Vista: files hidden from virus

[Snowypup]

Hey guys

I just got hit by a vista recovery virus, the one that makes you think your HDD is crashing. After getting rid of it with Malwarebytes everything seems to be hidden, even the start menu. So far I tried changing my folder options to show hidden files & folders and some software which didn't have any effect.

They were unhide from bleepingcomputer.com which told me "Can't find script engine VBScript" for script" and attribute changer that couldn't even execute.

Can anyone tell me any other ways to unhide everything?

 

[Chuklr]

Hey guys

I just got hit by a vista recovery virus, the one that makes you think your HDD is crashing. After getting rid of it with Malwarebytes everything seems to be hidden, even the start menu. So far I tried changing my folder options to show hidden files & folders and some software which didn't have any effect.

They were unhide from bleepingcomputer.com which told me "Can't find script engine VBScript" for script" and attribute changer that couldn't even execute.

Can anyone tell me any other ways to unhide everything?

Hi, Snowypup,

The following is from a post by YeOldeStonecat in this thread that might solve your problem:

Check out the sticked "malware tools" thread that is in the networking and Security forum..lots of people took the time to make suggestions in that thread.

Lots of todays malware will attrib h certain directories like desktop and documents. So they're hidden. Gotta reverse it. There's a tool called unhide.exe which someone wrote which can easily undo that for you if you don't feel like dropping to command prompt yourself.

...

Hope this helps.

Chuklr

 

[ekierce]

I've seen a few computers that got nailed by this.

I found a utility called unhide.exe that repaired it all.

http://www.technibble.com/forums/showthread.php?t=26127

 

[Snowknight26]

OP has more issues than just hidden files if VBScript files can't be executed.

 

[liquidcypher]

I skipped Vista, but in Windows 7, go into local users and groups, set a password for the builtin Administrator account, enable it and log in as that to fix my old profile. That, or just create a new account and use it to just delete the old.

**** Make sure all your important files are backed up first ****
Microsoft hides crap in your AppData\Local folder like a default Outlook PST

You might have bigger issues, but if its foobar, it couldn't hurt to try.

 

[YeOldeStonecat]

OP has more issues than just hidden files if VBScript files can't be executed.

Easily fixed and cleaned up by the tools mentioned in that malware removal stickied thread I mentioned.

 

[Mister Natural]

I just cleaned up a windows xp machine today with that. Easily cleaned.

The executable loads at startup in hkcu\software\microsoft\windows\currentversion\run
The virus itself resided in documents and settings\all users\application data

Delete that key and reboot and you can delete the virus manually. It set a hidden attribute on many user folders which when you clicked start\all programs nothing would show. Go to my computer and remove the hidden attribute on all specific user folders and the all users folders.

Run malwarebytes to clean up additional registry entries and files.

 

[TheBuzzer]

my sister comp got this type of virus 2 times.

one time just unhide everything

second time it also deleted all the freaking start menu shortcuts.

 

[stiltner]

To fix the start menu shortcuts missing. Run unhide a 2nd time, and go to the Start Menu options, switch from default to classic or vice versa, and then try it, and see if you can see your stuff.

 

[LOCO LAPTOP]

To fix the start menu shortcuts missing. Run unhide a 2nd time, and go to the Start Menu options, switch from default to classic or vice versa, and then try it, and see if you can see your stuff.

middle of doing a computer with that crappy virus. that should fix the empty folders in the start menu?

 

[Mister Natural]

I told a girl who had this virus to run Malwarebytes and she said it fixed everything including the hidden folders. So you might just try running that and see how it goes.

 

[Javelin3o4]

Depending on the version of Vista, (might be Business or higher) and I think any version of Windows 7 you can go to the following folder on the hard drive after you unhide everything,

C:\ProgramData\Microsoft\Windows

Right click on the "Start Menu" folder and select "restore previous version". Only catch is I dont think it works if you deleted all your temp files before hand or shadowcopies arent avail.

 

[Monkey34]

I just got two rigs in a row with this (one had a lot more also). Both Windows7.

 

[Nicker2009]

ATTRIB -S -H /S /D C:\*.*

nuff said. then go back and hide what needs to be hidden. This will also fix the unable to update issue in most cases if its blocking due to a non admin error.