How c:\windows\assembly appears in file managers

J

Jeff Layman

Seeing the post about this folder I decided to look at it as I had never
heard of it. What appeared seemed to vary depending what file manager I
used to look at it (hidden files and folders are set to be shown).

Console (cmd.exe)
Navigating to .../assembly and using "dir" shows no files and 10 folders
(GAC, GAC_32, GAC_64, NativeImages_v2.0.... and a couple of tmp files).
It is possible to cd to those folders, use dir, and find layers of
subfolders.

Windows Explorer:
There are 292 "files" in .../assembly shown in the right-hand pane.
According to the left-hand pane, there is a subfolder named "Download".
But it does not show in the "File" list with the 292 "files" (there is a
very limited right-click menu consisting of only "Uninstall" and
"Properties"). Left-clicking on that Download folder shows it to be empty.

FreeCommander XE (64-bit version):
Shows the same "folders" as in Console above, but only in the right-hand
pane, and there is no right-click menu available for those folders.
They do not appear in the left-hand pane, and left-clicking on the
folders does nothing. There are also 4 "files" (including Desktop.ini)
in the right-hand pane, but there is no right-click menu available for
those files. Once again, in the left-hand pane there is a subfolder
named "Download", but it does not appear with the other 10 folders or 4
"files" in the right-hand pane. Left-clicking on "Download" brings up
"Desktop" folders and files in the right-hand pane! But note this is
not C:desktop, as it also includes all the system folders which I do not
have on my desktop. Very strange.

Explorer++
Shows Download as a subfolder of assembly in the left-hand pane, and
only "Download" in the right hand pane. Left-clicking on Download does
nothing.

Cubic Explorer:
Same as Explorer++.

Can anyone explain what is going on here?
 
D

Dave \Crash\ Dummy

Jeff said:
Seeing the post about this folder I decided to look at it as I had
never heard of it. What appeared seemed to vary depending what file
manager I used to look at it (hidden files and folders are set to be
shown).

Console (cmd.exe) Navigating to .../assembly and using "dir" shows no
files and 10 folders (GAC, GAC_32, GAC_64, NativeImages_v2.0.... and
a couple of tmp files). It is possible to cd to those folders, use
dir, and find layers of subfolders.

Windows Explorer: There are 292 "files" in .../assembly shown in the
right-hand pane. According to the left-hand pane, there is a
subfolder named "Download". But it does not show in the "File" list
with the 292 "files" (there is a very limited right-click menu
consisting of only "Uninstall" and "Properties"). Left-clicking on
that Download folder shows it to be empty.

FreeCommander XE (64-bit version): Shows the same "folders" as in
Console above, but only in the right-hand pane, and there is no
right-click menu available for those folders. They do not appear in
the left-hand pane, and left-clicking on the folders does nothing.
There are also 4 "files" (including Desktop.ini) in the right-hand
pane, but there is no right-click menu available for those files.
Once again, in the left-hand pane there is a subfolder named
"Download", but it does not appear with the other 10 folders or 4
"files" in the right-hand pane. Left-clicking on "Download" brings
up "Desktop" folders and files in the right-hand pane! But note this
is not C:desktop, as it also includes all the system folders which I
do not have on my desktop. Very strange.

Explorer++ Shows Download as a subfolder of assembly in the left-hand
pane, and only "Download" in the right hand pane. Left-clicking on
Download does nothing.

Cubic Explorer: Same as Explorer++.

Can anyone explain what is going on here?
Heck, if I knew what was going on, I'd charge money! This is apparently
one of MS's pseudo folders, built to confuse. Just to add to your
collection, this is what I get using VBScript:

FILES:
Desktop.ini
PublisherPolicy.tme
pubpol4.dat

SUBFOLDERS:
GAC
GAC_32
GAC_64
GAC_MSIL
NativeImages_v2.0.50727_32
NativeImages_v2.0.50727_64
NativeImages_v4.0.30319_32
NativeImages_v4.0.30319_64
temp
tmp

'Here's the script:
set fso=CreateObject("Scripting.FileSystemObject")
set oFile=fso.CreateTextFile("assembly.txt")
set fldr=fso.getFolder("C:\Windows\assembly")
oFile.writeLine "FILES:"
for each file in fldr.files
oFile.writeLine file.name
next
oFile.writeLine vbCRLF & "SUBFOLDERS:"
for each folder in fldr.subfolders
oFile.writeLine folder.name
next
oFile.close
 
P

Paul

Dave said:
Heck, if I knew what was going on, I'd charge money! This is apparently
one of MS's pseudo folders, built to confuse. Just to add to your
collection, this is what I get using VBScript:

FILES:
Desktop.ini
PublisherPolicy.tme
pubpol4.dat

SUBFOLDERS:
GAC
GAC_32
GAC_64
GAC_MSIL
NativeImages_v2.0.50727_32
NativeImages_v2.0.50727_64
NativeImages_v4.0.30319_32
NativeImages_v4.0.30319_64
temp
tmp

'Here's the script:
set fso=CreateObject("Scripting.FileSystemObject")
set oFile=fso.CreateTextFile("assembly.txt")
set fldr=fso.getFolder("C:\Windows\assembly")
oFile.writeLine "FILES:"
for each file in fldr.files
oFile.writeLine file.name
next
oFile.writeLine vbCRLF & "SUBFOLDERS:"
for each folder in fldr.subfolders
oFile.writeLine folder.name
next
oFile.close
It's apparently an "old style hack".

http://blogs.msdn.com/b/cumgranosalis/archive/2005/10/03/476275.aspx

In older Microsoft OSes, I think the desktop.ini could call something
(shell32.dll?) to enable a different display mode. And that blog post
is suggesting meddling with the desktop.ini will return things to the "vanilla"
view.

When I look at the Desktop.ini in this case, it has a "CLSID" instead.
Searching for that CLSID, finds it in a list of "God Mode" entries.

http://www.pcworld.com/businesscenter/article/220753/windows_7_godmode_tips_tricks_tweaks.html

"All NET Frameworks and COM Libraries.{1D2680C9-0E2A-469d-B787-065558BC7D43}"

It still doesn't answer the question though, of how the info in that
tree (around 2000 folders) is processed and stored. It would be
pretty slow to scan the 2000 folders for info.

Paul
 
J

James

It's apparently an "old style hack".

http://blogs.msdn.com/b/cumgranosalis/archive/2005/10/03/476275.aspx

In older Microsoft OSes, I think the desktop.ini could call something
(shell32.dll?) to enable a different display mode. And that blog post
is suggesting meddling with the desktop.ini will return things to the "vanilla"
view.

When I look at the Desktop.ini in this case, it has a "CLSID" instead.
Searching for that CLSID, finds it in a list of "God Mode" entries.

http://www.pcworld.com/businesscenter/article/220753/windows_7_godmode_tips_tricks_tweaks.html

"All NET Frameworks and COM Libraries.{1D2680C9-0E2A-469d-B787-065558BC7D43}"

It still doesn't answer the question though, of how the info in that
tree (around 2000 folders) is processed and stored. It would be
pretty slow to scan the 2000 folders for info.

Paul

Not sure how it works either but here are a couple of references.

http://forums.malwarebytes.org/index.php?showtopic=103285 says you
may have a problem if you delete anything from the assembly folder

The Wikipedia entry http://en.wikipedia.org/wiki/Global_Assembly_Cache
has more information that I didn't understand.

Hope(?) this helps.
 
J

Jeff Layman

Not sure how it works either but here are a couple of references.

http://forums.malwarebytes.org/index.php?showtopic=103285 says you
may have a problem if you delete anything from the assembly folder
An interesting solution to a malware problem. I can't see how it could
be done other than with a linux CD since c:\windows\assembly is such a
strange folder.
The Wikipedia entry http://en.wikipedia.org/wiki/Global_Assembly_Cache
has more information that I didn't understand.
+1! One of the oddest statements in that article is "The GAC as a
construct does not actually exist within the Windows OS. It is
implemented and managed by the .NET Framework." So that's why the GAC
appears in the windows folder...
Hope(?) this helps.
Give me a couple of years to chew it over. :)
 
B

Brian Gregory [UK]

Paul said:
It's apparently an "old style hack".

http://blogs.msdn.com/b/cumgranosalis/archive/2005/10/03/476275.aspx

In older Microsoft OSes, I think the desktop.ini could call something
(shell32.dll?) to enable a different display mode. And that blog post
is suggesting meddling with the desktop.ini will return things to the
"vanilla"
view.

When I look at the Desktop.ini in this case, it has a "CLSID" instead.
Searching for that CLSID, finds it in a list of "God Mode" entries.

http://www.pcworld.com/businesscenter/article/220753/windows_7_godmode_tips_tricks_tweaks.html

"All NET Frameworks and COM
Libraries.{1D2680C9-0E2A-469d-B787-065558BC7D43}"

It still doesn't answer the question though, of how the info in that
tree (around 2000 folders) is processed and stored. It would be
pretty slow to scan the 2000 folders for info.

Paul
To see what's really going on use a command prompt and the dir command (use
dir /a to see all files including system and hidden).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top