We do believe that everyone have experience with computer viruses and most of it is bad experience. Today we will share 3 Steps to Show Hidden Files Caused by Virus Infections. This tips and trick purpose is to help you who have difficulties showing hidden files because of virus infection.
This tips and trick is for Windows users, because most virus in the wild is targeting Windows operating system since they have the largest users in the world.
Requirements:
1. Command prompt
3 Steps to Show Hidden Files Caused by Virus Infections :
1. This is the screenshot of my USB content after I plug into infected computer.
The virus hide all my files and folders as well, and change everything into a shortcut that call Documents.vbe when executed.
2. The virus change the files and folders attribute by using system user, so when you try to change the attribute by right clicking it, you can't change it's hidden attribute.
3. Open your command prompt and go to your USB drive. In our case the USB is in E: drive.
attrib -H -S E:\* /S /D
Description :
attrib : Displays or changes file attributes.
– : Clears an attribute.
H : Hidden file attribute.
S : System file attribute.
E:\* : Drive of the USB with * as wildcard that means process all files.
/S : Processes matching files in the current folder and all subfolders.
/D : Processes folders as well.
Conclusion :
1. Turn off Autorun for all of removable media. View tutorial here: http://www.hacking-tutorial.com/tips-and-trick/how-to-turn-off-autorun-autoplay-on-windows-7
2. Do not doubleclick your USB folder to prevent the virus spreading into your system.
3. To delete the virus manually, you can open REGEDIT, choose EDIT tab and click Find (Ctrl + F).
In the search box type "documents.vbe". If your search result return nothing it's mean that you're not infected by this kind of virus, if your search result return some value like the picture below:
Write down the Documents.vbe path location, and delete the Documents.vbe manually from that folder. If you cannot delete the Documents.vbe because it is used by another program, go to task manager(CTRL+ALT+DEL) and find Wscript.exe.
Right click and choose "End Task" to stop the Wscript.exe process and try again to delete the Documents.vbe. Don't forget to delete the registry containing Documents.vbe too.
Hope you found it useful
This article is from Hacking-tutorial
Aucun commentaire:
Enregistrer un commentaire