Unhidden Files

gmollineau used Ask the Experts™
I recently had an attack of the System Repair malware. I got rid of the malware but my files remained hidden.
i ran the : attrib -s -h /s /d
command and now ALL files are unhidden (e.g. desktop.ini).
I fixed the desktop.ini to hidden status but I am afraid that there are more files which should be hidden but are now unhidden.

How do I return the files ti their default status.  
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Paul MacDonaldDirector, Information Systems

I think that cat is out of the bag, though you could certainly try a SFC /SCANNOW from the command line.

As salt in the wound, there are utilities/registry hacks that probably would have fixed the "hidden file" problem.  Alternately, just running...
   attrib -h /s /d
...would have been more appropriate.

sspankajSystem administrator

Hi, it depends on OS and where you executed the command. For your reference, if you have executed the command in Windows XP on C drive then below listed files should be hidden and system files:
Here A   Archive file attribute, S   System file attribute.,  H   Hidden file attribute.
A          C:\AUTOEXEC.BAT
SH      C:\boot.ini
A          C:\CONFIG.SYS
A  SH      C:\hiberfil.sys
A  SHR     C:\IO.SYS
A  SHR     C:\ntldr
A  SH      C:\pagefile.sys

Beside this few folders are also need to take care of

System Volume Information      SHR

If any folder have images in it then along with Dekstop.ini you need to make Thumbs.db SH file.

I hope this will help you.
Robert RComputer Service Technician

I would have to know more about which version of windows you are using as the steps vary depending upon the version.
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.


I am using Windows Xp Sp 3
Robert RComputer Service Technician

open my computer then click on the tools menu, select folder options, click on the view tap then click on the  restore defaults button.
Most Valuable Expert 2011
Top Expert 2011

I am assuming you used Unhide.exe?

It does a blanket unhiding of everything... Not so bad if you always have your "Show Hidden and System Folders" attribute in Explorer set....

Here's an excerpt of one of my scripts I use for this recovery....

attrib +H C:\*.sys
attrib +H C:\*.bat
attrib +H C:\*.com
attrib +H C:\*.ini
attrib +H "C:\MSOCache"
attrib -H /S /D "C:\MSOCache\*"
attrib +H "C:\System Volume Information"
attrib -H /S /D "C:\System Volume Information\*"
attrib +H "C:\Recycler"
attrib +H /S /D "C:\windows\$N*"
attrib +H /S /D "C:\windows\$h*"
attrib -H /S /D "C:\Windows\*"
attrib +H "C:\Windows\INF"
attrib +H "C:\Windows\IE8"
attrib +H "C:\Windows\CSC"
attrib +H "C:\Windows\Installer"
attrib +H "C:\Windows\System32\DLLCache"
attrib -H "C:\Sybase"
attrib -H "C:\TEMP"
attrib -H "C:\Program Files"
attrib -H /S /D "C:\Program Files\*"
attrib -H "C:\Util"

And for the profile....

attrib -H "%userprofile%"
attrib +H "%userprofile%\Application Data"
attrib -H /S /D "%userprofile%\Application Data\*"
attrib +H "%userprofile%\Cookies"
attrib -H /S /D "%userprofile%\Cookies\*"
attrib -H "%userprofile%\Desktop"
attrib -H /S /D "%userprofile%\Desktop\*"
attrib -H "%userprofile%\Favorites"
attrib -H /S /D "%userprofile%\Favorites\*"
attrib +H /S /D "%userprofile%\Local Settings\*"
attrib -H "%userprofile%\Local Settings\TEMP"
attrib -H /S /D "%userprofile%\Local Settings\TEMP\*"
attrib -H /S /D "%userprofile%\Local Settings\Application Data\*"
attrib -H "%userprofile%\My Documents"
attrib -H /S /D "%userprofile%\My Documents\*"
attrib +H "%userprofile%\NetHood"
attrib -H /S /D "%userprofile%\NetHood\*"
attrib +H "%userprofile%\PrintHood"
attrib -H /S /D "%userprofile%\PrintHood\*"
attrib +H "%userprofile%\Recent"
attrib -H /S /D "%userprofile%\Recent\*"
attrib +H "%userprofile%\SendTo"
attrib -H /S /D "%userprofile%\SendTo\*"
attrib -H "%userprofile%\Start Menu"
attrib -H /S /D "%userprofile%\Start Menu\*"
attrib +H "%userprofile%\Templates"
attrib -H /S /D "%userprofile%\Templates\*"
attrib +H "%userprofile%\IETldCache"
attrib -H /S /D "%userprofile%\IETldCache\*"
attrib +H "%userprofile%\PrivacIE"
attrib -H /S /D "%userprofile%\PrivacIE\*"
attrib -H "%userprofile%\*"
attrib +H /S /D "%userprofile%\ntuser*"

Based on a standard XP SP3 load.... Might have missed a few.....

Unless someone uses the computer that has a tendency to delete things they don't see as being necessary, there's no harm to your computer in leaving those unhidden. This is the drawback of unhiding files recursively using the command line or the unhide.exe utility provided by bleepingcomputer. Also, if that virus wiped out the shortcuts in your startmenu and on your desktop (common for the virus you're describing), you can find a copy of the shortcuts in folders called "1" "2" and "4" in a folder called "smtmp" in the %temp% directory of the user that got infected - granted you haven't cleared the temp folder yet. Cheers - Mark

Open Windows Explorer and goto Menu Tools ==> Folder Options ==> Goto View TAB ==> Select Show Hidden Files and Folders in Advance Settings.

All files will be displayed. if it again re-hide. than you will have to show through Registry.

Make sure that you have cleaned trojans / virus from your computer before.

Registry Trick is easy but first of all perform this and let me know. i will guide you more in it.


Tanveer Hussain


This is a workaround
Most Valuable Expert 2011
Top Expert 2011

I dont understand the colsure of "Workaround".....

We provided some valid solutions for you, but you close this saying "Workaround", on a topic that went off an a tangent about a virus you may/may not have had?

Please elaborate.....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial