[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

cannot enable view hidden files otion

I cannot enable the view hidden files and folders by using the the tools menu in my computer or any other folder.It simply reverts back to hidden files status automatically.this is a recent phenomenon.
0
SABYA
Asked:
SABYA
  • 9
  • 5
  • 3
  • +1
1 Solution
 
jazzIIIloveCommented:
Hi there;

well...It's most likely your machine has been infected...please have a hijackthis log and send it here (Don't fix anything yet...)...Also a scan with MalwareBytes is needed...Then you are going to scan your machine with Kaspersky internet scanner...

Best regards...
0
 
kienmanowarCommented:
I think your machine has been infected..so first of alll you need use AV to scan! I export my clean registry key from my machine to help show enable show hidden files :


Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
  48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
  00
"HelpID"="shell.hlp#51131"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

Open in new window

0
 
SABYAAuthor Commented:
Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

11/8/2008 12:30:38 PM
mbam-log-2008-11-08 (12-30-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 133060
Time elapsed: 50 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINNT\system32\ckvo0.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
C:\Documents and Settings\Default User\Application Data\NetMon (Trojan.NetMon) -> No action taken.

Files Infected:
C:\WINNT\system32\ckvo.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\WINNT\system32\ckvo0.dll (Trojan.Agent) -> No action taken.
C:\WINNT\system32\ckvo1.dll (Trojan.Agent) -> No action taken.
C:\nq0cq.cmd (Trojan.Agent) -> No action taken.
C:\xih9.cmd (Trojan.Agent) -> No action taken.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
jazzIIIloveCommented:
Your machine is severly infected...First close the system restore...Right click on MyComputer and go to restore tab and disable it...Then as stated in MalwareBytes report, simply take an action, move them to quarantinee and delete them permenantly then do a scan with Kaspersky internet scanner...

www.kaspersky.com/virusscanner

Then observe the result...If there is more, download webitcure
www.freedrweb.com/

Another scan and fix them...Then another hijackthis log here...
0
 
SABYAAuthor Commented:
I guess it is.I was temporarily able to access my hidden files. after I ran the scan and deleted or quarentined the infected objects.But I guess it is infected again.
0
 
kienmanowarCommented:
Your machine is infected ckvo0.dll, I think kav can remove it from your system. You can follow this guide:
http://forum.kaspersky.com/lofiversion/index.php/t89216.html 
or
http://www.msfn.org/board/remove-Kavo-Ckvo0dll-t124140.html&pid=800741&mode=threaded
0
 
SABYAAuthor Commented:
I have installed kapersky internet security 2009.I have run the scan once.I dont know how to save the log and show it to you.
0
 
SABYAAuthor Commented:
kapersky is a expensive solution .is there anything cheaper and also which is light on the system.Do I neeed to post hihck this log?
0
 
kienmanowarCommented:
I think with some tools like Process Explorer, Autoruns (from sysinternals) and IceSword or gmer, you can manual remove ckvo0.dll from your system. Anotherway you can use Nod32 Antivirus to scan your system.

Best Regards
0
 
SABYAAuthor Commented:
I am able to view my hidden files now. But I dont know if I am still infected.Do I need to post hijack this log?
0
 
kienmanowarCommented:
You can use my registry settings in my above post to solve view hidden files, or another way to view hidden files you can use Total commander. Okie, post your hjack this log here, may be i can help you!

Regards
0
 
SABYAAuthor Commented:
I have attached the hijack this log.Apparently there is no problem.But my system has slowed down considerably and it hangs while booting up.
hijackthis.log
0
 
kienmanowarCommented:
I've checked your log file, i think your machine is ok. But I dont know about 2 processes :

D:\tallylicserver.exe
D:\Tally72.exe

If your system slows down, your can temporary disable unused processes and services.

Best Regards
0
 
SABYAAuthor Commented:
Both relate to accounting software loaded on my computer they are completely safe.
0
 
SABYAAuthor Commented:
How can find out which services are unused? do I have diable them from computer management services console.
0
 
jazzIIIloveCommented:
Hi there; long time no see...:)

>>which services are unused?
Start->run->services.msc

You can also use AutoRuns, a very helpful utility...

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Best regards...
0
 
tiagorferreiraCommented:
Hey,

Besides all the virus related issues, try start -> run -> sfc /scannow and if he finds some corrupted files, fix them and try again the hidden files subject.

Cheers
0
 
SABYAAuthor Commented:
I ran antivirus kapersky and solved the problem.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 9
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now