?
Solved

*EMERGENCY* server hit with virus. Need to UNHIDE folders.

Posted on 2013-06-26
4
Medium Priority
?
707 Views
Last Modified: 2013-11-22
freekin virus hit my server. I see a bunch of random files named .exe.  actual files and folders but with extension .exe.  looks like original files and folders are all there but "hidden"

how can I unhide these all at the same time?? still scanning server for viruses.
0
Comment
Question by:Anthony H.
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Accepted Solution

by:
MacroShadow earned 1500 total points
ID: 39279818
First of all you must remove the virus.

Once you remove the virus and remove the system restrictions imposed by it, follow these instructions to unhide the folders.
1. create a new text document
2. copy and paste the following code:
@ECHO OFF
ECHO Type the drive letter. ONLY the letter.
ECHO ALL FILES ARE GOING TO BE MODIFIED!!!
set /p letter=

ECHO %letter%: selected
taskkill /im explorer.exe /f
ECHO.
ECHO "Modifying files..."
ECHO.

attrib -s -h -a /s /d %letter%:\*.*

ECHO "Process completed."

start explorer %letter%:
taskkill /im cmd.exe /f

Open in new window

3. save the file as repair.bat
4. run and follow the prompts
0
 

Author Comment

by:Anthony H.
ID: 39279822
what do you recommend to remove virus. I ran mcafee, super antispyware, and hitmanpro... not finding it. rebuilding itself.
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 39279864
try using chameleon by malwarebytes (run the svchost.exe file).  Check out the instructions here (even though they are for a different infection).
0
 
LVL 27

Expert Comment

by:MacroShadow
ID: 39280232
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question