Virus repair ??

General Computing Microsoft Windows
1

Ok so heres the deal … the kids got onto the computer and somehow got some kind of trojan. I have scanned the system at trendmicro and removed as many as they could. The 2 remaining are hidden files in my temp directory . Windows Me is the os by the way.

So it should be a simple matter of going to tools, selecting folder options and telling it to show me the hidden files so I can delete them . The problem is I no longer have a folder options link to click , all that appears under tools is network drive mapping.

So my question to you is how do I retrieve the option to view hidden files and thereby delete these files? I have tried reinstalling windows twice now but it does not fix my tools menu.

Any advice ?

2

Has your folder options in control panel disappeared too?

3

Can’t answer the question on getting the option back but you could do it the old way :wink: on this occasion to get access to the offending trouble

Open up a dos box
c:
attrib -r -h -s -a c:\whateverpath*.* /s

That will unhide the files and sub directories of your chosen path.

/edit bit of a google here… not quite sure if it back relates to ME registry I can’t remember when they overhauled the registry from earlier versions.

  1. Go to Start --> Run, then type Regedit
  2. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows
    CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
  3. Find a key called CheckedValue.
  4. Double Click CheckedValue key and modify it to 1. This is to show all the hidden files.

Now you should be able to view all the hidden files…

4

SHO WALL

Hey Paul, you quit Ogame a month ago, and it’s still not out of your system :lol:

  • I guess you mean show all :wink:
5

Not my fault its the div that posted it in the 1st place :wink:

all one word upper case ‘SHOWALL’

I’ll make the amends… ta wolly for picking that up :slight_smile:

6

Since all this started all kinds of weird things are going on. Now it says “registry editing has been disabled by the administrator” it never said that before . And the DOS commands dont work I should have mentioned I tried them . :frowning:

7

just in case…

try resetting the path statement…

I.e.

path=c:\;c:\windows;c:\windows\system

Pretty sure attrib still resided in the windows directory in ME

That’s not to say they have not been nobbled by the virus…

I would put anything pictures/document on to a cd or whatever media you have available
and to be honest wipe the machine clean and re-install from scratch.

8

not sure if this will help with the registry issue…

Its VBS not sure if ME will execute it or not but heck everything is worth a try…

http://www.dougknox.com/security/scripts_desc/regtools.htm

also…

http://www.symantec.com/security_response/writeup.jsp?docid=2004-050614-0532-99

9

Could try booting into safe mode and trying the registry amendments from there

10

YA if I cant get it out I think I will just have o format and start again :frowning: its just such a nuisance reloading everything lol

I will try that link and let you know how things go. Thanks for all your help Paul

11

No probs :slight_smile: