Showing hidden files and folders
yba02
Most today's viruses operate on placing an autorun.inf file in whatever
drive they could find on a system, plus another executable file. Once the
user double clicks a drive letter, the autorun file triggers the executable
and the virus detonates.
To protect themselves, they first make sure that the user won't be able to
see them. They do so by NAILING the registery key
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
to a value of 2. No matter how you change it, it comes back to 2 once you
refresh the page. This translates in the folder options in such a way that
it is always the radio button "Do not show hidden files and folders" clicked.
Click the other button, apply, close, open again, and that same "Do not
show.." button chosen.
How could a virus weld a value to a key and how can I take over my stuff
again?
Thanks
Yahya
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
http://support.microsoft.com/kb/827315
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjunction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Andrew
Caused by: Spyware and Malware and a Virus..
SpybotSD Gets rid of all.
And its free..
http://www.spybot.com/en/download/
Try it and do a Full Scan. you might be surprised at the results.
and let me know if it Sorts it out..
Andrew.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:OLJTU8$TJHA...@TK2MSFTNGP06.phx.gbl...
PA Bear [MS MVP]
Hardly.
Andrew wrote:
> I Recommend SpybotSD I had the same problems.
>
> Caused by: Spyware and Malware and a Virus..
> SpybotSD Gets rid of all.
<snip>
Andrew
All the Stuff that "Norton Online Protection Centre" had
missed and not detected while running permanently.
Guess its a personal choice through experience.
So i still recommend SpybotSD.
As PART of an overall AV Solution.
A.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:uDjawdB...@TK2MSFTNGP06.phx.gbl...
Ron Badour
program and your comment about it being part of an overall AV solution is
good advice; however, it does not get rid of ALL the "evil things" that the
jerks put out there to screw up computers. You still need a good AV program
to run in conjunction with SpyBot.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
"Andrew" <NoTo...@ReadItYourSelf.com> wrote in message
news:VP-dnS9gA5LCf7DU...@bt.com...
Kelly
Long time, no see! :o)
I use this combo daily here in my shop:
http://www.kellys-korner-xp.com/xp_s.htm#spy
--
All the Best and Happy Turkey Day,
Kelly (MS-MVP/DTS&XP)
Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm
"Ron Badour" <So...@NoAddressBuddy.com> wrote in message
news:OhBFwBDU...@TK2MSFTNGP03.phx.gbl...
Andrew
As PART of an overall AV Solution
A
"Ron Badour" <So...@NoAddressBuddy.com> wrote in message
news:OhBFwBDU...@TK2MSFTNGP03.phx.gbl...
yba02
thank you all for the insight.
I use Panda and when it comes to viruses, it vanishes them like H2SO4
(Sulforic Acid.)
But, the problem I have is not how to remove the virus and take over my
computer again. The problem is how could the virus keep that value stuck to
2?
Well, I think I now came to realize that as long as that piece of crap is
still running in memory, it can make sure that that registry key value stays
2 all the way through.
Back to AV combo, I won't talk about how other AVs failed, but you might go
to www.pandasecurity.com and try their free online AV engine, Totalscan. No
matter what AV you have, you will be stunned!
Regards
yahya
PA Bear [MS MVP]
HijackThis log for review by an expert.
yba02
I'm sorry, did I mention anything about HjackThis? I do not even know what
it is or what it is good for!
However, tell me exactly what logs are required and I can get them for you,
if that might be of any help.
Let me please clarify. The problem is not standing anymore, I had to do a
couple of work-arounds that proved successful everytime I had to use them. I
managed to remove the virus and had the PC up and running again. My post
here was just to have some insight on possible ways to regain control over
registry values, while the virus is still alive.
Thanks
Yahya
PA Bear [MS MVP]
http://groups.google.com/group/microsoft.public.windowsxp.general/msg/7233dcd5565ceda6
yba02
Any further input from my side to better dig into this matter?
PA Bear [MS MVP]
expert assistance to do it.