Monday, September 6, 2010

Unhiding files hidden by viruses and malware

A common and annoying trick (for most) used by malware is to hide files and folders and replace them with copies of the malware executable file with common windows folder or file icons. By the time one figures out their system has been infected half the stuff on the hard disks and USBs seems to have vanished and cleaning the malware does not seem to do anything for the "missing" files. Some clueless Windows users assume that the malware had deleted all their personal files while the more fortunate ones do find out that changing two settings in Folder Options is all that is needed to get Windows to show them their precious files. Those two settings are:
  • Show Hidden Files (enable this)
  • Hide protected operating system files (disable this)
    For some odd reason Windows thinks that any files marked as System and Hidden should be a protected operating system file.
So here's a simple way to let you unhide the files hidden by malware:
  • Download unhide.zip
    MD5: 3A1961622326EB09EDE9EAAE43C2A728
    SHA-1: 86F89724525753D3473504D989168668780E9554
  • Extract unhide.bat
  • Copy unhide.bat to the folder whose contents disappeared after the malware unfection
  • Double-click unhide.bat to run it and all your missing files and folders would automagically appear (unless the malware did actually delete it).
Those familiar with Command Prompt can just use the following command instead of downloading the batch file:
  • attrib /d /s -h -s