Folders hidden after virus

Posted on 2011-05-01
Last Modified: 2013-11-22
I have a PC that had a couple viruses (one was the TDSS rootkit) but was able to remove all of them.  Trend and MAlwarebytes scan come up clean.  My problem is that one of the effects of the viruses was to make all the folders in the "Documents and Settings" and "Program Files" folders hidden.  There may be others that I just haven't found yet.  Is there any way to undo all these changes without going through one by one and removing the hidden check box?
Question by:tmckinney01
    LVL 7

    Expert Comment

    I recently had a client with TDSS and they had the same issue.  The first time I "thought" I had gotten rid of it a system restore also unhid all of the directories.  However, when I finally exterminated the issue, the folders and contents were left hidden and I was done messing with system restore, so I just manually unhid everything that needed to be unhidden.

    Basically I just went to thier profile directory and selected the Favorites and My Documents directories and right clicked and unchecked the hidden box.  This automatically asked me if I wanted to perform the change on just those items, or everything in the subdirectories too, which I did, and all was well with the world...  

    Killing the inventors of these rootkits would not be murder in my book...
    LVL 38

    Accepted Solution

    A couple of thoughts:

    1. Automatic - Try unhide.exe

    2. Manual - Show hidden files,
    Highlight your folders,
    Right Click,
    Remove check from hidden and apply to subfolders.
    LVL 12

    Expert Comment

    hide the folder then run the attrib "C:\Documents and Settings\User" -h /s
    Above is the example for how you can make unhide 'user' folder inside the Documents and settings. You can apply same setting for the program files.
    In your case the command will be
    attrib c:\program files -h /s
    attrib c:\Documents and Settings -h /s
    Note:There must be a space between -h and /s

    Author Closing Comment


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
    Operating system developers such as Microsoft ( and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now