Can't see files in My Documents folder

Discussion in 'Operating Systems' started by ichy, Apr 14, 2011.

  1. ichy

    ichy Diamond Member

    Joined:
    Oct 5, 2006
    Messages:
    6,939
    Likes Received:
    0
    A couple of days ago I got infected by one of those stupid Windows Recovery malware programs. Malwarebytes was able to get rid of it, but now when I go into my Documents and Settings folder it shows up as empty. When I click on folder properties it says there a hundred something gigabytes of files in there, so clearly whatever's there isn't actually gone. I'm also able to save files into my downloads folder and open them, but when I go back to the User1 folder the Downloads folder no longer shows up. I'm guessing the files are still there but the registry was screwed with some how. Any advice on how to make these files & folders show up again in Windows Explorer?
     
  2. ichy

    ichy Diamond Member

    Joined:
    Oct 5, 2006
    Messages:
    6,939
    Likes Received:
    0
    Nevermind, looks like everything in there was somehow changed to a hidden folder. Changed it back, all is well.
     
  3. LiuKangBakinPie

    LiuKangBakinPie Diamond Member

    Joined:
    Jan 31, 2011
    Messages:
    3,912
    Likes Received:
    0
    Are you on windows xp? You sure the malware is gone?
     
  4. Matt1970

    Matt1970 Lifer

    Joined:
    Mar 19, 2007
    Messages:
    12,323
    Likes Received:
    0
    Malwarebytes is good but it still misses stuff. Typicly you want to follow up with SpyBot and Super Anti-Spyware.
     
  5. ichy

    ichy Diamond Member

    Joined:
    Oct 5, 2006
    Messages:
    6,939
    Likes Received:
    0
    Did all of the above, and manually yanked out all of the registry entries.

    Running Windows 7 BTW.
     
  6. SetecAstronomy

    SetecAstronomy Junior Member

    Joined:
    Oct 8, 2007
    Messages:
    13
    Likes Received:
    0
    I've seen that particular malware infection on several machines at work. Often much more than the my documents folder gets set as hidden, such as the entire user account folders. I've also seen this cause the entire start menu to display as blank due to all the shortcut's being marked hidden. The easiest solution i found to undo that is running the following command from an elevated cmd prompt from the root of C:

    attrib -h /s /d

    from an elevated cmd prompt from the root of C: This will unhide everything (skipping over system files that you would want hidden)

    If you have not already i urge you to run tdsskiller (google it) on your computer as well. In every almost every instance the rogue software you had is the visible payload of a TDSS rootkit/bootkit infection. It may have been removed by other things you have ran however certain tdss variants are very sophisticated and difficult to remove.
     
  7. bankster55

    bankster55 Golden Member

    Joined:
    Mar 24, 2010
    Messages:
    1,124
    Likes Received:
    0
    These fake AV, fake recovery, fake MSE are REALLY getting to be obnoxious.
    The shut down all AV and firewalls, even the very obscure ones.
    When you click on their icon, the icons disappear
    They restrict permissions on all folders, not allowing any deletes or running of .exe's. And then prohibits changing back the permissions.
    They prevent any restores
    After booting to kaspersky rescue CD it didnt allow it to fully load
    The Win 7 DVD stops at the welcome screen - goes no further.
    Blocks going on internet
    Loads desktop with warning graphics
    etc etc

    The AV mentioned (MWB SAS SBS&D) here are absolutely useless - goes right by them
    The only decent shot at stopping this stuff is Comodo IS Suite (freeware)
    But I have thrown in the towel, Apr 28 is when the new ubuntu 11.04 supposedly comes out, and i will use it exclusively for surfing the web, nothing else, triple booting with Win 7 X86 X64
    http://www.h-online.com/open/news/i...-version-of-Ubuntu-11-04-arrives-1228402.html
     
  8. Bill Brasky

    Bill Brasky Diamond Member

    Joined:
    May 18, 2006
    Messages:
    4,346
    Likes Received:
    0
    I'm still curious how one goes about getting a virus. Do you guys get them from the web or in e-mails?
     
  9. bankster55

    bankster55 Golden Member

    Joined:
    Mar 24, 2010
    Messages:
    1,124
    Likes Received:
    0
    Porn sites - thats where industrial grade virus hang out
    You go to a site, then when you click on a sub link it goes to a dif one, and just by going to that page and you are dead meat.
    Comodo has prob the best bad web page avoidance system and blacklist.
    Warez sites are next, patches cracks and hacks
    P2P torrents may have a payload

    Most peeps get those fake AV, fake MSE, fake recovery popups during their normal cruising - IE, Yahoo, AOL messenger, outlook, outlook express, - things I wouldnt go near with a ten foot pole. If its popular, stay away.
    Emails with "CC" with 10 or 15 people getting the same message are dangerous, since some of them are prob infected.
    If you get a fake AV popup, you have to close out FireFox, unplug modem (or block internet with FW if you can), restart FF and close out all tabs. Then replug modem and start FF fresh. If you click on ANYTHING on the popup (and you HAVE TO), you got it.
    System restore as a last gasp option.
    Just look at all this crap, and this aint even the bad stuff.
    http://www.google.com/images?hl=en&...btnG=Search+Images&gbv=2&aq=f&aqi=g1&aql=&oq=
     
  10. Bill Brasky

    Bill Brasky Diamond Member

    Joined:
    May 18, 2006
    Messages:
    4,346
    Likes Received:
    0
    Yeah, it's surprising how many people click around on the web without real-time AV, and FF+ noscript (or something similar that disables javascript).
     
  11. HLW3333

    HLW3333 Junior Member

    Joined:
    Jul 24, 2011
    Messages:
    2
    Likes Received:
    0
    I got infected by the Malware XP Repair program a couple of days ago. And lost my desktop, desktop icons, start Icons for system accessesories like defrag etc. All because I inadvertently hit the wrong key when my anti-virus program asked me if I wanted to block access to a site that was seeking access to my computer. At the time I was running 1. the McAfee anti virus program, 2 Free versions of Malware Bytes and Panda Cloud anti Virus on my PC. After running Malware virus scans of these 2 program and downloading tdsskiller as suggested I got my desktop back, but my computer still cant' find any of my txt or html files. Also defrag etc still are all hidden on my PC. What a mess !!!

    I believe your "easy solution" would solve some of my problems, but I've forgotten how to do it. If you or anyone else can walk me thru the procedure step by step ASAP I would really appreciate it BTW I know everything is still on my computer because by Local disk properties still shows the same amount of used and unused disk space that existed before this mess.
     
  12. lowrider69

    lowrider69 Senior member

    Joined:
    Aug 26, 2004
    Messages:
    422
    Likes Received:
    0
    I cleaned a system about a month ago that had stuff hidden and missing from the client's My Documents folder. I had to do a data recovery and unhide the rest of the stuff.


    Regular common sites get hacked everyday. The biggest thing to worry about is ad servers getting hacked, it's very common. I don't surf without Firefox and NoScript and I have NoScript set to forbid iframes for untrusted domains as well, which is not the default setting but I highly recommend enabling it under the embeddings tab. Many hackers will put a iframe into the page code of the page they're hacking and have it load malicious code from another server/site. They also use object tags as well, which is blocked by NoScript by default for untrusted domains. Plus I use Avast which has a excellent network shield and web shield.

    I'd rather have malware blocked from downloading at all then have it download to my drive and then caught once it's run. I have seen AV's catch a malicious program when it was run and say it blocked it and the system still got infected or something still got messed up. They wouldn't catch all of it.


    One more thing, always create frequent backup images which is good to do for numerous reasons.

    Also, if you're using a mail client like Outlook Express, Live Mail, Thunderbird, etc....set them to view all mail in plain text. It's very effective and a easy thing to do to greatly cut down on your chances of getting hammered with a malicious email.
     
    #12 lowrider69, Jul 25, 2011
    Last edited: Jul 25, 2011
  13. HLW3333

    HLW3333 Junior Member

    Joined:
    Jul 24, 2011
    Messages:
    2
    Likes Received:
    0
    After a long and frustrating “trial and error” week-end I successfully got my laptop up and running again. This is my second struggle with a “malware program” in two years. Because of the “Hijack” of my Program folder and the hidden file feature of this particular “XP REPAIR” malware program, it made my first experience look like a piece of cake.

    The moral of the story is NEVER!!! NEVER!!! EVER!!! allow a blocked site or program to gain access to your computer.

    FWIW, after a week-end of “Googling” the web for solutions to my problem I came across this Article - How to fix "Windows XP Recovery" Malware Wednesday, June 8, 2011 - by Brian Richards Tags: Malware, virus removal, Windows XP Recovery, General at http://www.interworks.com/blogs/brichards/2011/06/08/how-fix-windows-xp-recovery-malware

    IMHO, Richards gives you the easiest step by step instructions to follow to get rid of this particular type of “Windows Recovery Malware”.


    PS: If for some reason the Richard's article does not resolve your malware problem , then I strongly suggest you Check out: Am I Infected? What Do I Do? at http://www.bleepingcomputer.com/for...y__Z-A__sort_key__last_post__topicfilter__all


    Also unhide.exe took a full 5 hours to clean up my laptop. A side effect of running unhide.exe now has my laptop cpu usage running at 24% to 80% instead of almost always at 100% according to Windows Task Manager.
     
    #13 HLW3333, Jul 26, 2011
    Last edited: Jul 27, 2011
  14. SolMiester

    SolMiester Diamond Member

    Joined:
    Dec 19, 2004
    Messages:
    5,264
    Likes Received:
    1
    I had an issue with a clients PC, a virus had also hidden all the users documents after we clean the virus out...so had to use this program to unhide them all...
    trojan-killer.net/download/unhider.exe