Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Files names with question marks


  • Please log in to reply

#1
Craig Parton

Craig Parton

    New Member

  • Member
  • Pip
  • 4 posts
I have a silly question. How is it possible for programs (usually malware) to create filenames and directories that contain question marks? They appear normal in windows explorer but not when viewed from the command prompt. For example the adware program PurityScan creates this file / directory combination in various places:

?ecurity\??rvices.exe

BUT when viewed from windows explorer they appear without the question marks with the correct letters filled in:

security\services.exe

It is also impossible to delete them from the command prompt because the command:

del ??rvices.exe

returns a File not found error. But windows explorer deletes them without a problem (provided they aren't running).

Any insight would be appreciated as I loathe spyware and am always looking for new ways to erradicate it.
  • 0

Advertisements


#2
anzenketh

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
Please go to the malware forum and follow the instructions at the top....Especially the Instructions things to do before posting in the malware fourm.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.


Also if you want to learn how to fight malware with us. Check out This Thread
  • 0

#3
Craig Parton

Craig Parton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the reply tuxmaster. I have looked through the forums and found a wealth of information about malware removal. Definitely a valuable resource.

However, I believe you misunderstood my question. I am rather proficient at removing malware myself. I was able to successfully remove the files, so that's why I didn't post it in the malware removal forum.

I was mainly curious about how it was possible to create filenames with question marks since the ? is a wildcard character and Windows XP won't accept filenames that contain it. Can the CreateFileA function of the Windows API be manipulated to allow it? That still wouldn't explain why the filenames appear correct in windows explorer.

I forgot to mention another unusual quirk with this. This computer had multiple folders with the ? character. One of them was in C:\Program Files\Common Files. This folder contained both an Adobe folder and a ?dobe folder. The ?dobe folder contained a piece of spyware masquerading as logonui.exe. The Adobe folder had legitimate Adobe shared files inside.

BOTH folders showed up in windows explorer as Adobe, another impossibility since duplicate folder names aren't allowed.

Edited by Craig Parton, 06 June 2007 - 07:37 PM.

  • 0

#4
anzenketh

anzenketh

    BSOD Warrior/Computer Surgeon

  • Technician
  • 2,854 posts
May I ask why you want to create file names with ??
Also if you want to learn how to fight and delete malware including the ones with a ?. Check outThis Thread

Edited by tuxmaster, 06 June 2007 - 07:40 PM.

  • 0

#5
Craig Parton

Craig Parton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for the link... I filled out an application :blink:

I really don't want to create them. I just want to know how its possible. Simply curiousity, that's all :whistling: That's why I said I have a silly question.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP