All My Files and Folders are Hidden after Rogue Virus attack,Lately there has been a constant stream of rogue antivirus software that hides all the files and folders on your hard drive, including everything in the users directory like documents, pictures, etc. as well as all the shortcuts on the Start Menu and more. The virus adds the hidden attribute to every file and folder on your system, so it appears as if everything has been deleted from your hard drive. If you've been hit by one of these viruses, follow the instructions below to unhide your files and regain control of your computer again.
If your system is still infected with a rogue antivirus, please follow the instructions on how to remove these rogue malware programs. After the malware has been removed, follow these steps to unhide your files and folders.
First, let's unhide your files by changing the system settings of Windows.
For Windows XP
1) Open My Computer
2) Click on Tools
3) Click on Folder Options
4) Click on the View Tab
5) Place a dot on the option "Show Hidden Files and Folders"
6) Click Ok
For Windows Vista
1) Click on the Windows Orb (Start button)
2) Click on Computer
3) Click on Tools
4) Click on Folder Options
5) Click on View
6) Click the option for "Show Hidden Files and Folders"
7) Click Ok
For Windows 7
1) Click on the Windows Orb (Start button)
2) Click on Computer
3) Click on Organize
4) Click on Folder and Search Options
5) Click on View
6) Click the option for "Show Hidden Files and Folders"
7) Click Ok
Now you should be able to see all of your files and folders. However, they still have the hidden file attibute set. When we remove the hidden attribute on the files and folders, all of your files should reappear normally.
To Unhide files and folders that Windows Diagnostic, Windows XP Restore and other malware hide
For Windows XP
1) Click on Start, Run
2) Type CMD and press Enter
3) At the command prompt type the following and press Enter
CD \
4) Now the command prompt should show the root folder of the hard drive. Most likely C:\
5) At the command prompt type the following and press Enter
ATTRIB -H *.* /S /D
This command will unhide the files that are currently hidden. Because the important system files have a system attribute attached to them as well, the above command will not work for them and they will be skipped and kept hidden from prying eyes.
This command will take some time, so dont be afraid if it takes anywhere from a few minutes to half an hour to finish. What the command does is simple. It removes the hidden attribute from all files on the hard drive. The /S parameter tells it to search the current folder and all subfolders, while the /D parameter processes tthe folders as well.
6) Type Exit and press Enter when the procedure is complete. Then reboot your computer
For Windows Vista/7
1) Click on Start, All Programs
2) Click Accessories and Find Command Prompt
3) Right click on the Command Prompt option and choose Run as Administrator
4) At the command prompt type the following and press Enter
CD \
5) Now the command prompt should show the root folder of the hard drive. Most likely C:\
6) At the command prompt type the following and press Enter
ATTRIB -H *.* /S /D
This command will unhide the files that are currently hidden. Because the important system files have a system attribute attached to them as well, the above command will not work for them and they will be skipped and kept hidden from prying eyes.
This command will take some time, so dont be afraid if it takes anywhere from a few minutes to half an hour to finish. What the command does is simple. It removes the hidden attribute from all files on the hard drive. The /S parameter tells it to search the current folder and all subfolders, while the /D parameter processes tthe folders as well.
7) Type Exit and press Enter when the procedure is complete. Then reboot your computer
Alternative to CMD Prompt Commands
As as alternative, there is a program that was created by the folks at Bleeping Computer that unhides these files as well. They have their own tutorial on how to use unhide.exe You can download unhide.exe to your desktop and run it to do the same thing as the above procedure.
Fix Problems with Hidden Start Menu icons and Taskbar/Quick Launch IconsMany times after removing these new rogue programs and unhiding files, I find that the Windows XP/Vista Quick Launch icons, and theWindows 7 taskbar icons are not working. Also, icons in the Start Menu are either completely gone or not working. These new rogue malware programs take these files and move them to a temporary directory, so when the computer is restored to working order these shortcuts still don't work.
Follow the steps below to fix these shortcuts on the Taskbar and Quick Launch toolbar
For Windows XP
1) Open My Computer
2) Double click on
Drive C
Documents and Settings
Your User Name (this is replaced with the actual user name)
Local Settings
Temp
SNTMP or SMTMP3) You'll find several folders here labeled with numbers (1, 2, 3, 4).
4) Open Folder 1
5) Folder 1 contains the All Users Start Menu shortcuts. Click on Edit, Select All, and Copy the files in this directory
6) Leave this folder open and Reopen My Computer again
7) Go to the following location
Drive C
Documents and Settings
All Users
Start Menu8) Click on Edit and Paste in this folder to copy the Programs folder and other shortcuts back to their appropriate location
9) Go back to Step 3 and open Folder 2. Folder 2 contains the Quick Launch shortcuts
10) Copy these files by selecting all and choosing Copy again (see step 5 for more info)
11) Open the following location
Drive C
Documents and Settings
Username
Application Data
Microsoft
Internet Explorer
Quick Launch12) Paste the files from Folder 2 to this location
13) Folder 3 appears to contain Windows 7 Taskbar icons (not needed in Windows XP)
14) Folder 4 does have Desktop icons that you could copy and paste as well. Using the procedure outlined above, copy the contents of Folder 4 to the location
C:\Documents and Settings\All Users\Desktop
For Windows Vista
1) Open Computer
2) Double click on
Drive C
Users
Your User Name (this is replaced with the actual user name)
AppData
Local
Temp
SNTMP or SMTMP3) You'll find several folders here labeled with numbers (1, 2, 3, 4).
4) Open Folder 1
5) Folder 1 contains the All Users Start Menu shortcuts. Click on Edit, Select All, and Copy the files in this directory
6) Leave this folder open and Reopen My Computer again
7) Go to the following location
Drive C
Program Data
Microsoft
Windows
Start Menu8) Click on Edit and Paste in this folder to copy the Programs folder and other shortcuts back to their appropriate location
9) Go back to Step 3 and open Folder 2. Folder 2 contains the Quick Launch shortcuts
10) Copy these files by selecting all and choosing Copy again (see step 5 for more info)
11) Open the following location
Drive C
Users
Username
AppData
Roaming
Microsoft
Internet Explorer
Quick Launch12) Paste the files from Folder 2 to this location
13) Folder 3 contains Used Pinned Task Bar icon. So you'll want to copy those files to the following location:
C:\Users\<your login name here>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
14) Folder 4 contains Desktop icons for all users. Copy these icons to the following location:
C:\Users\Public\Public Desktop
For Windows 7
1) Open Computer
2) Double click on
Drive C
Users
Your User Name (this is replaced with the actual user name)
AppData
Local
Temp
SNTMP or SMTMP3) You'll find several folders here labeled with numbers (1, 2, 3, 4).
4) Open Folder 1
5) Folder 1 contains the All Users Start Menu shortcuts. Click on Edit, Select All, and Copy the files in this directory
6) Leave this folder open and Reopen My Computer again
7) Go to the following location
Drive C
Program Data
Microsoft
Windows
Start Menu8) Click on Edit and Paste in this folder to copy the Programs folder and other shortcuts back to their appropriate location
9) Go back to Step 3 and open Folder 3. Folder 3 contains the Windows 7 Taskbar shortcuts
10) Copy these files by selecting all and choosing Copy again (see step 5 for more info)
11) Open the following location
Drive C
Users
Username
AppData
Roaming
Microsoft
Internet Explorer
Quick Launch
User Pinned
Taskbar12) Paste the files from Folder 3 to this location
13) Folder 3 contains Used Pinned Task Bar icon. So you'll want to copy those files to the following location:
C:\Users\<your login name here>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
14) Folder 4 contains Desktop icons for all users. Copy these icons to the following location:
C:\Users\Public\Public Desktop
Final Step: Set Files and Folders to Hidden AgainNow that we have reset the hidden attribute, you'll want to follow the instructions at the top of this page to hide the hidden and system files again. The purpose of doing this is to protect the system files from being shown and possibly being deleted from the system by someone.
Now reboot your computer and double check the Start Menu shortcuts and Quick Launch and Taskbar icons to make sure they all work again.
0 comments:
Post a Comment