-2

My flash memory have a Malware. after I plugged it to my laptop I'm not able to see hidden files anymore. I tried these methods but I still can't change the radio button in folder and options from "Don't show the hidden files" to "Show the hidden files". 1)regedit.exe -> HEY_LOCAL_MASHIN\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL. set the CheckedValue = 0x1. 2)~ . set the DefaultValue = 0x2.

PS: windows7 service pack1 is installed on my laptop.

Faeze
  • 1
  • 1
  • 2
  • 1
    First **get rid of that malware** that infected your PC. The issue you describe is a symptom that something bad is happening, and not seeing hidden files is probably not the only problem you will be confronted with. – jaume Mar 09 '13 at 19:29
  • 1
    [How do I get rid of malicious spyware, malware, viruses or rootkits from my PC?](http://superuser.com/questions/100360/how-do-i-get-rid-of-malicious-spyware-malware-viruses-or-rootkits-from-my-pc) – Ƭᴇcʜιᴇ007 Mar 09 '13 at 19:34
  • I used this http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;6 – Faeze Mar 10 '13 at 20:26
  • I used this link: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;6. And also I scanned my flash memory with KasperSky. – Faeze Mar 10 '13 at 20:27

2 Answers2

1

It's entirely possible whatever malware your flash drive has infected your machine with is actively preventing hidden files from being displayed.

You would need to find a way to either neutralize the malware or use additional tools that interact with your filesystem on a lower level than Explorer does (such as GMER).

You might also have some luck with the command prompt, but probably not (make sure you use dir /a as you may have an attribs issue -- especially if the malware is related to FakeFrag/FakeHDD).

slancio
  • 644
  • 4
  • 11
0

USB/flash memory malwares depend on the "autorun.inf" file to spread.

When you plug a USB into your computer, the AutoRun feature starts and an .exe file is started from it and infect your computer. After that, it infects all the mounted drives with the same method. Put a copy of itself in the root of all drives, along with autorun.inf file. Then, they disable "Show hidden files" from Folder Options, by editing the registry. Maybe also auto close, or disable, the Task Manager to prevent you from killing its process.

Even if you removed the infected file from the USB, and reformatted your C: drive and installed a clean version of Windows, it is still hiding in your other drives (D:, E:, etc.) and as soon as you open any of these drives after a clean install of Windows, you will get infected again.

Cleaning your computer while the malware is active is a bit tricky. If you removed the .exe+autorun.inf from an infected drive, then it copies itself again to the same drive. If you killed its proccess, it waits till you open one of the infected drives, and it starts again.

A quick fix for this kind of malware is to disable the AutoRun feature and/or install an application like Autorun Eater that will monitor, scan, and allow/deny autorun.inf when one is detected. Also, it lets you fix the Folder Options and Task Manger settings in the registry if they were being modified, and restore them to their original state.

Karim ElDeeb
  • 166
  • 2
  • 1
    Windows 7 *will not* execute autorun on mass storage devices for precisely this reason. Only optical media, the last time I checked, and even that has a confirmation dialog. – Bob Mar 10 '13 at 09:37
  • Yes. That is the _default_ behavior, unless it has been changed by the user. – Karim ElDeeb Mar 10 '13 at 10:07
  • 1
    No, it is [*not possible*](http://www.samlogic.net/articles/autorun-usb-flash-drive-windows-7.htm) to enable autorun for mass storage devices in Win7. Not unless you have a third party program polling for connected devices, which has nothing to do with OS autorun support. I just double checked, and optical media does have an option to always autorun, but that is *not possible* for USB mass storage - this is *not* configurable. – Bob Mar 10 '13 at 10:15
  • Sorry, my mistake. I thought it is possible to change it from Group Policy. – Karim ElDeeb Mar 10 '13 at 11:26
  • 1
    I honestly never considered Group Policy. However, it seems that it's not possible there either, as of Windows 7: [*In these versions of Windows, the ability of an autorun.inf file to set an AutoRun task, alter double-click behaviour or change context menus is restricted to drives of type DRIVE_CDROM. There are no policy settings that will override this behaviour.*](http://en.wikipedia.org/wiki/AutoRun#Windows_7.2C_Windows_Server_2008_R2) – Bob Mar 10 '13 at 12:18
  • Thanks for your help Karim,but the software you'd introduced isn't compatible with 64 bit systems. So i can't use it.:( – Faeze Mar 10 '13 at 22:46