- neither with standard Windows XP tools,
- nor with a showhiddenfiles.vbs script kindly provided by the members of this forum.
Yet, the circumstances in which I came across this problem are sophisticated. So I have to beg a pardon for a long description of what happened. I'm 150% sure that a virus which attacked me recently has changed smth more than the registry entries of
„Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden”registry branch which is tweaked with an abovementioned VBS. Maybe, that the remnants of it reside outside the registry as well.
Please, help me!
Recently my computer was infected with a virus from a removable flash. As soon as I accessed this device from My computer I noticed that:
- a separate window for this drive was opened (while my defaults are „in the same window”)
- my custom icons which I set for each of different drives using an autorun.inf feature suddenly disappeared.
- my autorun.inf was replaced with the one which contained a code launching a xFoolAVP.com file
- xFoolAVP.com itself with SHRA attributes settled itself in a root of each of my drive (both physical and logical partitions)
Writing to DrWeb a thourough description of their failure was a waiste of time. DrWeb didn't reply me; its server refused to accept the virus samples I prepared etc. Well, it may be an offtopic, but: never buy DrWeb! Not only because they are deaf — this company is not capable to cure the viruses I encountered.
I launched cureit.exe of DrWeb again, now watching what it does. Coming across faked autorun.inf files, it simply… deleted them, leaving xFoolAVP.com intact! Calling such a behaviour of an antivirus program foolish may sound as a compliment for DrWeb: the name of this virus file was explicitly written in the autorunner. No attempts to find the same files immediately on another drives, no desire of DrWeb to browse some specific locations like system restore points, memory caches etc. I'm an amateur, not a hacker, but I'm aware to a certain extent what an antivirus has to do.
A trial version of Norton Antivirus (file NAV081500_YHO.exe) did everything that DrWeb was not capable to do . Also, Norton defined my virus as Infostealer. I was very thankful to Norton for cleaning my HDD's, but… this problem with folders persisted. I still cannot set Windows to show me hidden files and folders.
It may be a virus, but I beleive in Norton and hope that — unlike DrWeb — they've done everything from their side.
So, it also may be an odd trick with the keys and values of a …Explorer\Advanced\Hidden registry branch. I noticed that it keeps not only flags „shown-hidden”, but how are the values of these flags treated. So, zero (0) may be treated both as hidden and visible, but I don't know what defaults should be there…
Hope that my long, long report contains at least a grain of information helpful to fix a problem.
Thanks in advance