Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am seeing files that should be hidden but aren't hidden


  • This topic is locked This topic is locked
5 replies to this topic

#1 liorshwa

liorshwa

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 10 June 2014 - 08:25 AM

i used combofix and i did let it finish and rebooted my pc after it finished!

when i booted my pc back i saw some folders in C: drive that should be hidden like:

$recyclebin

MSOcache

config.msi

programdata

msdownld.tmp

 

but they are not hidden

and in folder options the option for"show hidden files and folders is" UNTICKED

so i don't know what combofix did to my file attributes but i wanna know how to get it back the way it was?!

it is also happened to my other drives such as D: and E:



BC AdBot (Login to Remove)

 


#2 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:26 AM

Posted 14 June 2014 - 05:06 AM

Hi liorshwa,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.

Now let's get started...
 
First off, I don't think it was very wise to use ComboFix straight away. This is a very powerful tool that shouldn't be used without supervision of a security helper.
But anyway, no point in working on things that happened in the past.
 
:step1: ======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL];e
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

:step2: Can you give me a bit more information on why you've used ComboFix? Were you having trouble with some sort of infection? Are there still problems present or is this the only problem you're experiencing?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#3 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 14 June 2014 - 01:14 PM

Thank you for your help !

now here is the thing:

i have a couple of questions and also some answers!

what i wanted to say is that i reinstalled windows on my pc for a couple of reasons i wouldn't mension here!

but i just wanted to ask if you can tell me what is this program "Zoek.exe"? and what was it supposed to do?

Now, for the information of why i used combofix:

I would say that my knowledge in PC's is "pretty good" so , i got a virus (apperently ESET is not so good as an anti-virus) and my USB stick looks like this:

539c8f8d93451.jpg

and i know what each tool if used for, except from combofix LOL, but i have been told that this is  powerful tool (which didn't helped me at all)

so after i removed the virus with hitmanpro and adwcleaner and malwarebytes chameleon i noticed some folders that are supposed to be hidden but aren't!

and then i registered to this forum to get my answers! 

SO, thank you very much for spending your time to answer me but i reinstalled my OS with ghost32 (cause i'm lazy) and now everything is back to normal, but i'm still pretty interested in knowing what does Zoek.exe is?!


Edited by liorshwa, 14 June 2014 - 01:15 PM.


#4 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:26 AM

Posted 14 June 2014 - 03:38 PM

Hi,

 

Well, wonderful to hear your problem is already solved then. To answer your questions:

 

Zoek.exe is a script-based tool. It is capable of collecting useful information about a system, deleting files and making registry fixes...when put into the right hands. This makes it by no means useful for you. No offence, but this tool isn't made for tracking down infected files and deleting them automatically like most anti-malware scanners.

 

Furthermore I can't tell you why ComboFix made some of your files and folders visible after the scan. As I've said earlier this is a very powerful tool and all its information is strictly confidential. You should not be using it without supervision!

 

Do you have any other issues or problems with your computer on which I can help you?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#5 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 15 June 2014 - 05:32 AM

yes i wanted to ask if you reccomend using these third-party uninstallers like Revo Uninstaller? cause i have been using it for quite a while but i never knew if it really helps your system or not! i just used it beacause i want my computer to always be Clean and uncluttered ! for example my PC boot time from the "moment you press the power button" till you get to the logon screen is 8 seconds and i love the fact that i have been able to get to this level of optimization!



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:26 AM

Posted 15 June 2014 - 07:46 AM

Since it has been determined that you have no malware issues...you should post a new topic in the appropriate BC forum.  Depending on what your O/S is, the forum for that O/S would be a good place to start.

 

This forum is reserved for specific treatment of non-malware situations and is not a forum for general questions regarding system issues or problems.

 

If you think that using ComboFix without supervision/guidance...is the cause of current system issues...then you should initiate your new topic in the General Security forum, where those who know more about ComboFix may hopefully assist you.

 

This topic is now closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users