Virus Cleaned - All files, folders HIDDEN SYSTEM - SOLVED!

[Katlaya]

So far, what I am getting is that the System Restore is no longer configured. Not sure how they did that one. Under Local Computer Policies>Computer Configuration>Administrative Templates>System, nothing seems to be configured at all!

[Katlaya]

OK.. it seems that those things weren't configured because I never configured them. However I have a whole host of System Restore not being able to initialize in my event viewer. What I think is happening is either a change in the register key so it can't be found now or the all of those executable files for it are somehow corrupted. There are over a hundred of them. I have directly clicked on them individually and keep getting the same message as before from all of them so I'm thinking it must be a registry problem that redirects it somehow when it attempts to open. I don't know... I'm scratching my head on this one.

[Katlaya]

More update on the System Recovery issue. When I do a net start " System Restore Service at the C prompt on the desk top... I get this reply:

The System Restore Service is starting.
The System Restore Service could not be started.
The system could not find the file specified.

When I click directly on the exe file, I get that message that I told you about earlier. Hope this might give you a clue to what it might be. I have my fingers crossed!

[Panama Red]

Check your Services list and see if RPC (Remote Procedure Call) is started. In the Run box type: services.msc. RPC is the only dependency for System Restore. Maybe your issue is tied to a problem w/RPC. Also, did you run the SFC yet?

[Katlaya]

Ok.. finally fixed it with a re-install. This doesn't allow me to go back and pick an earlier version, even though I can see them on my computer, but since it had been disabled in some fashion, I couldn't get to them anyway. At least I have it working now, however. I found the solution on this website:
Service Pack 3 "sr.inf" file needed for System Restore

[lowest]

I guess I'm not bumping too hard...

Just had a similar virus, the error window looked valid enough. It wasn't until I was partway through the process where I saw I could get the "full" version.

Anyway, same problems, all of my folders/files are hidden. The only reason I new I had any data was that I had other startup programs running (and I got through bios and booted windows...).

First off, everything is just hidden. If you have any data you need to keep, unhide the folders and ship them somewhere else.

My Fix, nothing too complicated:

-Entered the run dialog (windowsbutton-r) and loaded up msconfig
-Found a very strange item in my startup menu (which pointed to a exe in an application data folder. I disabled it. The next time I started windows, no sign of the virus, just all of my folders hidden.
-Entered c: via the run dialog
-Viewed Hidden files, selected all of the folders, and changed them to not be hidden or read only.
-A file said "you can't do that" so I ignored all for the rest of the process.
-Then I used CCleaner to scan the registry and fixed errors(I love this program).
-Did a system restore (I feel that it has troubles when files are hidden)
-The first time hung, and I rebooted (already prepared for windows to be completely broken).
-After rebooting, everything was back to normal, no missing folders/shortcuts, and the folder that had the virus no longer existed.
-Did another system restore, this time with no issues.

Everything is working now, just got a message that I need to do a windows update.

[Biscuits]

Thanks for all the info above, I have almost recovered back from my "system check" malware disaster.

I have 2 concerns still though.
1. I can't complete a system restore. It goes through the motions even seems to restore. Gets to the end and says "unable to restore to #date" or something??
2. What do i do with the offending "system check" software. It is still on there and if i try uninstall it will just happen all over again? Can i just delete the whole lot without causing problems?

Note: i have done nothing with the registery. Is there a decent reg fixer out there i don't have to buy to fix more than 15 problems.

[DoubleSpeed]

Just wanted to say a big thank you to this forum for helping me fix my father in laws pc!

In the hope that this helps someone else here is a rundown of what happened…

My father in law runs Windows XP and after visiting a site instantly got pop-up/alerts saying 'windows delayed write failed' the whole machine died and when trying to start he had the blue screen of dealth and the message 'unmountable_boot_volume'. Managed to get the machine to boot again using the Windows installation disk and chkdsk /r from the Recovery Console. When the machine booted AVG found the virus win32/kryptik.co and successfully removed/quarantined it so I thought all was good however the machine appeared empty, nothing from the start menu i.e. no programs just said empty and all documents, photo etc all gone! Very weird nothing visible at all!

After a Google search ‘programs and files hidden by virus’ found this forum, saw the initial help of running the command from the command prompt cmd however I had no obvious access to cmd prompt then after further reading found the link to the unhide.exe, ran this and it fixed everything! All files, folders and programs unhidden all visible again, fantastic.

Panic over all those family photos/memories all preserved, just got to get him a good backup routine sorted now!

Thanks again hope the above helps someone else.

[Pkerkm]

Hello,

My name is pkerkm...i work for ITS department of my school, this is a work study job the school has, we fix computer and related problems.

We have had this malware/virus/bug that hides the students folders.

We have tried, the following tools, that i've seen in this post.

unhide.exe
tsskiller.exe
We use ccleaner, malware bytes, super anti-spyware.
norton power eraser.


Also, we have done "tools"-> "folder options"->"view" i have unchecked and checked the right options.

i ran unhide.exe, it ran correclty, but didn't work.
i ran tsskiller and it found the root virus, it "cure" it, and restarted and it did not work.

ccleaner, malware bytes and super anti-spyware did find bad "things" and removed them.

norton power eraser, also deleted whatever it was infected by it.



After each of the tools i've mentioned above, i've ran the following code in the command prompt.

(my code is in "example")

E:\>"cd\"
C:\>"dir\ah"
C:\>"attrib *. -h -s -r /d /s"

C:\>access denied "filepath/folderpath"



We are quite computer savvy, but we are probably doing something wrong, please leave a reply to this post thanks.


P.S we have had this problem since last year for many computers.

[glc]

In a school situation, you would be better off wiping and reimaging the infected machines.

[Pkerkm]

we have done that in the past, but now we are trying to see how we can fix it. we think that the virus goes is in the network affecting students computers, or they download files from the internet, and that is how they are getting them.

our priority is not to re-image, that is our last option. it does work, and it doesn't take long, but we want to know how to do it.

our main problem is that we keep getting access denied, when doing the attrib command.

[glc]

If you have Vista or 7, you need to run the command prompt as administrator.

[jai37]

I'm having this same problem and I have Vista. How do I get rid of this virus....PLEASE HELP!

[rjfvillarosa]

jai37. Please read through the entire thread to see if it answers your question, also, could you please be a little more specific about the infection your computer has encountered and give us the specifications of your computer.