Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Fake AV infection - files hidden?

28 Mar 2012   #11
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Greg, remove the 'dirty' DNS cache, and restore MS's Hosts File:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After doing all of the above, scan the machine with ESET OnlineScan:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

We'll follow up from here


My System SpecsSystem Spec
.
29 Mar 2012   #12
gregrocker

 

TeamViewer won't reconnect after disconnecting during Old Timer cleaning. Will have to wait to finish the steps. I did notice I cannot access Device Manager by rightclicking Computer any longer. I get a lost path when I click Manage. I had to use Control Panel.

This reminds me why I always end up reinstalling after one of these. When I get back there next week I'll probably reapply an image from February. At least he's able to use it no problem now.
My System SpecsSystem Spec
29 Mar 2012   #13
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I think the better idea of cleaning and re-installing will be for the best. Some System Check <-- fake Av will be bundled with the latest TDL rootkit.
My System SpecsSystem Spec
.

30 Mar 2012   #14
gregrocker

 

Everything completed without problems and performance is good.

The only remainder experienced so far is that it's lost its path from rightclick>Computer to Management console. I wonder if that would have been one of the links restored by the brilliant Unhide program had CCleaner not deleted Temp files before it was run? It prompted that without the Temp files it could not restore other links in All Programs folder.

May I ask what all flush.bat flushed?

Thanks, Jacee. Would rep you again if it would let me.
My System SpecsSystem Spec
30 Mar 2012   #15
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

The 'flush.bat' flushed the bad DNS cache, restored MS's Hosts file, reset the winsock (in case a bad program/file hijacked it), and renewed the computers IP address.

A request flows in the following order:
Web browser or other application
|
winsock.dll
|
TCP/IP layers
|
Modem or network card
|
The Internet and destination

This might also interest you DNS (Domain Name System)
My System SpecsSystem Spec
30 Mar 2012   #16
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by gregrocker View Post
I wonder if that would have been one of the links restored by the brilliant Unhide program had CCleaner not deleted Temp files before it was run? It prompted that without the Temp files it could not restore other links in All Programs folder.
FYI: With rogues that make it appear that files/programs are missing, do not run a temp file cleaner. The rogues generally "hide" the files in the %Temp%\Smtmp folder.

Grinler also created some scripts to restore the default Start Menu for specific versions of Windows that he has access to. See the 11/14/2011 update at Unhide.exe - A introduction as to what this program does
My System SpecsSystem Spec
30 Mar 2012   #17
gregrocker

 

Hi, Corrine. I had run CCleaner earlier after infection so Unhide couldn't restore the Start Menu items.

This was a learning experience.
My System SpecsSystem Spec
01 Apr 2012   #18
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, Greg. I understand that. The purpose of my comment was twofold. First to advise others who may read this topic not to run a temp file cleaner and, second, to direct your attention to are Grinler's scripts to restore the Start Menu items. They are in the same discussion topic as the information on Unhide.exe. Just scroll down the page to the section marked Update 11/14/2011.
My System SpecsSystem Spec
01 Apr 2012   #19
gregrocker

 

Thanks, Corrine.

Unhide is a lifesaver. The guy's external had almost 1tb files which were hidden and it unhid them as well as all of his data flawlessly.

Zepher's advice to unhide them in Control Panel>Folder options worked initially but I needed a permanent solution so I could rehide legitimately Hidden Files.
My System SpecsSystem Spec
03 Apr 2012   #20
Corrine

Windows 7 & Windows Vista Ultimate
 
 

It is even more of a lifesaver now! Grinler posted this update to the Unhide.exe topic today:

Quote:
Update: 04/03/2012

Unhide was updated to include certain Start Menu options that were being hidden on the start menu. Unhide will now restore those settings back to Windows defaults and then restart Explorer.exe so that the changes go into effect.

These start menu items that are now made visible include:
  • Documents
  • Pictures
  • User Profile
  • Music
  • Games
  • Control Panel
  • Videos
  • Default Programs
My System SpecsSystem Spec
Reply

 Fake AV infection - files hidden?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Show hidden files that remain hidden
In Appearance Files View, clearing the 2 buttons to reveal hidden files does not allow access to, for instance, C documents and settings, which has a padlock next to it, and others. I had reinstalled the OS from within the machine and uninstalled any junk such as games etc. Have Avast free,...
General Discussion
show hidden files folders (exclude files)
Is there any way in windows 7 the show hidden files and folder and show system files, however hide only desktop.ini's and thumbs.db? Don't need to seem them. Annoying.
General Discussion
Fake AV infection??
Hi! I was lead to this forum after googling my problem with this virus, which hid all my startup programs and destop icons... after looking at other threads and downloading malware and unhide I got my files to come back but like most people not the user file folders on my startup. Also, when I ran...
System Security
Infection by fake AV virus
Visiting a friend who is massively infected by fake AV scan. All of his files are hidden and nothing will run. I just ran bootable Windows Defender Offline which appears to have found nothing. System Restore is infected back a few days although there are more points to go back further. Any...
System Security
Hidden System files are no longer hidden
Some of my important system files are no longer hidden and I can't hide them even with the Command Prompt "attrib" command. Files such as bootmgr and ntldr are shown and I can't hide them. Also, show Protected System files is unchecked and show hidden files is also unchecked so they shouldn't be...
General Discussion
Fake 'Conficker.B Infection Alert' spam campaign drops
More at: Fake 'Conficker.B Infection Alert' spam campaign drops scareware | Zero Day | ZDNet.com
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App