Monday 6 March 2017

How to show hidden files caused by virus







I am very sure a lot of people have had this experience with their computers, for some it was an ugly experience. I will share 3 Steps to Show Hidden Files Caused by Virus Infections, these methods will help you who have difficulties showing hidden files because of virus infection


The method mentioned here will only work for Windows users, because most virus in the wild is targeting Windows operating system since they have the largest users in the world.


What we will be needing is only our windows Command prompt

There are 3 Steps to Show Hidden Files Caused by Virus Infections:

1. This is the screenshot of   USB content after it had been plugged into an infected computer.


corrupt file



 The virus hides all the files and folders, and change everything into a shortcut this shortcuts will call up documents.vbe when you try to execute.


2. The virus changes all the files and folders attribute by using system user, so when you try to change the attribute by right clicking it, you won’t be able to do so. See Below

doc attribute


3. Run command prompt and navigate to the USB drive. For instance, in this case, the USB is in E: drive.

attrib -H -S E:\* /S /D    OR attrib -s -r -h /s /d E:\*.*  either way will work just fine.


command prompt


Explanation

attrib : Displays or changes file attributes.

– : Clears an attribute.

H : Hidden file attribute.

S : System file attribute.

E:\* : Drive of the USB with * as wildcard that means process all files.

/S : Processes matching files in the current folder and all subfolders.

/D : Processes folders as well.

In Summary

1. Turn off Autorun for all of removable media. 

2. Do not DoubleClick your USB folder to prevent the virus spreading into your system.

3. To delete the virus manually, you can open REGEDIT, choose EDIT tab and click Find (Ctrl + F).

regedit


In the search box type "documents.vbe". If your search result return nothing it's mean that you're not infected by this kind of virus, if your search result return some value like the picture below


reg file search


Right click and choose "End Task" to stop the Wscript.exe process and try again to delete the Documents.vbe. Don't forget to delete the registry containing Documents.vbe.
 
task manager
Hope this has been informative for you.


you may also be interested in How to disable Autoplay/Autorun on windows 7
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)