Link to home
Start Free TrialLog in
Avatar of bongets
bongetsFlag for Papua New Guinea

asked on

Virus that hides folders

Hi,

I think i got infected by a virus that hides folders. i don't know what kind of virus is this.

even if i use attrib -s -h -r /s /d.. the folder will appear in just seconds but will disappear again.

any help will be highly appreciated.

Thanks.
Avatar of Dr. Klahn
Dr. Klahn

This sounds like unlikely behavior for a virus.  Either they destroy your data, or encrypt it and hold it for ransom, but they don't in general play with it.  There's no profit in that.

Run your virus scanner at full sensitivity and scan all files.

Then download Malwarebytes.  If possible, install it as the unpaid version and don't let it install the "trial" paid features.  See what it finds.

Then run a couple of the online virus scanners such as the Trend Micro web scanner or the F-Secure online scanner.

If none of these find an infection, then it's unlikely to be a virus and there's some other problem that should be investigated.
ASKER CERTIFIED SOLUTION
Avatar of Jinish KG
Jinish KG
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Definitely virus but you would not know which variant because it is a typical behavior.

What user sees
Double click a folder and it opens

What actually happens
Virus is executed and folder opened so that user does not suspect anything

How it does this
  1. Hides all folders
  2. Creates a shortcut to virus with an icon that looks like a folder
  3. When you click shortcut it executes the virus.
  4. Virus does nasties and opens folder after so that user does not suspect anything

The fact that it keeps happing means your computer is still infected
It sounds like the the /s "system attribute" has been set, while the view attribute for files has /s system attribute off.

In over twenty years of working on computers, I have never see a virus mess with the system attribute.
Avatar of bongets

ASKER

Hi Jinish KG, the computer that got affected is running on win server.  HFV did not fix the issue and those from bleepingcomputer do not support win server... any other options?

Thanks.