kidrock009
asked on
How to access files hidden by virus in Document and Settings in Windows 7 Directory
Hi Experts,
Our Manager Laptop was attack by a a Fake Scam AV " System Check". The operating System in his Laptop is Windiws 7. I want to retrieve his File and reformat the unit but could not locate his Profile. I thought his porfile was deleted by the Virus. During my removal process, I run a Sophos AV and saw that his File is in the "Document and Settings" but could not access it since "Document and Settings" in WIndows 7 is equivalent to "USER". Is there a way to access his File that is located in "Document and Settings" in Windows 7 environment while Im still cleaning his Unit?
I will create another question in removing the Fake Security Application Virus "System Check"
Thank You,
Kid
Our Manager Laptop was attack by a a Fake Scam AV " System Check". The operating System in his Laptop is Windiws 7. I want to retrieve his File and reformat the unit but could not locate his Profile. I thought his porfile was deleted by the Virus. During my removal process, I run a Sophos AV and saw that his File is in the "Document and Settings" but could not access it since "Document and Settings" in WIndows 7 is equivalent to "USER". Is there a way to access his File that is located in "Document and Settings" in Windows 7 environment while Im still cleaning his Unit?
I will create another question in removing the Fake Security Application Virus "System Check"
Thank You,
Kid
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
andytagonist
If you browse directly to it, it's there. C:/users/<username>/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@andytagonist:
Hi Sir, user profile is not located on the folder due to the Virus Attack. I hope it just hide the profile
@ZShaver:
Will get back to you on this when I get back to the office aNd try your suggestion
Hi Sir, user profile is not located on the folder due to the Virus Attack. I hope it just hide the profile
@ZShaver:
Will get back to you on this when I get back to the office aNd try your suggestion
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ZShaver and Run5k both gave good suggestions for undoing some other the apparent damage to your system...
but yes, the folder is most likely only hidden. to get to it manually, open Windows Explorer, in the address bar type c:/users/<username> where <username> is his login (they should be the same name).
also, make sure you can view Hidden AND System files in View, Folder Options. this will show
all of this is to get the files backed up. you can eventually fix the issues one by one, but in the end, don't be shy about just reimaging the system and being done with it rather than spending too much time on it. i've come across malware like this that tweaked with my file permissions AND hosed out my TCP/IP stack to where i couldn't even get on my local network...and that's just the damage i actually noticed--before reimaging.
but yes, the folder is most likely only hidden. to get to it manually, open Windows Explorer, in the address bar type c:/users/<username> where <username> is his login (they should be the same name).
also, make sure you can view Hidden AND System files in View, Folder Options. this will show
all of this is to get the files backed up. you can eventually fix the issues one by one, but in the end, don't be shy about just reimaging the system and being done with it rather than spending too much time on it. i've come across malware like this that tweaked with my file permissions AND hosed out my TCP/IP stack to where i couldn't even get on my local network...and that's just the damage i actually noticed--before reimaging.
Please download a utility called Combofix. It should be located at www.bleepingcomputer.com, but Google it to make sure. This website will have the utility and complete instructions on how to use it.
Good luck,
Regards,
Elliot
Good luck,
Regards,
Elliot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks it work