Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unhide.exe - A introduction as to what this program does


  • Please log in to reply
376 replies to this topic

#31 Proxy

Proxy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 27 September 2011 - 02:00 PM

Sorry should of course have mentioned that in the first place.
I'll just name a few since they seem pretty similar most of them:
WRL0001.tmp up to WRL0020.tmp
WRL1788.tmp
WRL2590.tmp
WRL4036.tmp

Excuse me for being such a noob, and thank you for the great help!

BC AdBot (Login to Remove)

 


#32 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 27 September 2011 - 03:17 PM

Yes, those can be deleted.

#33 davis24

davis24

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 16 October 2011 - 01:14 PM

You mentioned not running unhide.exe program unless you were infected with the FakeHDD rogue. How do I know if I am infected with it?

About a month ago, all of my files/folders suddenly dissappeared from this PC. I haven't been able to figure out what happened since. I came across this post this morning and now have hope that maybe the files are just hidden! Please help.

#34 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 16 October 2011 - 06:04 PM

If your computer exhibits the effects as described here, you are most likely infected with the FakeHDD rogue:

http://www.bleepingcomputer.com/virus-removal/remove-system-restore

#35 kevinm10

kevinm10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 27 October 2011 - 11:35 AM

Hello,
Thank you so much for your valuable instructions.
I previously was saved by the Security 2011 instructions.

Recently got the System Restore.
Followed the instructions to the letter but had different results.
Also checked for the rootkit but not found.
Ran rkill
Ran mb - it "cleaned"
Ran unhide. Indicated it was done but shortcuts were still gone and file folders in windows explorer were still empty
rebooted and the "virus" was back but not with all the subsequent popups, only one or two?

Ran rkill again and it noted a process it killed.
I browsed to that location and deleted the file and several other dll or such. (apologies, don't recall naming but it was like random characters.exe located in c:\programdata.

Rebooted and the "virus" is gone.
Ran unhide again. It finished but still no shortcuts or file folders.
After reviewing this forum thread, I realize I overlooked the %temp%\ location for the shortcut restore.
I mistakenly ran cccleaner and I'm sure they're gone now.

I did look at the documents and settings folder to try to recover shortcuts and noticed it's locked and I don't have permission anymore? Is that a Windows 7 difference vs XP? (I'm more familiar with XP)

Anyway, it occurred to me that I could do a system restore from prior to the virus and get everything back.
Problem is that when I run it, it never completes, just runs indefinately?

Any suggestions for running system restore successfully?
(I've run it successfully in the past, prior to infection)

Thanks again, and sorry about the ramble...

Kevin

Edited by kevinm10, 27 October 2011 - 11:36 AM.


#36 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 27 October 2011 - 11:41 AM

Yes, when temp is cleared, so are your backups.

For system restore I suggest you post in the appropriate forum for that.

You should have access your to your %userprofile% folder.

#37 TIM RIMMER

TIM RIMMER

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 October 2011 - 01:12 PM

THANK YOU THANK YOU THANK YOU---Just ran unhide.exe---all my files and pictures and favorites are back where they belong!!! Better get an external back-up soon.

thanks again.

Tim

#38 superenvelope

superenvelope

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 04 November 2011 - 06:08 PM

I used rkill and malwarebyte to delete the trojan files but the smtmp folders were also deleted.
How can I get them back?

#39 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 04 November 2011 - 10:01 PM

If you cant restore them from the recycle bin, there is not much you can unfortunately. If you have a backup you can restore from them.

How were the smtmp folders deleted? If it was mbam, they should not be removing those. Rkill does not delete anything so it is not that.

#40 bwoodhull

bwoodhull

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 November 2011 - 12:59 PM

Hey Grinler

You seem to be on top of this pretty well. I'm new to this site but have found your info very helpful in fixing my problems. I have successfully removed the "system restore virus" I acquired yesterday by going through all the steps in the turorial. Similar to an earlier post, the only problem I am having is getting back my hidden files. My desktop is good. I am missing a good amount of start menu options. I have run unhide.exe to no avail multiple times and restarted as well. I have run malwarebytes multiple times and it comes back clean. I did the copy and past of the folders in the temp and while the folders are there, they are empty. Someone mentioned earlier that they ran CCleaner and it may have deleted what they needed. I'm thinking this might be my problem too cause I did that before I got to this tutorial. If my files have been deleted, and are gone, is there a way to restore them otherwise? Or am I just kind of screwed and needing a reformat to get it right.

Thanks for providing so much info about this thing...I am stuck without people like you.

-Brett

#41 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 05 November 2011 - 01:17 PM

Do you have a folder called smtmp in the %Temp% folder? If not, then unfortunately there is not much unhide, or any other app, is going to be able to do for you. It may be possible to get some of your default stuff back, but not much else.

#42 bwoodhull

bwoodhull

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 November 2011 - 02:06 PM

Do you have a folder called smtmp in the %Temp% folder? If not, then unfortunately there is not much unhide, or any other app, is going to be able to do for you. It may be possible to get some of your default stuff back, but not much else.


I do have that folder. In there I have a folder 1, and folder 4. 4 only has an Itunes and Quicktime icon in it which doesn't matter cause from what I understand that is my desktop files which are all fine.

In the 1 folder, I have programs. In there I have a long list of start menu program folders. Problem is when I go into each folder, they are empty. I did the copy and paste of that entire "programs" folder and moved it to replace the other "programs" folder under start menu and got nothing. That's why I'm thinking I might be screwed. So is there a way to manually replace each start menu program? It may be tedious but not as tedious as reformatting and reinstalling all my software.

#43 dubli

dubli

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 06 November 2011 - 06:31 AM

Hello Grinler,
Thank you! All my documents and files are back! Hooray! I am so grateful that your instructions and program worked. Thank you so very much, me and my family are so happy to have our things on our computer back!

Also you said it’s important to not delete any temporary files and so I have a question... after I did my Malwarebytes scan there is a long list of things in the Malwarebytes Quarantine. Does this list contains any temporary files that I should restore? I have included a ‘print screen image’ of the quarantine list.

Also wondering, like someone else who posted here, I also have on my desktop new word documents named ~WRL3630 ~WRL1723 ~WRL1005 and many similar names and lots of them. I noticed someone else posted they had the same thing and you said it’s ok to delete them, and I was wondering if you could tell me what they are? Are they copies of my word documents, when I open each one it is one of my word documents and each is different.

And lastly, now that I have run your program and it has restored all my things; is it ok to delete temporary files?

Thank you for your time and help.
Kind regards
Posted Image

#44 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 AM

Posted 06 November 2011 - 10:24 AM

bwoodhull,

What version of windows are you running? And 32 bit or 64 bit? I may be able to get you back your default icons, but that's about it. For the rest of your programs you will have to manually make shortcuts to each of the executables.

dubli,

Those files on your desktop are prob backup files from word and can be deleted if you wish. As long as everything is restored now, you can empty the temp folder.

#45 bwoodhull

bwoodhull

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 November 2011 - 12:33 PM

[quote name='Grinler' timestamp='1320593061' post='2465404']
bwoodhull,

What version of windows are you running? And 32 bit or 64 bit? I may be able to get you back your default icons, but that's about it. For the rest of your programs you will have to manually make shortcuts to each of the executables.

Windows 7
64 bit

So I guess I'll go into each program file and copy the executable and add it to the start menu?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users