cannot enable view hidden files otion

I cannot enable the view hidden files and folders by using the the tools menu in my computer or any other folder.It simply reverts back to hidden files status automatically.this is a recent phenomenon.
SABYAAsked:
Who is Participating?
 
jazzIIIloveConnect With a Mentor Commented:
Your machine is severly infected...First close the system restore...Right click on MyComputer and go to restore tab and disable it...Then as stated in MalwareBytes report, simply take an action, move them to quarantinee and delete them permenantly then do a scan with Kaspersky internet scanner...

www.kaspersky.com/virusscanner

Then observe the result...If there is more, download webitcure
www.freedrweb.com/

Another scan and fix them...Then another hijackthis log here...
0
 
jazzIIIloveCommented:
Hi there;

well...It's most likely your machine has been infected...please have a hijackthis log and send it here (Don't fix anything yet...)...Also a scan with MalwareBytes is needed...Then you are going to scan your machine with Kaspersky internet scanner...

Best regards...
0
 
kienmanowarCommented:
I think your machine has been infected..so first of alll you need use AV to scan! I export my clean registry key from my machine to help show enable show hidden files :


Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
  48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
  00
"HelpID"="shell.hlp#51131"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

Open in new window

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
SABYAAuthor Commented:
Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

11/8/2008 12:30:38 PM
mbam-log-2008-11-08 (12-30-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 133060
Time elapsed: 50 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINNT\system32\ckvo0.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
C:\Documents and Settings\Default User\Application Data\NetMon (Trojan.NetMon) -> No action taken.

Files Infected:
C:\WINNT\system32\ckvo.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\Default User\Application Data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\WINNT\system32\ckvo0.dll (Trojan.Agent) -> No action taken.
C:\WINNT\system32\ckvo1.dll (Trojan.Agent) -> No action taken.
C:\nq0cq.cmd (Trojan.Agent) -> No action taken.
C:\xih9.cmd (Trojan.Agent) -> No action taken.
0
 
SABYAAuthor Commented:
I guess it is.I was temporarily able to access my hidden files. after I ran the scan and deleted or quarentined the infected objects.But I guess it is infected again.
0
 
kienmanowarCommented:
Your machine is infected ckvo0.dll, I think kav can remove it from your system. You can follow this guide:
http://forum.kaspersky.com/lofiversion/index.php/t89216.html 
or
http://www.msfn.org/board/remove-Kavo-Ckvo0dll-t124140.html&pid=800741&mode=threaded
0
 
SABYAAuthor Commented:
I have installed kapersky internet security 2009.I have run the scan once.I dont know how to save the log and show it to you.
0
 
SABYAAuthor Commented:
kapersky is a expensive solution .is there anything cheaper and also which is light on the system.Do I neeed to post hihck this log?
0
 
kienmanowarCommented:
I think with some tools like Process Explorer, Autoruns (from sysinternals) and IceSword or gmer, you can manual remove ckvo0.dll from your system. Anotherway you can use Nod32 Antivirus to scan your system.

Best Regards
0
 
SABYAAuthor Commented:
I am able to view my hidden files now. But I dont know if I am still infected.Do I need to post hijack this log?
0
 
kienmanowarCommented:
You can use my registry settings in my above post to solve view hidden files, or another way to view hidden files you can use Total commander. Okie, post your hjack this log here, may be i can help you!

Regards
0
 
SABYAAuthor Commented:
I have attached the hijack this log.Apparently there is no problem.But my system has slowed down considerably and it hangs while booting up.
hijackthis.log
0
 
kienmanowarCommented:
I've checked your log file, i think your machine is ok. But I dont know about 2 processes :

D:\tallylicserver.exe
D:\Tally72.exe

If your system slows down, your can temporary disable unused processes and services.

Best Regards
0
 
SABYAAuthor Commented:
Both relate to accounting software loaded on my computer they are completely safe.
0
 
SABYAAuthor Commented:
How can find out which services are unused? do I have diable them from computer management services console.
0
 
jazzIIIloveCommented:
Hi there; long time no see...:)

>>which services are unused?
Start->run->services.msc

You can also use AutoRuns, a very helpful utility...

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Best regards...
0
 
tiagorferreiraCommented:
Hey,

Besides all the virus related issues, try start -> run -> sfc /scannow and if he finds some corrupted files, fix them and try again the hidden files subject.

Cheers
0
 
SABYAAuthor Commented:
I ran antivirus kapersky and solved the problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.