I got a fake virus checker that changed a lot of my system settings. First I saw a lot of messages prompting that my HD is not readable and then a program pops up checking the disk. I stopped it in the middle then the messagestated that hardware failure, I can choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually I safe booted the system and deleted the applications. The aftermath are:
1. many of my folders and files disappeared. It still shows the size when getting the properties of the folders. I eventually got most of them back byunlocking the folders and linked to the files in the folders from the shortcuts I had before. It turns out that the program set the files invisible if I go to the folders from shortcut, I can select them and make them not hide again.
2. The desktop, default folder location was changed to TEMP inside Documents and Settings. Instead of moving files around, I'd like to move the default folder location to my original one.

How can I do that?

Thanks for the help,

From: "liu" <(E-Mail Removed)>

> I got a fake virus checker that changed a lot of my system settings. First I saw a lot
> of
> messages prompting that my HD is not readable and then a program pops up checking the
> disk. I stopped it in the middle then the message stated that hardware failure, I can
> choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually
> I
> safe booted the system and deleted the applications. The aftermath are: 1. many of my
> folders
> and files disappeared. It still shows the size when getting the properties of the
> folders.
> I eventually got most of them back by unlocking the folders and linked to the files in
> the
> folders from the shortcuts I had before. It turns out that the program set the files
> invisible if I go to the folders from shortcut, I can select them and make them not hide
> again. 2. The desktop, default folder location was changed to TEMP inside Documents and
> Settings. Instead of moving files around, I'd like to move the default folder location
> to
> my original one.
>
> How can I do that?
>
> Thanks for the help,


I suggest creating an account and getting assistance at the Malwarebytes' forum.
http://forums.malwarebytes.org

You may still be infected by a protective TDSS rootkit and the side effects need to be
negated. A forum assistant will be able to guide you on a 1-to-1 bassis to get
resolution.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman wrote:
> A forum assistant will be able to guide you on a 1-to-1 bassis to get
> resolution.


The assistant might be a guitarist, for that matter. <w>


MowGreen
================
*-343-* FDNY
Never Forgotten
================

"Security updates should *never* have *non-security content* prechecked

liu wrote:

> I got a fake virus checker that changed a lot of my system settings.
> First I saw a lot of messages prompting that my HD is not readable
> and then a program pops up checking the disk. I stopped it in the
> middle then the message stated that hardware failure, I can choose
> cancel or restart. I restarted and the system becomes unrecognizable.
> Eventually I safe booted the system and deleted the applications.
> The aftermath are:
>
> 1. many of my folders and files disappeared. It still shows the size
> when getting the properties of the folders. I eventually got most of
> them back by unlocking the folders and linked to the files in the
> folders from the shortcuts I had before. It turns out that the program
> set the files invisible if I go to the folders from shortcut, I can
> select them and make them not hide again.
>
> 2. The desktop, default folder location was changed to TEMP inside
> Documents and Settings. Instead of moving files around, I'd like to
> move the default folder location to my original one.
>
> How can I do that?
>
> Thanks for the help,
>

There is a program called "unhide.exe", and perhaps David
would comment on when it should be used.

Apparently, what that program does, is do a mass-change to bring
back invisible files. This is from the last time I looked for it.
These are my links.

*******
A program called "unhide.exe" was specifically created for this situation.

http://www.bleepingcomputer.com/forums/topic391939.html

Step 17 here has the download.

http://www.bleepingcomputer.com/viru...t-defragmenter

( http://download.bleepingcomputer.com/grinler/unhide.exe )
*******

Your first priority, should be to clean up the computer, because
if some malware is still present, it can pretty much do that
again if it wants. Once the computer is clean, then you can
work on the cosmetic issues like "unhide".

It could be, that some registry entry controls "default folder".
Just a guess.

Paul

From: "Paul" <(E-Mail Removed)>

> liu wrote:
>
>> I got a fake virus checker that changed a lot of my system settings. First I saw a lot
>> of messages prompting that my HD is not readable and then a program pops up checking
>> the disk. I stopped it in the middle then the message stated that hardware failure, I
>> can choose
>> cancel or restart. I restarted and the system becomes unrecognizable.
>> Eventually I safe booted the system and deleted the applications.
>> The aftermath are:
>>
>> 1. many of my folders and files disappeared. It still shows the size
>> when getting the properties of the folders. I eventually got most of
>> them back by unlocking the folders and linked to the files in the folders from the
>> shortcuts I had before. It turns out that the program
>> set the files invisible if I go to the folders from shortcut, I can
>> select them and make them not hide again.
>>
>> 2. The desktop, default folder location was changed to TEMP inside Documents and
>> Settings. Instead of moving files around, I'd like to move the default folder location
>> to my original one.
>>
>> How can I do that?
>>
>> Thanks for the help,
>>
>
> There is a program called "unhide.exe", and perhaps David
> would comment on when it should be used.
>
> Apparently, what that program does, is do a mass-change to bring
> back invisible files. This is from the last time I looked for it.
> These are my links.
>
> *******
> A program called "unhide.exe" was specifically created for this situation.
>
> http://www.bleepingcomputer.com/forums/topic391939.html
>
> Step 17 here has the download.
>
> http://www.bleepingcomputer.com/viru...t-defragmenter
>
> ( http://download.bleepingcomputer.com/grinler/unhide.exe )
> *******
>
> Your first priority, should be to clean up the computer, because
> if some malware is still present, it can pretty much do that
> again if it wants. Once the computer is clean, then you can
> work on the cosmetic issues like "unhide".
>
> It could be, that some registry entry controls "default folder".
> Just a guess.
>
> Paul

Unhide is by Grinler (L. Abrams, founder of BleepingComputer) and is used to recursively
change the attributes of targeted files that have had the file attributes changed to
Hidden and System as well as move files back into their, original, respective locations.

If there are remnants of the malware still installed the rogue anti malware (a trojan) can
get reinstalled and/or the file problems and registry modification may revert back to
their modified condition even after correction.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

On Nov 17, 10:51*am, liu <spamfree...@yahoo.com> wrote:
> I got a fake virus checker that changed a lot of my system settings. First I saw a lot of messages prompting that my HD is not readable and then a program pops up checking the disk. I stopped it in the middle then the message stated that hardware failure, I can choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually I safe booted the system and deleted the applications. The aftermath are:
> 1. many of my folders and files disappeared. It still shows the size whengetting the properties of the folders. I eventually got most of them back by unlocking the folders and linked to the files in the folders from the shortcuts I had before. It turns out that the program set the files invisibleif I go to the folders from shortcut, I can select them and make them not hide again.
> 2. The desktop, default folder location was changed to TEMP inside Documents and Settings. Instead of moving files around, I'd like to move the default folder location to my original one.
>
> How can I do that?
>
> Thanks for the help,

You can recover easily if you use a Disk Image program.

You can just restore a disk image of when your system was running O.K.

Macrium Reflect has a free version.
Keep 3 days worth of images.

Andy

From: "Mint" <(E-Mail Removed)>

> On Nov 17, 10:51 am, liu <spamfree...@yahoo.com> wrote:
>> I got a fake virus checker that changed a lot of my system settings. First I saw a lot
>> of
>> messages prompting that my HD is not readable and then a program pops up checking the
>> disk. I stopped it in the middle then the message stated that hardware failure, I can
>> choose cancel or restart. I restarted and the system becomes unrecognizable. Eventually
>> I
>> safe booted the system and deleted the applications. The aftermath are: 1. many of my
>> folders and files disappeared. It still shows the size when getting the properties of
>> the
>> folders. I eventually got most of them back by unlocking the folders and linked to the
>> files in the folders from the shortcuts I had before. It turns out that the program set
>> the files invisible if I go to the folders from shortcut, I can select them and make
>> them
>> not hide again. 2. The desktop, default folder location was changed to TEMP inside
>> Documents and Settings. Instead of moving files around, I'd like to move the default
>> folder location to my original one.
>>
>> How can I do that?
>>
>> Thanks for the help,
>
> You can recover easily if you use a Disk Image program.
>
> You can just restore a disk image of when your system was running O.K.
>
> Macrium Reflect has a free version.
> Keep 3 days worth of images.
>
> Andy

And portentially lose data between the time the system was imaged and the time it was
restored.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

liu snuck on to your hard drive to scribble:
> I got a fake virus checker that changed a lot of my system settings. First I
> saw a lot of messages prompting that my HD is not readable and then a program
> pops up checking the disk. I stopped it in the middle then the message stated
> that hardware failure, I can choose cancel or restart. I restarted and the
> system becomes unrecognizable. Eventually I safe booted the system and
> deleted the applications. The aftermath are: 1. many of my folders and files
> disappeared. It still shows the size when getting the properties of the
> folders. I eventually got most of them back by unlocking the folders and
> linked to the files in the folders from the shortcuts I had before. It turns
> out that the program set the files invisible if I go to the folders from
> shortcut, I can select them and make them not hide again. 2. The desktop,
> default folder location was changed to TEMP inside Documents and Settings.
> Instead of moving files around, I'd like to move the default folder location
> to my original one.
>
> How can I do that?
>
> Thanks for the help,

Have you determined the specific malware and ensured it is fully
removed?

There are several programs designed specifically to target these fake
antivirus products such as Malwarebytes Rogue Remover and McAfee's Fake
AV Stinger. You might want to download one (or more) of these and run
before you do anything further or the problem may just return.

--
-There are some who call me...
Jim


"Do, or do not. There is no 'try'."
- Yoda ('The Empire Strikes Back')

From: "James D Andrews" <(E-Mail Removed)>

> liu snuck on to your hard drive to scribble:
>> I got a fake virus checker that changed a lot of my system settings. First I saw a lot
>> of messages prompting that my HD is not readable and then a program pops up checking
>> the disk. I stopped it in the middle then the message stated that hardware failure, I
>> can choose cancel or restart. I restarted and the system becomes unrecognizable.
>> Eventually I safe booted the system and deleted the applications. The aftermath are: 1.
>> many of my folders and files disappeared. It still shows the size when getting the
>> properties of the folders. I eventually got most of them back by unlocking the folders
>> and linked to the files in the folders from the shortcuts I had before. It turns out
>> that the program set the files invisible if I go to the folders from shortcut, I can
>> select them and make them not hide again. 2. The desktop, default folder location was
>> changed to TEMP inside Documents and Settings. Instead of moving files around, I'd like
>> to move the default folder location to my original one.
>>
>> How can I do that?
>>
>> Thanks for the help,
>
> Have you determined the specific malware and ensured it is fully removed?
>
> There are several programs designed specifically to target these fake antivirus products
> such as Malwarebytes Rogue Remover and McAfee's Fake AV Stinger. You might want to
> download one (or more) of these and run before you do anything further or the problem
> may just return.
>


It's called Malwarebytes's Anti Malware (aka; MBAM) not Malwarebytes Rogue Remover.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman was thinking very hard and all he could come up with
was:
> From: "James D Andrews" <(E-Mail Removed)>
>
>> liu snuck on to your hard drive to scribble:
>>> I got a fake virus checker that changed a lot of my system settings. First
>>> I saw a lot of messages prompting that my HD is not readable and then a
>>> program pops up checking the disk. I stopped it in the middle then the
>>> message stated that hardware failure, I can choose cancel or restart. I
>>> restarted and the system becomes unrecognizable. Eventually I safe booted
>>> the system and deleted the applications. The aftermath are: 1. many of my
>>> folders and files disappeared. It still shows the size when getting the
>>> properties of the folders. I eventually got most of them back by unlocking
>>> the folders and linked to the files in the folders from the shortcuts I
>>> had before. It turns out that the program set the files invisible if I go
>>> to the folders from shortcut, I can select them and make them not hide
>>> again. 2. The desktop, default folder location was changed to TEMP inside
>>> Documents and Settings. Instead of moving files around, I'd like to move
>>> the default folder location to my original one.
>>>
>>> How can I do that?
>>>
>>> Thanks for the help,
>>
>> Have you determined the specific malware and ensured it is fully removed?
>>
>> There are several programs designed specifically to target these fake
>> antivirus products such as Malwarebytes Rogue Remover and McAfee's Fake AV
>> Stinger. You might want to download one (or more) of these and run before
>> you do anything further or the problem may just return.
>>
>
>
> It's called Malwarebytes's Anti Malware (aka; MBAM) not Malwarebytes Rogue
> Remover.

Malwarebytes AntiMalware is the main antimalware program provided by
http://www.malwarebytes.org/products

I use it religiously - you know, worship and all that. I recommend it
to everyone and install it on all my systems.

Rogue Remover was a product put out by Malwarebytes that specifically
targeted rogue or fake antivirus products. However, in follow-up, I
have learned that this is an outdated product that is no longer
directly supported by Malwarebytes, but is still available for download
through

http://www.freewarefiles.com/RogueRe...ram_24739.html

Thank you for bringing this to my attention.

The point remains, as I'm sure you'll agree, ensure the rogue software
is fully removed from the system before proceeding.

--
-There are some who call me...
Jim


"Facts are the enemy of truth."
- Don Quixote - "Man of La Mancha"