To view the real extension of a file, and to see if, in reality, it is the file you want to open or it is some malware that has double-extension, go to Folder Options -> View (the same way as above) and disable the option Hide extension for known file types and click OK. Now, the real identity of a file will be shown in Windows Explorer.
 Folder_executable_2.jpg ( 2.66K ) Number of downloads: 45