SG Broadband Community

Posted: **Sun Sep 23, 2012 11:44 pm**

Trying to fix a friend's HP machine w/ a smart hdd virus that hid all of her data.

Pulled the hdd and scanned it from another machine. Found 29 trojans and has since scanned clean with Malwarebytes and MSE.

Boots just fine now but all the icons and shortcuts are still hidden.

Added the run command back to the start menu manually but am not sure whether to download unhide.exe or not.

Am trying this: http://superuser.com/questions/298605/a ... -infection

Malware now commonly will apply the System or Hidden attributes to hide your files as Windows by default has files with these attributes hidden in Explorer, this also applies to the Start Menu.

To fix it you will need to enter the command line.

On the Start Menu you will see a search box.

Bring up the Run applet Windows Key + R OR Start > Run and type cmd.
Type attrib -H -S "%USERPROFILE%\Start Menu" /S /D
Type attrib -H -S "%ALLUSERSPROFILE%\Start Menu" /S /D

This will remove the Hidden and System attributes from all the shortcuts in the Start Menu.

You may also need to run the same command on your user profile to show everything else the malware hid.

Type attrib -H -S "%USERPROFILE%" /S /D

Once you have done this I would backup the data and reload Windows, while you can fix most problems caused by malware you can never be 100% sure you got rid of everything.

You can also use a program called Unhide from BleepingComputer.com, but it will UNHIDE EVERY FILE ON THE DRIVE! http://download.bleepingcomputer.com/grinler/unhide.exe

but am getting "the /D switch is only valid with the /S switch"

Any help appreciated, thanks

Posted: **Mon Sep 24, 2012 7:37 am**

Run that "unhide" from BleepingComputer...does the job for you, and restores the stuff that gets hidden in a folder deep in the users profile.
Don't run any temp file cleaner like CCleaner before restoring hidden files..they usually get moved to a folder deep in the users temp directory. Unhide will find them (unless you ran a temp files cleaner)..and put them back.

Posted: **Mon Sep 24, 2012 7:39 am**

Just use the unhide utility. Download & save, double click.

Posted: **Mon Sep 24, 2012 12:32 pm**

Run it a couple of times just to be safe.

Posted: **Mon Sep 24, 2012 2:06 pm**

I think I got everything back except the desktop background image.

Not sure since I didn't even bother booting it from that disk initially.

Posted: **Mon Sep 24, 2012 7:08 pm**

Personally, I would wipe the drive and do a clean install.

Posted: **Mon Sep 24, 2012 7:27 pm**

RaisinCain wrote:Personally, I would wipe the drive and do a clean install.

If it was my own I might. As it belongs to a friend I'm trying everything I can do to get it working again as is.

Posted: **Mon Sep 24, 2012 9:01 pm**

Humboldt wrote:I think I got everything back except the desktop background image.

Not sure since I didn't even bother booting it from that disk initially.

Humboldt wrote:If it was my own I might. As it belongs to a friend I'm trying everything I can do to get it working again as is.

Well? Is it fixed?

Craig (Mnosteele) has a page with good tools that he keeps updated...

http://www.drtweak.com/index.php?topic=176.0

Posted: **Mon Sep 24, 2012 9:05 pm**

Ken wrote:Well? Is it fixed?

Hey Ken

It's fixed. Scans clean w/ Malwarebytes and MSE and got the desktop and original icon positioning back w/ system restore.

Biggest bitch was just getting into the damn computer

*goes back to watching latest eBay coin auction*

Posted: **Mon Sep 24, 2012 9:08 pm**

Humboldt wrote:Hey Ken
It's fixed. Scans clean w/ Malwarebytes and MSE and got the desktop and original icon positioning back w/ system restore.

Biggest bitch was just getting into the damn computer

*goes back to watching latest eBay coin auction*

See my edit... (I see yours! )

Posted: **Mon Sep 24, 2012 9:43 pm**

He's always been very helpful over the years.

Damnit, got outbid.

SG Broadband Community

Need some virus help

Need some virus help