Is there a program that will change all of the files and folders attributes from hidden to not hidden?
A friend was DLing porn (Yes, a friend, not me damnit!) and fucked up his computer pretty bad. This virus was even still fucking everything in safe mode, which I had never even heard of before. Anyway, I got it back to running somewhat normal again, but all the files and folders, I mean every single fucking thing on the drives, is set to hidden.
I've been slowly changing things back, but mostly it's only letting me do it file by file, folder by folder... and this fucking sucks. I need something that I can just make a stock set of settings and push a button and it does it automatically.
Sorry this doesn't really help your immediate problem in any way, but is there any reason not to just do a fresh install? Even if it means you'll still have to do this attribute change to any data you need to back up, it's probably the best option if the OS is as screwed up as it seems to be. Many system files should stay hidden, and I'd guess any programs or shell scripts that can do batch attribute changes would not be smart enough to know what to change and what not to.
Buried in there is what my solution would be: get on some techie forums and figure out how to do this from the command line.
(edited by samoflange on 26.5.11 1543) Lloyd: When I met Mary, I got that old fashioned romantic feeling, where I'd do anything to bone her. Harry: That's a special feeling.
Can't you highlight everything in the C: (or whatever) drive, right click and choose properties, and uncheck hidden from there? I thought it would cascade those settings from the folder down to all the files within that folder, but maybe I'm wrong.
Otherwise, you could use the Search utility, search for all files on the computer, and highlight all and uncheck that way.
Originally posted by CerebusI tried this 'attrib -h c: /s' which I thought should work, but the cmd prompt kept freezing up or closing itself on me.
Which is a sign that all is still not well.
I'd boot into a LiveCD, backup his photos and other (ahem) essential files on to an external hard drive, and do a fresh install before something really serious goes down and he loses everything. Otherwise, you're likely putting a band-aide on a bullet hole.
Originally posted by CerebusHe's a photographer and has thousands of pictures on it. He does not back up anything. Formatting is a bad idea.
I tried this 'attrib -h c: /s' which I thought should work, but the cmd prompt kept freezing up or closing itself on me.
Does it start scrolling through showing you each file as it does it or just sit there like it's frozen? If it's the latter it's probably working and you just need to let it sit for a while. Maybe you can check the task manager to and hard drive activity to see what's really going on there.
Or try a repair install. That may work to reset permissions on all the files, depending on what version of windows this is.
Most of these things are restricted to running on a profile by profile basis. If you can log on to the laptop as another user and try 'attrib -h /s /d' (do it at the C level and also at the user profile level although that is redundant), that should be a start.
You'll also want to run something like combofix and follow it up with a malwarebytes scan for good measure. One of my colleagues would also recommend tdsskiller but I really haven't seen much in the way of results from that. Run the first scan while logged in as a different user with admin privileges and then you should be able to run follow ups from your friend's profile.
Also, his desktop icons, quicklaunch menu, and start menu will still be messed up. Go into his profile and I think it is in %USERPROFILE%\local settings\temp\smtmp (or tmp\smtmp) there will be a folder with three directories numbered 1,2, and 4. Each of those will be his start menu, quick launch, and desktop icons, although which number is which changes.
Let me know if you have any further questions. I'm telling you what worked for me the last time I faced this (yesterday morning), but my coworkers and I are still trying to come up with a cohesive, standard strategy for facing this. This virus is a real bitch.
You believe me, don't you? Please believe what I just said...
I am late to help here, but if you haven't solved the issue, I would recommend everything that Eddie said above as well as running unhide.exe which is also from bleepingcomputer.com. It will unhide all the files.
BleepingComputer helped a lot here. This virus is found as either 'xxjskinbkvu.exe' or '19586852.exe' and it is the AIDS of computer viruses right now. It erases all your restores/backups, it hijacks ComboFix and redirects it to download a fake version of that program as a 'current upgrade' and it's attached so well into Windows that it takes over the OS in Safemode.
This shit is terrible... I'm kinda envious of it's creator cause it's so bad ass. If I were a haX0r I'd be fapping to it right now.
It's mostly gone now, but I'm still working on it having to get rid of it the old fashioned way, from a cmd prompt.
Sentinel.SYS does appear to be a valid Windows process. I don't know whether you have to have it running, but it doesn't appear to be harmful. It's made by Rainbow Technologies. It looks like the software that runs a hardlock dongle: