Unhiding file extensions

G

Guest

It seems that my Windows XP has been acting very oddly over the past week. It
insists on hiding on all my file extensions by default. I've already gone
into Tools/Folder Options to uncheck the option to Hide File Extensions for
Known File Types. However, the options automatically checks itself again
after I've closed Windows Explorer.

Worse, this strange behaviour also happens the moment I've left the current
folder that I've unhid all extensions, ie, the moment I leave and return to
the folder, I find that all the file extensions have been hidden by default
once more.

Has anyone experienced the same problem? I don't remember this to be an
issue -- is this caused by some stupid Update? The same problem is seen in
both my office and my home PC.
 
J

Jerry

Are you logged on as Administrator or a User? Could be that the
Administartor has set some kind of policy to hide the extensions. (Just
guessing here.)
 
G

Guest

I'm logged in as a User in both my office and home PCs. I wouldn't be able to
log in as an Administrator at the office anyway, but I can try logging as
Admin at home. But I suspect that the problem doesn't lie here.

I've tried editing the Registry of my home PC for HK_CURRENT_USER, to set
HideFileExt to 0, but I noticed that it still defaults to hide extensions (1)
all the same. From reading online FAQs, I'm told to find the equivalent file
in HK_USERS/.DEFAULT, but I can't find it.
 
G

Guest

Hi folks,

I've found the problem after doing a virus scan. As it turns out:

C:\WINDOWS\MS32DLL.dll.vbs
C:\WINDOWS\boot.ini

....were infected a virus hiding in a VBscript. Unfortunately, my virus scan
could not determine which script infected both of the above files.

It seems that MS32DLL is called whenever you attempt to open a folder in
Windows Explorer. I'm no expert. If someone can confirm or correct my
observation, please feel free to do so. Apparently, the script adjusted the
dll file to hide file extensions whenever it is called -- which is basically
whenever I accessed a new folder in Explorer.

Upon completing the virus scan, I found this Trojan horse:

SetupInstRe.exe (Trojan horse Dropper.Agent BMH)

I suspect that the virus script intentionally hid the file extensions in an
attempt to trick an unwitting user into executing the above Trojan horse.

Hope this helps!

- John Yip
 
G

Guest

Ok, more information.

MS32DLL turns out to be a worm virus, more popularly known as "Hacked by
Godzilla". You can google it to learn more. Apparently it started in
Southeast Asia and is spread by removable drives such as thumb drives or
portable HDDs. The specific one that infected my PC is a variant of this
virus -- someone modified it to hide file extensions by default.

The best instructions I've found for removing this virus is located here:
So it seems my hidden file extensions were indeed caused by a virus,
specifically MS32DLL. It is transmitted via removable memory devices such as
thumb drives.

The necessary steps to remove this virus are found here:
http://www.asiavista.net/2007/04/21/hacked-by-godzilla-the-cure/


The key thing to do is to make sure you Turn off Autoplay via gpedit.msc
(read the link I've provided for the details) before attempting to delete
MS32DLL and its companion autorun.inf script from your infected memory
devices.

Good luck!
 
G

Guest

Ok, more information.

MS32DLL turns out to be a worm virus, more popularly known as "Hacked by
Godzilla". You can google it to learn more. Apparently it started in
Southeast Asia and is spread by removable drives such as thumb drives or
portable HDDs. The specific one that infected my PC is a variant of this
virus -- someone modified it to hide file extensions by default.

The best instructions I've found for removing this virus is located here:
So it seems my hidden file extensions were indeed caused by a virus,
specifically MS32DLL. It is transmitted via removable memory devices such as
thumb drives.

The necessary steps to remove this virus are found here:
http://www.asiavista.net/2007/04/21/hacked-by-godzilla-the-cure/


The key thing to do is to make sure you Turn off Autoplay via gpedit.msc
(read the link I've provided for the details) before attempting to delete
MS32DLL and its companion autorun.inf script from your infected memory
devices.

Good luck!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

No File Extensions 4
Frustrated with XP 10
Hide _file extensions 1
.email file extensions 1
Disparity in def. mechanisms for file extensions 1
music & pictures extensions? 1
file extensions in Windows Explorer are missing 1
see extensions for known file types 4

Top