?
Solved

Folders hidden after virus

Posted on 2011-05-01
4
Medium Priority
?
1,181 Views
Last Modified: 2013-11-22
I have a PC that had a couple viruses (one was the TDSS rootkit) but was able to remove all of them.  Trend and MAlwarebytes scan come up clean.  My problem is that one of the effects of the viruses was to make all the folders in the "Documents and Settings" and "Program Files" folders hidden.  There may be others that I just haven't found yet.  Is there any way to undo all these changes without going through one by one and removing the hidden check box?
0
Comment
Question by:tmckinney01
4 Comments
 
LVL 7

Expert Comment

by:rsimsee
ID: 35500968
I recently had a client with TDSS and they had the same issue.  The first time I "thought" I had gotten rid of it a system restore also unhid all of the directories.  However, when I finally exterminated the issue, the folders and contents were left hidden and I was done messing with system restore, so I just manually unhid everything that needed to be unhidden.

Basically I just went to thier profile directory and selected the Favorites and My Documents directories and right clicked and unchecked the hidden box.  This automatically asked me if I wanted to perform the change on just those items, or everything in the subdirectories too, which I did, and all was well with the world...  

Killing the inventors of these rootkits would not be murder in my book...
0
 
LVL 38

Accepted Solution

by:
younghv earned 2000 total points
ID: 35501231
A couple of thoughts:

1. Automatic - Try unhide.exe
http://download.bleepingcomputer.com/grinler/unhide.exe

2. Manual - Show hidden files,
Highlight your folders,
Right Click,
Properties,
Remove check from hidden and apply to subfolders.
0
 
LVL 12

Expert Comment

by:ibu1
ID: 35502810
Hi,
hide the folder then run the attrib "C:\Documents and Settings\User" -h /s
Above is the example for how you can make unhide 'user' folder inside the Documents and settings. You can apply same setting for the program files.
In your case the command will be
attrib c:\program files -h /s
attrib c:\Documents and Settings -h /s
Note:There must be a space between -h and /s
0
 

Author Closing Comment

by:tmckinney01
ID: 35504450
Perfect!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question