Well, the best definition I have been able to come up with is the following:

I) A "really hidden" file/folder is one that cannot be seen in Windows Explorer after enabling it to view all files, cannot be seen in MS-DOS after receiving a directory listing, and cannot be searched through using the "Find" utility.
a) There is at least one workaround to enabling Explorer to see them.
b) There is at least one workaround to enabling MS-DOS to see them.
c) There is at least one workaround to enabling the "Find" utility to search through them.
d) They are hidden intentionally. Interesting to note that one of these "really hidden" files can't even be searched through using the "Find" utility.

II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones, such as your "MSDOS.SYS" or "Sysbckup" folder.

III) Distinguishes from certain "other" intended hidden files, such as a file with a name of "°ƒë‹x¥."

DOS = Disk Operating System
MSIE = Microsoft Internet Explorer
TIF = Temporary Internet Files (folder)
HD = Hard Drive
OS = Operating System

1) Besides the glaring privacy risks.
2) Besides the fact that Microsoft is keeping these logs intentionally. (For reasons I can only imagine.)
3) These files can take up huge amounts of disk space. I've heard several reports from people telling me that they've cleared gigs of hard drive space after following these directions. Needless to say, you will probably notice a great improvement in performance.

Step by step information on how to erase these files as soon as possible. This section is recommended for the non-savvy. Further explanation can be found in Section 4.0. Please note that following these next steps will erase all your cache files, all your cookie files, and all of your e-mail. If you use the offline content feature with MSIE, following these next steps will remove this as well.

1) Shut your computer down, and turn it back on. 2) While your computer is booting keep pressing the [F8] key until you are given an option screen.
3) Choose "Command Prompt Only" (This will take you to true DOS mode.)
4) When your computer is done booting, you will have a C:\> followed by a blinking cursor. Type in this hitting enter after each line.

CD\WINDOWS\TEMPOR~1\ 
DELTREE/Y CONTENT.IE5 

(If that didn't work then type this:)

CD\WINDOWS\APPLIC~1\TEMPOR~1 
DELTREE/Y CONTENT.IE5 

(If that didn't work then type this:)

CD\WINDOWS\LOCALS~1\TEMPOR~1 
DELTREE/Y CONTENT.IE5

5) This will take a ridiculous amount of time to process. The reason it takes so incredibly long is because there is a ton of semi-useless cache stored on your HD. When it gets done erasing that folder, then type this (hitting enter after each line):

CD\ 
DELTREE/Y TEMP 
DELTREE/Y WIN386.SWP 
CD WINDOWS 
DELTREE/Y COOKIES 
DELTREE/Y TEMP 
DELTREE/Y WIN386.SWP 
DELTREE/Y HISTORY 

Reboot your computer and wait for Windows to load back up.

1) Drop to DOS ("Start" > "Program Files" > "MS-DOS Prompt") and type this at prompt:

regedit 

2) Your Registry Editor will pop up. Go to "Edit" > "Find"
3) Type in "TypedURLs" and then hit [Find Next]. You will be taken to all the places you've typed in URLs manually. 4) Erase any URLs that you find. Do not erase the folders. (They will be called "01," "02," "03," etc...) Double click on them to make sure they are URLs. I found mine here:

HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/

5) and while you're in here you might as well go here:

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current
     Version/Explorer/RemoteComputer/NameSpace/
     {d6277990-4c6a-11cf-8d87-00aa0060f5b5}

6) Delete the {d6277990-4c6a-11cf-8d87-00aa0060f5b5} key. This will make the "Find: Files or Folders" utility perform searches much faster.

1) Install another e-mail program like Eudora, or Pegasus Mail. Make sure everything is setup correctly.
2) Backup any e-mail that you wish to save by making use of the export/import features.
3) Uninstall Outlook.

Warning: This conveniently does not erase any e-mail correspondence. To double check drop back to your DOS prompt and type this:

dir *.mbx /s/p

INBOX.MBX
OUTBOX.MBX
SENTIT~1.MBX
DELETE~1.MBX
DRAFTS.MBX

If these files come up they will be listed in either of these folders:

C:\Windows\Application Data\Microsoft\Outlook Express\Mail\
C:\Program Files\internet mail and news\%USER%\mail\

Now type either of the following (depending on the location of your .mbx files...) (Remember, this will erase all your e-mail correspondence, so backup what you want to keep. By now, you should have already imported your mail into Eudora or Pegasus Mail.)

CD\WINDOWS\APPLIC~1\MICROS~1\OUTLOO~1
DELTREE/Y MAIL

or

CD\PROGRA~1\INTERN~1\%USER%

(replace "%user%" with the proper name.)

DELTREE/Y MAIL

As you may already know, deleting files only deletes the references to them. They are in fact still sitting there on your HD and can be easily recovered by anyone.

• BCWipe is a nice program that will clear these files.
• For you DOS buffs, there's a freeware file wiper on simtel.net that I use.
• If you are using PGP then there is a "Freespace Wipe" option under PGPtools.
• Norton Utilities has a nice filewiping utility.
• You might want to check out Evidence Eliminator's 30 day trial. This is probably the best program as far as your privacy goes.

If you insist on using Microsoft Internet Explorer then I strongly recommend that you check out at least one of these programs:

• Cache and Cookie Washer for IE
• Anonymizer Window Washer
• PurgeIE

I have already tried and tested some other programs and you'd be surprised on how many of them don't pass the tests. For example, HistoryKiller 2001 claims it erases all the files, but don't count on it.

And if you insist on using Outlook or Outlook Express then I recommend that you get in the habit of compacting your mailboxes.

You can do this by going to "File" > "Folder" > "Compact All."

This next section is for those of you who are more interested in learning the ins and outs of your computer. This section is intended for the savvy user.

The most important files to be paying attention to are your "index.dat" files. These are database files that reference your history, cache and cookies. The first thing you should know is that the index.dat files is that they don't exist in less you know they do. They second thing you should know about them is that some will not get cleared after deleting your history and cache.

The result:

A log of your browsing history saved to a hidden file that you didn't know existed.

1) First, drop to DOS and type this at prompt (in all lower-case):

c:\windows\explorer /e,c:\windows\tempor~1\content.ie5\

You see all those alphanumeric names listed under "content.ie5?" (left-hand side.) That's Microsoft's idea of making this project as hard as possible. Actually, these are your alphanumeric folders that was created to keep your cookies and cache. Write these names down on a peice of paper. (They should look something like this: 6YQ2GSWF, QRMTKLWF, U7YHQKI4, 7YMZ516U, etc...) If you click on any of the alphanumeric folders then nothing will be displayed. Not because there aren't any files here, but because Windows Explorer has lied to you. If you want to view the contents of these alphanumeric folders you will have to do so in DOS. (Actually, there is a workaround that Skywalker taught me, but it's a little bit harder to explain. I will cover this tip in one of next versions.)

2) Then you must restart in MS-DOS mode. ("Start" > "Shutdown" > "Restart in MS-DOS mode.") Note that you must restart to DOS because windows has locked down some of the files and they can only be accessed in real DOS mode.
3) Type this in at prompt:

CD\WINDOWS\TEMPOR~1\CONTENT.IE5
CD %alphanumeric%

(replace the "%alphanumeric%" with the first name that you just wrote down.)

DIR/P

The files you are now looking at are directly responsible for the mysterious erosion of HD space you may have been noticing. One thing particularly interesting is the ability to view some your old e-mail if you happen to have a Hotmail account. (Oddly, I've only been able to retreive Hotmail e-mail, and not e-mail from my other web-based e-mail accounts. Send me your experiences with this.) To see them for yourself you must first copy them into another directory and open them with your browser. Don't ask me why this works.

4) Type this in:

CD\WINDOWS\TEMPOR~1\CONTENT.IE5 
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat") 

You will be brought to a blue screen with a bunch of binary.

6) Press and hold the [Page Down] button until you start seeing lists of URLs. These are all the sites that you've ever visited as well as a brief description of each. You'll notice it records everything you've searched for in a search engine in plain text, in addition to the URL.

7) When you get done searching around you can go to "File" > "Exit."

8) Next you'll probably want to erase these files by typing this:

DELTREE/Y C:\WINDOWS\TEMPOR~1\

(replace "c:\windows\tempor~1\" with the location of your TIF folder if different.)

This will take a seriously long time to process.

9) Then check out the contents of your History folder by typing this:

CD\WINDOWS\HISTORY\HISTORY.IE5 
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")

You will be brought to a blue screen with more binary.

10) Press and hold the [Page Down] button until you start seeing lists of URLS again. This is another recording of the sites you've visited.

11) And, if you're still with me, type this::

CD\WINDOWS\HISTORY

12) check out the two mmXXXX.dat files (and delete them), then type:

CD\WINDOWS\HISTORY\HISTORY.IE5 
CD MSHIST~1 
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")

More URLs from your Internet history. Note there are probably other mshist~x folders here.

13) You can repeat these steps for every occurrence of the mshistxxxxxxxx file.

4) By now, you'll probably want to type in this:

CD WINDOWS 
DELTREE/Y HISTORY

This is about it as far as I know. You may also want to take a look at your *.mbx files if you own Outlook. (dir *.mbx/s) All your e-mail correspondence and file attachments are located within these files. More detailed information is covered in the next section.

Would you think twice about what you said if you knew it was being recorded? E-mail correspondence leaves a permanent record of everything you've said -- even after you've told Outlook to erase it. You are given a false sense of security sense you've erased it twice, so surely it must be gone. The first time Outlook simply moves it to your "Deleted Items" folder. The second time you erase it Outlook simply "pretends" it is gone. The truth is your messages are still being retained in the database files on your hard drive.

Furthermore, as if that wasn't disturbing enough, Outlook Express also keeps records of EVERY SINGLE file attachment, after you told Outlook to erase it as well.

For earlier versions of Outlook Express, they will be located in either of the following folder:

c:\program files\internet mail and news\%user%\mail\*.mbx

(replace %user% with the name you use.)

or, if you're lucky, it will be located here:

c:\windows\application data\microsoft\outlook\mail\*.mbx

I found it odd that the first time I installed Outlook, my e-mail data was saved automatically into "internet mail and news." After I uninstalled and reinstalled, it changed its mind and put it into my "application data."

At this point you have two choices.

a) Get in the habit of compacting your folders all the time.
b) Import the data into another e-mail client such as Eudora or Pegasus Mail, then delete the .mbx files by typing this:

Deltree c:\windows\intern~1\%user%\mail

or

Deltree c:\windows\applic~1\micros~1\outloo~1\mail

(Typing in the above commands will kill all your e-mail correspondence. Do not follow those steps in less you have already backed up your e-mail.)

How does Microsoft make these folders/files invisible to DOS?

The only thing Microsoft had to do to make the folders/files invisible to a directory listing is to set them +[s]ystem. That's it. As soon as the dir/s command hits a system folder, it renders the command useless (unlike other folders with any other attributes.) A more detailed explanation is given in section 7.

So how does Microsoft make these folders/files invisible to Windows Explorer?

The "desktop.ini" is a standard text file that can be added to any folder to customize certain aspects of the folder's behavior. In these cases, Microsoft utilized the desktop.ini file to make these files invisible. Invisible to both Windows Explorer and even to the "Find: Files or Folders" utility (so you wouldn't be able to perform searches in these folders!) All that Microsoft had to do was create a desktop.ini file with certain tags and the folders would disappear like magic.

To show you exactly what's going on:

Found in the c:\windows\temporary internet files\desktop.ini and the c:\windows\temporary internet files\content.ie5\desktop.ini is this text:

[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

Found in the c:\windows\history\desktop.ini and the c:\windows\history\history.ie5\desktop.ini contains this text:

[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

The UICLSID line cloaks the folder in both DOS and Explorer. The CLSID line disables the "FIND" utility from searching through the folder. (Additionally, it gives a folder the appearance of the "History" folder.)

To see for yourself, you can simply erase the desktop.ini files. You'll see that it will instantly give Windows Explorer proper viewing functionality again, and the "FIND" utility proper searching capabilities again. Problem solved right? Actually, no. As it turns out, the desktop.ini files get reconstructed every single time you restart your computer. Nice one, Billy.

Luckily there is a workaround which will keep Windows from hiding these folders. You can manually edit the desktop.ini's and remove everything except for the "[.ShellClassInfo]" line. This will trick windows into thinking they have still covered their tracks, and (wininet.dll > rundll32.exe) won't think to reconstruct them.

Here are three easy true or false questions regarding DOS. Play along like you needed to know the answers to get your A+ certification. (If you have no clue of what is going on, then skip to the next section.)

1) True or false: Executing the dir/s command in root will display all the "normal" files and directories on your hard drive.

The correct answer is "true."

2) True or false: Executing the dir/s/ah command in root will display all the "hidden" files and directories on your hard drive.

Again, the correct answer is "true."

3) True or false: Executing the dir/s/as command in root will display all the "system" files and directories on your hard drive.

The correct answer is "you wish."

When DOS tries to get a list of the subdirectories of any +s[ystem] folder it hits a brick wall. No files or folders will be listed within any system folder. Not only does this mean Microsoft has taken extra precautions to keep people from finding these files, but it defeats the whole purpose of the "/s" switch in the first place.

In case you didn't understand, here's a small experiment that will show you what I mean...

Since the content.ie5 and history.ie5 subfolders are both located within a +s[ystem] folder, we will run the experiment with them. The proper command to locate them should be this:

CD\
DIR *.IE5 /s/as

The problem is that you will receive a "No files found" error message.

Since we already know there is a content.ie5 subfolder located here, why is it giving me the "no files found" message?

Now, the really interesting thing is that you (luckily) can get around this brick wall. That is, once you are in the system folder, then the brick wall no longer has an effect on the directory listings. For example, if you enter the system folder first, and THEN try and find any folders then you can see them just fine:

CD\WINDOWS\TEMPOR~1
DIR *.IE5 /as

1 folder(s) found.

Now you will get a "1 folder(s) found." message. (But only after you knew the exact location.) In other words, if you didn't know the folders existed then finding them would be almost impossible.

Have you ever wondered what that "Find Fast" program was under your control panel? I've spent about an hour on microsoft.com reading help files and I STILL have no clue of what it's good for. Here's the most informative snippet I found on microsoft.com.

"The Find Fast Indexer is a utility that builds indexes to speed finding documents using the Open and Open Office Documents commands in Microsoft Office programs, including Microsoft Outlook."

So what does that mean? Well, if you read it carefully you'll see that Microsoft never mentions that it will speed up your searches. In fact it has nothing to do with the "Find: Files or Programs" utility. I think what Microsoft is really trying to say is that when you go to "File" > "Open" under Microsoft Word, then your list of documents will be displayed quicker. If that is what they are saying then it is a lie.

Here are some more quotes from Microsoft that might clear things up:

"The Find Fast Indexer tool tracks the location on the hard disk of all Microsoft Word for Windows documents by default. When one of these files is moved, the Find Faster Indexer tool updates its index."

"Indexes are used to make file searches faster in Office programs."

"The Find Fast Indexer is installed on your computer when you install Microsoft Office 97. Find Fast builds an index to speed up finding documents from the Open dialog box in Microsoft Office programs."

I wasn't able to find one single shred of evidence that it helped you "search" faster. Yet, Microsoft insisted on calling the program "Find Fast." THEN they decided to add the Find Fast icon next to the [Search Document], as if Find Fast had anything to do with searching the document.

So now do you think you know the truth?

What would you say if I told you that Find Fast was scanning every single file on your hard drive? Did you know that in Office 95, the Find Fast Indexer had an "exclusion" list comprised of .exe, .swp, .dll and other extensions, but the feature was eliminated? If you were a programmer, would you program Find Fast to index every single file, or just the ones with Office extensions?

Here are some other interesting facts:

Now here is a good example of the lengths Microsoft has gone through to keep people from finding out Find Fast indexes their hard drives. (Always good to have an alibi.) And I quote:

"When you specify the type of documents to index in the Create Index dialog box, Find Fast includes the document types that are listed in the following table.

Doc Type	File Name Extension
Microsoft Office files	All the Microsoft Excel, Microsoft Web documents PowerPoint, Microsoft Project, and Microsoft Word document types listed in this table. Microsoft Binder (.odb, .obt) and Microsoft Access (.mdb) files. Note that in .mdb files, only document properties are indexed.
Microsoft Excel workbooks	.xl* files
Microsoft PowerPoint files	.ppt (presentation), .pot (template), .pps (auto-running presentation) files
Microsoft Project files	.mpp, .mpw, .mpt, .mpx, .mpd files
Microsoft Word documents	.doc (document), .dot (template), .ht* (Hypertext Markup Language document), .txt (text file), .rtf (Rich Text Format) files
All files	*.* files

Did you get that last part? If you were a wealthy man and you decided to buy every single car in the car lot, would you:

a) Say, "I'll take the red ones, the blue ones, the silver ones, the white ones, the champagne ones, and all of them," or

b) "I'll take them all, sir."

As you can see, they don't want people to realize that Find Fast is keeping an index of your entire hard drive. They walk around the car lot saying "I'll take the red ones, the blue ones, the silver ones,..."

To make things more disturbing you can see just how related Find Fast is with the "really hidden files."

1) Drop to DOS.
2) CD\
3) DIR FF*.* /AH (This will bring up a listing of ffast-related files.)
4) edit /75 %ff% (insert %ff% with any of the names that were listed.)

Notice the incredible amount of disk accesses to your "really hidden" "Temporary Internet Files" folder? What is the obsession that Find Fast has with these folders, anyway?

1) Reboot your computer in MS-DOS Mode.
2) Delete the FindFast.CPL file from c:\windows\system\
3) Delete the shortcut under c:\windows\start menu\programs\startup\
4) Delete the FindFast.EXE file from c:\progra~1\micros~1\office\

Other related files that are safe to erase:

5) FFNT.exe, FFSetup.dll, FFService.dll, FFast_bb.dll, "c:\>ff*.*"

Notice you will loose no functionality after erasing these files? Actually, you will gain functionality.

This tutorial is being updated ALL THE TIME. If you have any useful input, or if you see a mistake somewhere, then please e-mail me so I can compile/fix it into future versions. You will be able to find the most recent version of this tutorial at fuckMicrosoft.com.

My e-mail address is located at the end of this note. Although it may not be done in a timely fashion, I always reply to all of my e-mail.

Thanks for reading, -- The Riddler
e-mail: ther1ddler@fuckMicrosoft.com
hangout: http://www.hackers.com/bulletin/

And if you aren't already paranoid enough here's some sites/articles that I definitely recommend:

http://www.theregister.co.uk/content/4/18002.html
http://www.findarticles.com/m0CGN/3741/55695355/p1/article.jhtml
http://www.mobtown.org/news/archive/msg00492.html
http://194.159.40.109/05069801.htm
http://www.yarbles.demon.co.uk/mssniff.html
http://www.macintouch.com/o98security.html
http://www.theregister.co.uk/content/archive/3079.html
http://www.fsm.nl/ward/
http://slashdot.org
http://www.peacefire.org
http://stopcarnivore.org
http://nomorefakenews.com
http://grc.com/steve.htm#project-x

This version, I just want to thank everyone who has e-mailed me specifically just to thank me. The kind words mean a lot to me and played a big motivator to continue researching. I also want to take this time to say "screw you" to the debunkers out there. You know who you are.

http://support.microsoft.com/support/kb/articles/Q137/1/13.asp
http://support.microsoft.com/support/kb/articles/Q136/3/86.asp
http://support.microsoft.com/support/kb/articles/Q169/5/31.ASP
http://support.microsoft.com/support/kb/articles/Q141/0/12.asp
http://support.microsoft.com/support/kb/articles/Q205/2/89.ASP
http://support.microsoft.com/support/kb/articles/Q166/3/02.ASP
http://www.insecure.org/sploits/Internet.explorer.web.usage.logs.html
http://www.parascope.com/cgi-bin/psforum.pl/topic=matrix&disc=514&mmark=all
http://www.hackers.com/bulletin/
http://slashdot.org/articles/00/05/11/173257.shtml
http://peacefire.org/