How to unhide files from registry?

-2

My flash memory have a Malware. after I plugged it to my laptop I'm not able to see hidden files anymore. I tried these methods but I still can't change the radio button in folder and options from "Don't show the hidden files" to "Show the hidden files". 1)regedit.exe -> HEY_LOCAL_MASHIN\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL. set the CheckedValue = 0x1. 2)~ . set the DefaultValue = 0x2.

PS: windows7 service pack1 is installed on my laptop.

Faeze

Posted 2013-03-09T19:10:33.737

Reputation: 1

1First get rid of that malware that infected your PC. The issue you describe is a symptom that something bad is happening, and not seeing hidden files is probably not the only problem you will be confronted with. – jaume – 2013-03-09T19:29:49.567

1How do I get rid of malicious spyware, malware, viruses or rootkits from my PC? – Ƭᴇcʜιᴇ007 – 2013-03-09T19:34:20.017

I used this http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol%3B6

– Faeze – 2013-03-10T20:26:00.097

I used this link: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol%3B6. And also I scanned my flash memory with KasperSky.

– Faeze – 2013-03-10T20:27:22.887

Answers

It's entirely possible whatever malware your flash drive has infected your machine with is actively preventing hidden files from being displayed.

You would need to find a way to either neutralize the malware or use additional tools that interact with your filesystem on a lower level than Explorer does (such as GMER).

You might also have some luck with the command prompt, but probably not (make sure you use dir /a as you may have an attribs issue -- especially if the malware is related to FakeFrag/FakeHDD).

slancio

Posted 2013-03-09T19:10:33.737

Reputation: 614

Would you mind giving more information about how to use the GMER? – Faeze – 2013-03-10T20:25:13.747

USB/flash memory malwares depend on the "autorun.inf" file to spread.

When you plug a USB into your computer, the AutoRun feature starts and an .exe file is started from it and infect your computer. After that, it infects all the mounted drives with the same method. Put a copy of itself in the root of all drives, along with autorun.inf file. Then, they disable "Show hidden files" from Folder Options, by editing the registry. Maybe also auto close, or disable, the Task Manager to prevent you from killing its process.

Even if you removed the infected file from the USB, and reformatted your C: drive and installed a clean version of Windows, it is still hiding in your other drives (D:, E:, etc.) and as soon as you open any of these drives after a clean install of Windows, you will get infected again.

Cleaning your computer while the malware is active is a bit tricky. If you removed the .exe+autorun.inf from an infected drive, then it copies itself again to the same drive. If you killed its proccess, it waits till you open one of the infected drives, and it starts again.

A quick fix for this kind of malware is to disable the AutoRun feature and/or install an application like Autorun Eater that will monitor, scan, and allow/deny autorun.inf when one is detected. Also, it lets you fix the Folder Options and Task Manger settings in the registry if they were being modified, and restore them to their original state.

Karim ElDeeb

Posted 2013-03-09T19:10:33.737

Reputation: 166

1Windows 7 will not execute autorun on mass storage devices for precisely this reason. Only optical media, the last time I checked, and even that has a confirmation dialog. – Bob – 2013-03-10T09:37:35.720

Yes. That is the default behavior, unless it has been changed by the user. – Karim ElDeeb – 2013-03-10T10:07:52.797

No, it is not possible to enable autorun for mass storage devices in Win7. Not unless you have a third party program polling for connected devices, which has nothing to do with OS autorun support. I just double checked, and optical media does have an option to always autorun, but that is not possible for USB mass storage - this is not configurable.

– Bob – 2013-03-10T10:15:20.770

Sorry, my mistake. I thought it is possible to change it from Group Policy. – Karim ElDeeb – 2013-03-10T11:26:28.530

I honestly never considered Group Policy. However, it seems that it's not possible there either, as of Windows 7: In these versions of Windows, the ability of an autorun.inf file to set an AutoRun task, alter double-click behaviour or change context menus is restricted to drives of type DRIVE_CDROM. There are no policy settings that will override this behaviour.

– Bob – 2013-03-10T12:18:50.153

Thanks for your help Karim,but the software you'd introduced isn't compatible with 64 bit systems. So i can't use it.:( – Faeze – 2013-03-10T22:46:02.840