Просмотр полной версии : Hidden and superhidden extensions

XP user
16.11.2007, 11:29
Here are Microsoft's instructions for how to display ALL file name extensions for installed programs:

1. Open My Computer or Windows Explorer.
2. On the Tools menu , click Folder Options.
3. Click the View tab.
4. Click to clear the Hide extensions for known file types check box.

That's it... Is that it? No, that's not it! Microsoft wouldn't be Microsoft if they hadn't decided to still hide some stuff from the user.

What am I talking about?

It is possible to name a file so that it looks safe to open, when in fact it may be an executable containing dangerous content. For example, a file could be displayed as 'readme.txt' in explorer, when in fact its real name could be 'readme.txt.shs' but since the '.shs' portion of the filename is superhidden, it is impossible to tell it apart from a simple text file. Then once a user double-clicks to open this file, instead of seeing a text page as expected, the file will be executed by Windows as a scrap object and may potentially harm the system. Notwithstanding the many exploits that already exist against this default Windows setting, Microsoft has chosen to stick to this tradition in Vista!

To remove the potential to hide files, open your registry [Start - Run - regedit (Enter)] and, using the 'Search' function [Edit -Find], find each occurance of a value named NeverShowExt. Whenever this value is present the associated file extension will NOT be shown. To display the file extension, highlight the 'NeverShowExt' value and hit 'Delete'. Repeat this process for each extension you want to display.

Some common superhidden and very, very dangerous extensions that will be launched by Windows WITHOUT the usual 'Are-you-sure?' warning include: .shb, .url, .lnk, .pif, .scf, and .shs
They are all in the HKEY_CLASSES_ROOT section of the registry editor.

You should restart Windows for the change to take effect.