Thursday, 10 August 2017

Restore / Recover from Virus that hides files and creates shortcut or .Exe application in Their Place

7 comments

      Many Viruses out there, hide your Folders and create Shortcuts or Application of the same name and same Icons as the Folders in the same directory. Many times people follow these shortcuts and end up infecting their system with this annoying virus.
      If you find any trace of this virus in your Flash/Pen Drive, External Hard-disk and other forms of Removable Disk, Then this quick tutorial should help you get your files back into place.

  • Windows 7 and Vista: Click Start in the search program field type CMD right click and Run as Administrator....
  • Type your Removable Storage Drive letter followed by colon and ENTER key. eg I: 
  • drive-letter: attrib *.* /s /d -h -r -s to make visible all files  (for more info, try attrib /?) or continue reading for a more detailed outline.
1.    Your Flash Drive should look like this when infected. (As you can see all the Folders have been hidden with only fake shortcuts leading to the virus).
2. Go to Folder Options: (on Windows 7: press alt first), click Tools ----> Folder Options: goto Views tab.
                                                                                      
3. Click Don't show hidden files, folders or drives and un-check "Hide protected operating system files". But If you're using Windows Xp and a virus has messed up you hidden folder options, then proceed to the command line step. 

4. Your Drive should now Display the hidden files.  Right click you desired folder and click properties.

5.  If the virus is one that just makes the Folders hidden and not System hidden( System Protected). Then the Hidden check box should be enabled and checked as shown in the image below (If not goto Command Line/Alternate solution section ). Just un-check the the Hidden tag and if you wish the Read-only tag too. but If it is shown as in step 1 of Command line section below:

COMMAND LINE SOLUTION / ALTERNATE SOLUTION


         If after the above steps your folder property is as shown below:  where the hidden tag is disabled and therefore, cannot be unchecked.
   
Follow the steps below:

STEP 1:  

Windows 7 and Vista: Click Start in the search program field type CMD right click and Run as Administrator.
               Windows XP: Click Start, click Run: type CMD and click OK.
                Or Goto Start------> Accessories------>  Command Prompt.

STEP 2:  

Type your Removable Storage Drive letter followed by colon and ENTER key. (eg I: )


STEP 3:  

Type Dir /A:H to display all hidden files (Note: will also display System protected files and Folders ), you can also use Dir /A:H to display only System protected files and Folders or Dir /A:HSD to display only System protected, Hidden Directories only.

STEP 4:

Type the Command as shown below, Make sure you type the attrib (attribute) command or you'll get an error. follow the System: 

attrib "File/Folder name" -h -r -s. 

Or  
attrib *.* /s /d -h -r -s to make visible all files (for more info, try attrib /?) 

STEP 5: 

After deleting the unwanted shortcuts or Fake applications. Your Directory should look like this.

No comments:

Post a Comment