Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Files/folders Cannot Be Restored After A Virus Attack


  • Please log in to reply
1 reply to this topic

#1 A.Durceau

A.Durceau

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 19 January 2008 - 10:26 PM

My problem is that I cannot restore Show hidden files and folders setting:
  • neither with standard Windows XP tools,
  • nor with a showhiddenfiles.vbs script kindly provided by the members of this forum.
My question is short: what can I do?

Yet, the circumstances in which I came across this problem are sophisticated. So I have to beg a pardon for a long description of what happened. I'm 150% sure that a virus which attacked me recently has changed smth more than the registry entries of

„Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden”

registry branch which is tweaked with an abovementioned VBS. Maybe, that the remnants of it reside outside the registry as well.

Please, help me!

DESCRIPTION

Recently my computer was infected with a virus from a removable flash. As soon as I accessed this device from My computer I noticed that:
  • a separate window for this drive was opened (while my defaults are „in the same window”)
  • my custom icons which I set for each of different drives using an autorun.inf feature suddenly disappeared.
A short glance at these drives through a DOS window of Norton Commander was enough to conclude that:
  • my autorun.inf was replaced with the one which contained a code launching a xFoolAVP.com file
  • xFoolAVP.com itself with SHRA attributes settled itself in a root of each of my drive (both physical and logical partitions)
I immediately downloaded cureit.exe, a virus-cleaning utility from DrWeb. It defined it as an autoruner-type virus. After the cleaning was over I reloaded computer and… I found that DrWeb LIED ME that it has accomplished its cleaning job! The mentioned pair (autorun.inf+xFoolAVP.com) happily resided on each drive. Moreover, now it was coopmpanied with a newcomer, niedetect.com.

Writing to DrWeb a thourough description of their failure was a waiste of time. DrWeb didn't reply me; its server refused to accept the virus samples I prepared etc. Well, it may be an offtopic, but: never buy DrWeb! Not only because they are deaf :thumbsup:this company is not capable to cure the viruses I encountered.

I launched cureit.exe of DrWeb again, now watching what it does. Coming across faked autorun.inf files, it simply… deleted them, leaving xFoolAVP.com intact! Calling such a behaviour of an antivirus program foolish may sound as a compliment for DrWeb: the name of this virus file was explicitly written in the autorunner. No attempts to find the same files immediately on another drives, no desire of DrWeb to browse some specific locations like system restore points, memory caches etc. I'm an amateur, not a hacker, but I'm aware to a certain extent what an antivirus has to do.

A trial version of Norton Antivirus (file NAV081500_YHO.exe) did everything that DrWeb was not capable to do :flowers: . Also, Norton defined my virus as Infostealer. I was very thankful to Norton for cleaning my HDD's, but… this problem with folders persisted. I still cannot set Windows to show me hidden files and folders.

It may be a virus, but I beleive in Norton and hope that — unlike DrWeb — they've done everything from their side.
So, it also may be an odd trick with the keys and values of a …Explorer\Advanced\Hidden registry branch. I noticed that it keeps not only flags „shown-hidden”, but how are the values of these flags treated. So, zero (0) may be treated both as hidden and visible, but I don't know what defaults should be there…

Hope that my long, long report contains at least a grain of information helpful to fix a problem.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:45 AM

Posted 20 January 2008 - 12:17 AM

Hello, Although this isn't a direct answer to you question . Reformatting this PC may be the solution for 2 problems. The Hiiden Files and the fact that This Type malware may still be on your PC.
From Your Post...

A trial version of Norton Antivirus (file NAV081500_YHO.exe) did everything that DrWeb was not capable to do . Also, Norton defined my virus as Infostealer. I was very thankful to Norton for cleaning my HDD's, but… this problem with folders persisted. I still cannot set Windows to show me hidden files and folders.


Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read "When should I re-format?" and "Reformatting the computer or troubleshooting; which is best?".

.
PLease read the complete reply by Quietman7 here
http://www.bleepingcomputer.com/forums/top...tml#entry715197

Then decide how you want to proceed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users