Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: halp! virus set my all files to hidden and now i cant reverse it!


12 Jul 2010   #1

W7 64-bit
 
 
halp! virus set my all files to hidden and now i cant reverse it!

So yesterday I got the follow worms/virii:
-packed.vmpbad!gen1
-trojan.gen
-w32.imautorun

I realized this when this Magway FC popup kept coming up and i was wondering what the hell it was. I tried to get to the task manager but it wasnt present as a choice when i hit ctrl+alt+delete (Windows 7). i tried to get to msconfig and my computer restarted itself.

When it restarted all of my files (in the programs menu, all my media and pictures) almost everything in my hard drive was gone! i chekced how much space my hd had and figured out all my stuff was just hidden and not erased. I couldnt access system restore even to disable it, couldnt get to folder options, etc.

Soo since AVG failed me i d/led norton and eradicated the virii.
Then I used Malwarebytes to get rid of these registry infections:


Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8eygnigr-kxu6-3de9-1ijd-cwgvhwklmkyw} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFind (Hijack.Find) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\hackhound.txt (Malware.Trace) -> Quarantined and deleted successfully.
__________________________________________________ ______________

Now i can get to folder options to show all hidden files, and i can see all of my hidden files (basically everything in my hard drive). however, when i right click > properties, the "hidden" check box under attributes is greyed out and i can un-hide the file (let alone any file).

What can i do?
TO BE CLEAR: the virus made it so that all of my files (including pictures, music, movies) are hidden, however i can go to folder options and set "view hidden files" to on and i can see all of the hidden files. what i want to do is uncheck the box on the hidden attribute for all of em so that they are NOT hidden files anymore


My System SpecsSystem Spec
.

12 Jul 2010   #2

W7 64-bit
 
 

screens:
My System SpecsSystem Spec
12 Jul 2010   #3

Windows 7 Ultimate 32 bit
 
 

Have you tried to take ownership of the folders?

Take Ownership Shortcut
My System SpecsSystem Spec
.


12 Jul 2010   #4

W7 64-bit
 
 

it doesnt show up as an option
My System SpecsSystem Spec
12 Jul 2010   #5

Windows 7 Ultimate 32 bit
 
 

Read the link I posted: Take Ownership Shortcut
My System SpecsSystem Spec
12 Jul 2010   #6

W7 64-bit
 
 

okay, so ive taken ownership but nothing happens. by the way something interesting happened while i was downloading the registry key that adds "take ownership" to the context menu. the downloaded file's icon had a Magway FC logo on it, the same logo of the pop up that kept popping up on my computer while i had a bunch of viruses. must mean that the damn virus has changed a lot that i cant see or wont realize until later down theline. makes me feel like a clean start is the only way to go?
My System SpecsSystem Spec
12 Jul 2010   #7

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

Boot from a live ubuntu or Knoppix cd, copy off all possible data files to external media, then do a clean install of Windows 7.

Computer First Aid Using Knoppix

Data Recovery Via Ubuntu Live CD : Data Recovery Hope
My System SpecsSystem Spec
12 Jul 2010   #8

Windows 7 Ultimate 32 bit
 
 

I don't think the malware is cleaned out. There might be some things you can do instead of a clean install. Let me ask for some help with this. I am not a malware expert; but we do have some well versed experts here. It maybe tomorrow before than can get back to you considering they are in different time zones.

You will want to backup your files before you do a reformat and a clean install. However, some of your files might be infected and you will want those cleaned. Did you do a deep scan with Malwarebytes? If not, do so.

If you now have the Take Ownership shortcut, take ownership of one of the folders your files are in. Then see if you can remove the hidden check. You may have to change permissions.
My System SpecsSystem Spec
12 Jul 2010   #9

W7 64-bit
 
 

Quote   Quote: Originally Posted by CarlTR6 View Post
I don't think the malware is cleaned out. There might be some things you can do instead of a clean install. Let me ask for some help with this. I am not a malware expert; but we do have some well versed experts here. It maybe tomorrow before than can get back to you considering they are in different time zones.

You will want to backup your files before you do a reformat and a clean install. However, some of your files might be infected and you will want those cleaned. Did you do a deep scan with Malwarebytes? If not, do so.

If you now have the Take Ownership shortcut, take ownership of one of the folders your files are in. Then see if you can remove the hidden check. You may have to change permissions.
yup, took ownership of the parent folder then the file itself to no avail, clearly my computer still has some scars from the infection or still has some malware in it. yup i did a deep virus scan and malware scan and my computer came out clean

sure thing ill wait til tomorrow before i leap and do a clean boot
My System SpecsSystem Spec
12 Jul 2010   #10

Windows 7 Ultimate x32
 
 

This maybe? "...I found my problem. It's been a while since my DOS days and I had forgotten about the System attribute. Seeing as I have hundreds of document spread across dozens of directories the attrib command didn't quite fit the bill. So I found a free utility that adds itself to the right-click menu with the creative name of Attribute Changer (Petges.lu - Download)

All you have to do is use Windows Search and enable 'Search hidden files and folders' under the advanced options. This will show you all of your files that are hidden (with or without the system attribute set). You can then select and change all of the file attributes right there...."
Disabled hidden property checkbox
My System SpecsSystem Spec
Reply

 halp! virus set my all files to hidden and now i cant reverse it!




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:58 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33