We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Important info about fake malware tool
Options

Hammyman
Posts: 9,913 Forumite
in Techie Stuff
I've just had a laptop come in. It is the first one I've had my hands on with this particular fake security tool.
This is the one where it pops up all kinds of warnings, you find you cannot access any of your files and all the entries in the start menu goes missing. When you fire up Windows Explorer, your hard drive seems completely empty.
Now looking on the interweb, the sites I've seen claim that this software relocates all the files so you can't find them. THIS IS NOT TRUE.
IT SETS ALL FILES TO HIDDEN
On XP...
Start the computer in Safe Mode. Click on Start, My Computer. Click on the C drive. Next click on the Tools menu and select Folder Options. In the next window click on the View tab and then select "Show Hidden files and folders" then click on Apply, OK and close the dialogues and ET VOILA - you'll see all the files and folders in faded icons. Now click on C, select all the files and folders, right click and select properties. Untick the "Hidden" box at the bottom then apply and OK. You've now changed them back from hidden so you'll now see all the start menu entries again, your desktop icons, all your files and folders and all your desktop shortcuts.
You'll still need to remove the malware though however at least you know where your files have gone - NOWHERE.
:D
Hope that helps.
This is the one where it pops up all kinds of warnings, you find you cannot access any of your files and all the entries in the start menu goes missing. When you fire up Windows Explorer, your hard drive seems completely empty.
Now looking on the interweb, the sites I've seen claim that this software relocates all the files so you can't find them. THIS IS NOT TRUE.
IT SETS ALL FILES TO HIDDEN
On XP...
Start the computer in Safe Mode. Click on Start, My Computer. Click on the C drive. Next click on the Tools menu and select Folder Options. In the next window click on the View tab and then select "Show Hidden files and folders" then click on Apply, OK and close the dialogues and ET VOILA - you'll see all the files and folders in faded icons. Now click on C, select all the files and folders, right click and select properties. Untick the "Hidden" box at the bottom then apply and OK. You've now changed them back from hidden so you'll now see all the start menu entries again, your desktop icons, all your files and folders and all your desktop shortcuts.
You'll still need to remove the malware though however at least you know where your files have gone - NOWHERE.

Hope that helps.
0
Comments
-
I dealt with a PC with that one on, little blighter even knobbled ctrl-alt-del so you couldn't task manager to stop any processes. Some anti-malware wouldn't even detect it or it shutdown the PC before the scan got far enough.
but combofix kicked its butt enough to get control back and start cleaning up.0 -
Regarding unhide.exe (I think it's called) on bleeping computers - does it do the steps outlined above?0
-
The_Grandmaster wrote: »Regarding unhide.exe (I think it's called) on bleeping computers - does it do the steps outlined above?
it just does what it says on the tin......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Was just wondering if it could be done as a first step before running malwarebytes and hijackthis etcetera...0
-
The_Grandmaster wrote: »Was just wondering if it could be done as a first step before running malwarebytes and hijackthis etcetera...
which, unhide.exe or the manual method?? you could do either, alongside rkill, as first steps. Really depends if you want to see rhe files before you clean,......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
First one I saw like this was in March, a fake HDD program. Came bundled with TDSS, but hadn't been rootkitted yet.
23/03/2011 14:00:30
mbam-log-2011-03-23 (14-00-30).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 323040
Time elapsed: 1 hour(s), 57 minute(s), 43 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 2
Registry Keys Infected: 123
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 25
Files Infected: 49
c:\programdata\33021704.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Test\AppData\Local\Temp\tmpAFBF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Test\AppData\Local\Temp\Low\ba9ff1f5.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Test\AppData\Local\Temp\Low\f25cd6e7.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Test\downloads\quicktime_update_kb246532.exe (Adware.PlayMP3) -> Quarantined and deleted successfully.
c:\Users\Test\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
Loads of Questbrowse, ShoppersReport, and ClickPotato entries as well.
Definitely a case of the person having a slow computer for months, until the obvious infection came and Malwarebytes got most of it clear.0 -
I seem to remember posting attrib -H /S a couple of weeks ago as an alternative4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0
-
debitcardmayhem wrote: »I seem to remember posting attrib -H /S a couple of weeks ago as an alternative
And got a bit of grief for your (correct IIRC) diagnosis.Move along, nothing to see.0 -
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards