halp! virus set my all files to hidden and now i cant reverse it!

Page 1 of 2 12 LastLast

  1. Posts : 9
    W7 64-bit
       #1

    halp! virus set my all files to hidden and now i cant reverse it!


    So yesterday I got the follow worms/virii:
    -packed.vmpbad!gen1
    -trojan.gen
    -w32.imautorun

    I realized this when this Magway FC popup kept coming up and i was wondering what the hell it was. I tried to get to the task manager but it wasnt present as a choice when i hit ctrl+alt+delete (w7). i tried to get to msconfig and my computer restarted itself.

    When it restarted all of my files (in the programs menu, all my media and pictures) almost everything in my hard drive was gone! i chekced how much space my hd had and figured out all my stuff was just hidden and not erased. I couldnt access system restore even to disable it, couldnt get to folder options, etc.

    Soo since AVG failed me i d/led norton and eradicated the virii.
    Then I used Malwarebytes to get rid of these registry infections:


    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8eygnigr-kxu6-3de9-1ijd-cwgvhwklmkyw} (Generic.Bot.H) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFind (Hijack.Find) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\hackhound.txt (Malware.Trace) -> Quarantined and deleted successfully.
    __________________________________________________ ______________

    Now i can get to folder options to show all hidden files, and i can see all of my hidden files (basically everything in my hard drive). however, when i right click > properties, the "hidden" check box under attributes is greyed out and i can un-hide the file (let alone any file).

    What can i do?
    TO BE CLEAR: the virus made it so that all of my files (including pictures, music, movies) are hidden, however i can go to folder options and set "view hidden files" to on and i can see all of the hidden files. what i want to do is uncheck the box on the hidden attribute for all of em so that they are NOT hidden files anymore
      My Computer


  2. Posts : 9
    W7 64-bit
    Thread Starter
       #2

    screens:
      My Computer


  3. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #3

    Have you tried to take ownership of the folders?

    Take Ownership Shortcut
      My Computer


  4. Posts : 9
    W7 64-bit
    Thread Starter
       #4

    it doesnt show up as an option
      My Computer


  5. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #5

    Read the link I posted: Take Ownership Shortcut
      My Computer


  6. Posts : 9
    W7 64-bit
    Thread Starter
       #6

    okay, so ive taken ownership but nothing happens. by the way something interesting happened while i was downloading the registry key that adds "take ownership" to the context menu. the downloaded file's icon had a Magway FC logo on it, the same logo of the pop up that kept popping up on my computer while i had a bunch of viruses. must mean that the damn virus has changed a lot that i cant see or wont realize until later down theline. makes me feel like a clean start is the only way to go?
      My Computer


  7. Posts : 5,056
    Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
       #7

    Boot from a live ubuntu or Knoppix cd, copy off all possible data files to external media, then do a clean install of win7.

    Computer First Aid Using Knoppix

    Data Recovery Via Ubuntu Live CD : Data Recovery Hope
      My Computer


  8. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #8

    I don't think the malware is cleaned out. There might be some things you can do instead of a clean install. Let me ask for some help with this. I am not a malware expert; but we do have some well versed experts here. It maybe tomorrow before than can get back to you considering they are in different time zones.

    You will want to backup your files before you do a reformat and a clean install. However, some of your files might be infected and you will want those cleaned. Did you do a deep scan with Malwarebytes? If not, do so.

    If you now have the Take Ownership shortcut, take ownership of one of the folders your files are in. Then see if you can remove the hidden check. You may have to change permissions.
      My Computer


  9. Posts : 9
    W7 64-bit
    Thread Starter
       #9

    CarlTR6 said:
    I don't think the malware is cleaned out. There might be some things you can do instead of a clean install. Let me ask for some help with this. I am not a malware expert; but we do have some well versed experts here. It maybe tomorrow before than can get back to you considering they are in different time zones.

    You will want to backup your files before you do a reformat and a clean install. However, some of your files might be infected and you will want those cleaned. Did you do a deep scan with Malwarebytes? If not, do so.

    If you now have the Take Ownership shortcut, take ownership of one of the folders your files are in. Then see if you can remove the hidden check. You may have to change permissions.
    yup, took ownership of the parent folder then the file itself to no avail, clearly my computer still has some scars from the infection or still has some malware in it. yup i did a deep virus scan and malware scan and my computer came out clean

    sure thing ill wait til tomorrow before i leap and do a clean boot
      My Computer


  10. Posts : 826
    Windows 7 Ultimate x32
       #10

    This maybe? "...I found my problem. It's been a while since my DOS days and I had forgotten about the System attribute. Seeing as I have hundreds of document spread across dozens of directories the attrib command didn't quite fit the bill. So I found a free utility that adds itself to the right-click menu with the creative name of Attribute Changer (Petges.lu - Download)

    All you have to do is use Windows Search and enable 'Search hidden files and folders' under the advanced options. This will show you all of your files that are hidden (with or without the system attribute set). You can then select and change all of the file attributes right there...."
    Disabled hidden property checkbox
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:35.
Find Us