Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: halp! virus set my all files to hidden and now i cant reverse it!

12 Jul 2010   #1
DividedSky

W7 64-bit
 
 
halp! virus set my all files to hidden and now i cant reverse it!

So yesterday I got the follow worms/virii:
-packed.vmpbad!gen1
-trojan.gen
-w32.imautorun

I realized this when this Magway FC popup kept coming up and i was wondering what the hell it was. I tried to get to the task manager but it wasnt present as a choice when i hit ctrl+alt+delete (w7). i tried to get to msconfig and my computer restarted itself.

When it restarted all of my files (in the programs menu, all my media and pictures) almost everything in my hard drive was gone! i chekced how much space my hd had and figured out all my stuff was just hidden and not erased. I couldnt access system restore even to disable it, couldnt get to folder options, etc.

Soo since AVG failed me i d/led norton and eradicated the virii.
Then I used Malwarebytes to get rid of these registry infections:


Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8eygnigr-kxu6-3de9-1ijd-cwgvhwklmkyw} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFind (Hijack.Find) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\hackhound.txt (Malware.Trace) -> Quarantined and deleted successfully.
__________________________________________________ ______________

Now i can get to folder options to show all hidden files, and i can see all of my hidden files (basically everything in my hard drive). however, when i right click > properties, the "hidden" check box under attributes is greyed out and i can un-hide the file (let alone any file).

What can i do?
TO BE CLEAR: the virus made it so that all of my files (including pictures, music, movies) are hidden, however i can go to folder options and set "view hidden files" to on and i can see all of the hidden files. what i want to do is uncheck the box on the hidden attribute for all of em so that they are NOT hidden files anymore


My System SpecsSystem Spec
.
12 Jul 2010   #2
DividedSky

W7 64-bit
 
 

screens:
My System SpecsSystem Spec
12 Jul 2010   #3
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Have you tried to take ownership of the folders?

Take Ownership Shortcut
My System SpecsSystem Spec
.

12 Jul 2010   #4
DividedSky

W7 64-bit
 
 

it doesnt show up as an option
My System SpecsSystem Spec
12 Jul 2010   #5
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Read the link I posted: Take Ownership Shortcut
My System SpecsSystem Spec
12 Jul 2010   #6
DividedSky

W7 64-bit
 
 

okay, so ive taken ownership but nothing happens. by the way something interesting happened while i was downloading the registry key that adds "take ownership" to the context menu. the downloaded file's icon had a Magway FC logo on it, the same logo of the pop up that kept popping up on my computer while i had a bunch of viruses. must mean that the damn virus has changed a lot that i cant see or wont realize until later down theline. makes me feel like a clean start is the only way to go?
My System SpecsSystem Spec
12 Jul 2010   #7
Bill2

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

Boot from a live ubuntu or Knoppix cd, copy off all possible data files to external media, then do a clean install of win7.

Computer First Aid Using Knoppix

Data Recovery Via Ubuntu Live CD : Data Recovery Hope
My System SpecsSystem Spec
12 Jul 2010   #8
CarlTR6

Windows 7 Ultimate 32 bit
 
 

I don't think the malware is cleaned out. There might be some things you can do instead of a clean install. Let me ask for some help with this. I am not a malware expert; but we do have some well versed experts here. It maybe tomorrow before than can get back to you considering they are in different time zones.

You will want to backup your files before you do a reformat and a clean install. However, some of your files might be infected and you will want those cleaned. Did you do a deep scan with Malwarebytes? If not, do so.

If you now have the Take Ownership shortcut, take ownership of one of the folders your files are in. Then see if you can remove the hidden check. You may have to change permissions.
My System SpecsSystem Spec
12 Jul 2010   #9
DividedSky

W7 64-bit
 
 

Quote   Quote: Originally Posted by CarlTR6 View Post
I don't think the malware is cleaned out. There might be some things you can do instead of a clean install. Let me ask for some help with this. I am not a malware expert; but we do have some well versed experts here. It maybe tomorrow before than can get back to you considering they are in different time zones.

You will want to backup your files before you do a reformat and a clean install. However, some of your files might be infected and you will want those cleaned. Did you do a deep scan with Malwarebytes? If not, do so.

If you now have the Take Ownership shortcut, take ownership of one of the folders your files are in. Then see if you can remove the hidden check. You may have to change permissions.
yup, took ownership of the parent folder then the file itself to no avail, clearly my computer still has some scars from the infection or still has some malware in it. yup i did a deep virus scan and malware scan and my computer came out clean

sure thing ill wait til tomorrow before i leap and do a clean boot
My System SpecsSystem Spec
12 Jul 2010   #10
Grimmjow

Windows 7 Ultimate x32
 
 

This maybe? "...I found my problem. It's been a while since my DOS days and I had forgotten about the System attribute. Seeing as I have hundreds of document spread across dozens of directories the attrib command didn't quite fit the bill. So I found a free utility that adds itself to the right-click menu with the creative name of Attribute Changer (Petges.lu - Download)

All you have to do is use Windows Search and enable 'Search hidden files and folders' under the advanced options. This will show you all of your files that are hidden (with or without the system attribute set). You can then select and change all of the file attributes right there...."
Disabled hidden property checkbox
My System SpecsSystem Spec
Reply

 halp! virus set my all files to hidden and now i cant reverse it!




Thread Tools





Similar help and support threads
Thread Forum
Show hidden files that remain hidden
In Appearance Files View, clearing the 2 buttons to reveal hidden files does not allow access to, for instance, C documents and settings, which has a padlock next to it, and others. I had reinstalled the OS from within the machine and uninstalled any junk such as games etc. Have Avast free,...
General Discussion
How i clean shortcut hidden Virus from my PC
guys, i want ask about Hidden Shortcut, i just install a game suddenly the shortcut hidden new folder appears, but when i delete the shortcut, not appear anymore, i'm worrying my pc got hidden shortcut virus :cry: , want ask about any AV can remove or any solution, now using Avast! and Malwarebytes
System Security
Hidden Virus File
I recently developed a virus on my computer. I did a MSCONFIG and found the malicious file in the start-up and ‘Disabled’ it so it did not run when I started my computer. Next, I wanted to delete this file so found its location in C:\Users\Appdata\...etc. However, when I got to the final folder...
System Security
Problem with virus hidden all my files on external hd tried everything
Cannot see my files on my external hdd, i think because of a virus. I tried everything i know. Malwarebytes Superantispyware Avg anti virus Spybot Cmd attrib ... REgistry changes Folder options ccleaner
General Discussion
Hidden System files are no longer hidden
Some of my important system files are no longer hidden and I can't hide them even with the Command Prompt "attrib" command. Files such as bootmgr and ntldr are shown and I can't hide them. Also, show Protected System files is unchecked and show hidden files is also unchecked so they shouldn't be...
General Discussion
Hidden Rootkit Files... VIRUS?
thanks in advance to anyone who can give me some insight. i've finally got my computer looking the way i want and running as fast as an atom can produce, but i've run into a problem. i recently hid a bunch of folders i never access, and subsequently ran a virus scan. none of these issues...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 04:26.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App