Question

Locked

Virus Hacktool.rootkit-How to show hiden file?

By vanbinh.nguyen ·
My computer was infected Hacktool.rootkit virus. I can not show hiden file ? I edited registry but it is not effect.

Please help me ?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Are these the keys that you modified

by Jacky Howe In reply to Virus Hacktool.rootkit-Ho ...

To allow hidden files and folders
<br>
By setting these Registry Keys to a Value of 1 you will be able to see hidden files and folders. The first one exposes all Hidden files and folders and the second one enables making changes to the View Hidden files and Folders.
<br><br>
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]<br>
Value Name: ShowSuperHidden<br>
Data Type: REG_DWORD (DWORD Value)<br>
Value Data: ( 0 = Hide Files, 1 = Show Files)
<br><br>
User Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]<br>
Value Name: CheckedValue <br>
Data Type: REG_DWORD (DWORD Value)<br>
Value Data: ( 0 = Disabled, 1 = Enabled)
<br><br>
Also run this Rootkit Revealer GMer
<br>
http://www.gmer.net/index.php
<br>
FAQ
<br>
http://www.gmer.net/faq.php
</br>

Collapse -

Reply: Are these the keys that you modified

by vanbinh.nguyen In reply to Are these the keys that y ...

I had mondified the keys as your suggestion and scaned by Rootkit Revealer GMer.
But it is not effect. When I open Registry again , Value of those Keys were 0 again.

do you have another way ?please help me

Collapse -

Try this

by Jacky Howe In reply to Reply: Are these the keys ...

Removing malware from System Restore points <br>
To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.
<br><br>
Default Start Menu <br>
If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".
<br><br>
Classic Start Menu <br>
If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".
<br><br>
After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".
<br><br>
Click Start, Run type msconfig and press Enter.
<br>
Now if you have the Configuration Utility open. <br>
Configure selective startup options<br>
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.<br>
Click to clear the Process SYSTEM.INI File check box.<br>
Click to clear the Process WIN.INI File check box.<br>
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.<br>
Click the Services tab.<br>
Click to select the Hide All Microsoft Services check box.<br>
Click Disable All, and then click OK.<br>
When you are prompted, save the settings and restart the PC.<br><br>
Download Malwarebytes Anti-Malware, install it and update it.
<br>
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe
<br><br>

* Double-click mbam-setup.exe and follow the prompts to install the program.<br>
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.<br>
* If an update is found, it will download and install the latest version.<br>
* Once the program has loaded, select Perform Quick Scan, then click Scan.<br>
* When the scan is complete, click OK, then Show Results to view the results.<br>
* Be sure that everything is checked, and click Remove Selected.<br>
<br>
I would keep scanning with it until it is clean by closing out and rebooting and running it again.
<br>
Just to be on the safe side when you finish do an online scan with Bitdefender. Or Google for an online scanner.
<br>
http://www.bitdefender.com/scan8/ie.html
<br><br>
If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM.
<br><br>
From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.
<br><br>
Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.
<br><br>
Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html
<br><br>
With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.
<br><br>
<i>Keep us informed as to your progress if you require further assistance.
</i>

Back to Malware Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums