SABYA
asked on
cannot enable view hidden files otion
I cannot enable the view hidden files and folders by using the the tools menu in my computer or any other folder.It simply reverts back to hidden files status automatically.this is a recent phenomenon.
I think your machine has been infected..so first of alll you need use AV to scan! I export my clean registry key from my machine to help show enable show hidden files :
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
ASKER
Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3
11/8/2008 12:30:38 PM
mbam-log-2008-11-08 (12-30-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 133060
Time elapsed: 50 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINNT\system32\ckvo0.dl l (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\saix.ins tallercall er (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\saix.ins tallercall er.1 (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\Interfac e\{2e9937f c-cf2f-4f5 6-af54-5a6 a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interfac e\{741de82 5-a6f0-449 7-9aa6-802 3cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Internet Explorer\SearchScopes\{562 56a51-b582 -467e-b8d4 -7786eda79 ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Multimed ia\WMPlaye r\Schemes\ f3pss (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE \Microsoft \Windows\C urrentVers ion\Run\ka msoft (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE \Microsoft \Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Explo rer\Advanc ed\Folder\ Hidden\SHO WALL\Check edValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
C:\Documents and Settings\Default User\Application Data\NetMon (Trojan.NetMon) -> No action taken.
Files Infected:
C:\WINNT\system32\ckvo.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\WINNT\system32\ckvo0.dl l (Trojan.Agent) -> No action taken.
C:\WINNT\system32\ckvo1.dl l (Trojan.Agent) -> No action taken.
C:\nq0cq.cmd (Trojan.Agent) -> No action taken.
C:\xih9.cmd (Trojan.Agent) -> No action taken.
Database version: 1373
Windows 5.1.2600 Service Pack 3
11/8/2008 12:30:38 PM
mbam-log-2008-11-08 (12-30-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 133060
Time elapsed: 50 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINNT\system32\ckvo0.dl
Registry Keys Infected:
HKEY_CLASSES_ROOT\saix.ins
HKEY_CLASSES_ROOT\saix.ins
HKEY_CLASSES_ROOT\Interfac
HKEY_CLASSES_ROOT\Interfac
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE
HKEY_CURRENT_USER\SOFTWARE
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWAR
Folders Infected:
C:\Documents and Settings\Default User\Application Data\NetMon (Trojan.NetMon) -> No action taken.
Files Infected:
C:\WINNT\system32\ckvo.exe
C:\Documents and Settings\Default User\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\WINNT\system32\ckvo0.dl
C:\WINNT\system32\ckvo1.dl
C:\nq0cq.cmd (Trojan.Agent) -> No action taken.
C:\xih9.cmd (Trojan.Agent) -> No action taken.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess it is.I was temporarily able to access my hidden files. after I ran the scan and deleted or quarentined the infected objects.But I guess it is infected again.
Your machine is infected ckvo0.dll, I think kav can remove it from your system. You can follow this guide:
http://forum.kaspersky.com/lofiversion/index.php/t89216.html
or
http://www.msfn.org/board/remove-Kavo-Ckvo0dll-t124140.html&pid=800741&mode=threaded
http://forum.kaspersky.com/lofiversion/index.php/t89216.html
or
http://www.msfn.org/board/remove-Kavo-Ckvo0dll-t124140.html&pid=800741&mode=threaded
ASKER
I have installed kapersky internet security 2009.I have run the scan once.I dont know how to save the log and show it to you.
ASKER
kapersky is a expensive solution .is there anything cheaper and also which is light on the system.Do I neeed to post hihck this log?
I think with some tools like Process Explorer, Autoruns (from sysinternals) and IceSword or gmer, you can manual remove ckvo0.dll from your system. Anotherway you can use Nod32 Antivirus to scan your system.
Best Regards
Best Regards
ASKER
I am able to view my hidden files now. But I dont know if I am still infected.Do I need to post hijack this log?
You can use my registry settings in my above post to solve view hidden files, or another way to view hidden files you can use Total commander. Okie, post your hjack this log here, may be i can help you!
Regards
Regards
ASKER
I have attached the hijack this log.Apparently there is no problem.But my system has slowed down considerably and it hangs while booting up.
hijackthis.log
hijackthis.log
I've checked your log file, i think your machine is ok. But I dont know about 2 processes :
D:\tallylicserver.exe
D:\Tally72.exe
If your system slows down, your can temporary disable unused processes and services.
Best Regards
D:\tallylicserver.exe
D:\Tally72.exe
If your system slows down, your can temporary disable unused processes and services.
Best Regards
ASKER
Both relate to accounting software loaded on my computer they are completely safe.
ASKER
How can find out which services are unused? do I have diable them from computer management services console.
Hi there; long time no see...:)
>>which services are unused?
Start->run->services.msc
You can also use AutoRuns, a very helpful utility...
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Best regards...
>>which services are unused?
Start->run->services.msc
You can also use AutoRuns, a very helpful utility...
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Best regards...
Hey,
Besides all the virus related issues, try start -> run -> sfc /scannow and if he finds some corrupted files, fix them and try again the hidden files subject.
Cheers
Besides all the virus related issues, try start -> run -> sfc /scannow and if he finds some corrupted files, fix them and try again the hidden files subject.
Cheers
ASKER
I ran antivirus kapersky and solved the problem.
well...It's most likely your machine has been infected...please have a hijackthis log and send it here (Don't fix anything yet...)...Also a scan with MalwareBytes is needed...Then you are going to scan your machine with Kaspersky internet scanner...
Best regards...