The "How To" Thread
Trogan
London, UK
How to Show Hidden Files and Folders
You may be asked to manually move or delete some files. Make sure your Windows OS is set to show all hidden files and folders!
(NOTE: This tutorial uses Windows XP as the main guideline, as that is what most users are running on their systems. On other Operating Systems this process will be slightly different. For an explanation on how to do this on other Operating Systems, scroll down a bit further for an explanation on each major Windows OS.)
Open your My Computer Icon, or open any folder on your computer . Click on the Tools Menu, and select -> Folder Options. From the Folder options windows that opens, click on the View tab.
Then:
1 - Set it to "Show hidden files and folders." Uncheck "Hide extensions for known file type." Uncheck "Hide Protected Operating System Files."
2 - Click Apply.
3 - Click on Apply To All Folders. This will set all folders to show any hidden files.
4 - Click OK.
At this point, all files on your hard drive(s) should be visible.
**Note: turning off the option to Hide Protected Operating System Files can be risky, because it leaves important OS files out in the open, where they may be accidentally deleted by users who are not familiar with them! When you are finished cleaning up your infection problem, you should change this option back on.**
HOW TO SHOW HIDDEN FILES AND FOLDERS ON OTHER OPERATING SYSTEMS:
Windows 2000
1- Open My Computer.
2 - Click Tools menu then click Folder Options.
3 - Click the View tab.
4 - Scroll to the "Hidden files and folders" section and click "Show hidden files and folders."
5 - Uncheck the "Hide protected operating system files (recommended)" option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.
Windows ME
1- Open My Computer.
2 - Click the Tools menu then click Folder Options.
3 - Click the View tab.
4 - Scroll to the "Hidden files" section, and click "Show hidden files and folders."
5 - Uncheck the "Hide protected operating system files (recommended)" option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.
7 - Click the Start button -> Programs and Accessories -> Windows Explorer.
8 - Choose the hard drive you wish to view from the left hand pane. Click "View the Entire contents of this drive."
Windows 98
1 - Open My Computer.
2 - Click View menu then click Folder Options.
3 - Select the View tab.
4 - Scroll to the "Hidden files" section Click "Show all files." Then click OK.
Windows 95
1 - Open My Computer.
2 - Click View menu and then click Options.
3 - Click the View tab.
4 - Select the option to "Show all files." Then click OK.
In any case where you have turned off the option to Hide Protected Operating System Files, we recommend you re-enable this option after you are finished cleaning the problems from your computer.
If you need assistance with any of these steps, feel free to ask, and someone will help at the earliest convenience.
You may be asked to manually move or delete some files. Make sure your Windows OS is set to show all hidden files and folders!
(NOTE: This tutorial uses Windows XP as the main guideline, as that is what most users are running on their systems. On other Operating Systems this process will be slightly different. For an explanation on how to do this on other Operating Systems, scroll down a bit further for an explanation on each major Windows OS.)
Open your My Computer Icon, or open any folder on your computer . Click on the Tools Menu, and select -> Folder Options. From the Folder options windows that opens, click on the View tab.
Then:
1 - Set it to "Show hidden files and folders." Uncheck "Hide extensions for known file type." Uncheck "Hide Protected Operating System Files."
2 - Click Apply.
3 - Click on Apply To All Folders. This will set all folders to show any hidden files.
4 - Click OK.
At this point, all files on your hard drive(s) should be visible.
**Note: turning off the option to Hide Protected Operating System Files can be risky, because it leaves important OS files out in the open, where they may be accidentally deleted by users who are not familiar with them! When you are finished cleaning up your infection problem, you should change this option back on.**
HOW TO SHOW HIDDEN FILES AND FOLDERS ON OTHER OPERATING SYSTEMS:
Windows 2000
1- Open My Computer.
2 - Click Tools menu then click Folder Options.
3 - Click the View tab.
4 - Scroll to the "Hidden files and folders" section and click "Show hidden files and folders."
5 - Uncheck the "Hide protected operating system files (recommended)" option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.
Windows ME
1- Open My Computer.
2 - Click the Tools menu then click Folder Options.
3 - Click the View tab.
4 - Scroll to the "Hidden files" section, and click "Show hidden files and folders."
5 - Uncheck the "Hide protected operating system files (recommended)" option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.
7 - Click the Start button -> Programs and Accessories -> Windows Explorer.
8 - Choose the hard drive you wish to view from the left hand pane. Click "View the Entire contents of this drive."
Windows 98
1 - Open My Computer.
2 - Click View menu then click Folder Options.
3 - Select the View tab.
4 - Scroll to the "Hidden files" section Click "Show all files." Then click OK.
Windows 95
1 - Open My Computer.
2 - Click View menu and then click Options.
3 - Click the View tab.
4 - Select the option to "Show all files." Then click OK.
In any case where you have turned off the option to Hide Protected Operating System Files, we recommend you re-enable this option after you are finished cleaning the problems from your computer.
If you need assistance with any of these steps, feel free to ask, and someone will help at the earliest convenience.
0
This discussion has been closed.
Comments
You may be told to disable System Restore if you are running Windows XP or ME! This prevents your system from re-loading infected files from the Restore directory.
To Disable System Restore:
Click on Start Menu -> Control Panels -> System -> System Restore. Click the checkbox to "Turn off System Restore" for all drives. Click Apply and then click YES to the confirmation dialog that will appear. Then click OK to exit the control panel.
Then proceed to fix your infection problem as instructed.
(NOTE: In some rare cases, spyware or viruses may disable access to the System control panel. If you cannot access the System control panel by the above procedure, please see the Alternate Methods later in this post to get directly to the System Restore Utility. )
To Re-enable System Restore:
After your problem is fixed, turn System Restore back on with that same control panel. Start Menu -> Control Panels -> System -> System Restore. Uncheck the checkbox "Turn off System Restore" for all drives. This will turn it back on. Click Apply and then OK to exit the control panel.
Then, create a new restore point to be safe. Click Start Menu-> All Programs -> Accessories -> System Tools -> System Restore. When the System Restore Utility opens click "Create a Restore Point" then click Next.
Enter a name for this Restore Point such as "After Sweeping Spyware" or something to that effect (the date will be added automatically) and click Create. This will create a new restore point which hopefully is now clean of whatever problems you had.
Alternate Methods to Enable or Disable System Restore:
1 - Click Start Menu-> All Programs -> Accessories -> System Tools -> System Restore. When the System Restore Utility opens, click on "System Restore Settings", and that will open the control panel which allows you to deactivate System Restore.
2 - Click Start Menu-> RUN. In the Run dialog box, type in "config.msc." When the Configuration utility opens, click "Launch System Restore." This will activate the Restore utility. Click on "System Restore Settings", and that will open the control panel which allows you to deactivate System Restore.
If you need assistance with any of these steps, feel free to ask, and someone will help at the earliest convenience.
You may be told to Quarantine certain files.
When your Hijack This log is analyzed by our SWAT Team members or experienced users, we will identify HJT entries which are known bad, or appear suspicious because their file names are random, nonsense, or fit patterns of certain infection problems. If you are told to "Manually locate all the .exe / .dll / htm / html files indicated above and quarantine them", this means you need to look at each HJT entry that has been highlighted for you and identify the location of the files. For example, here are a couple of HJT entries, with the actual file location highlighted in red:
O2 - BHO: (no name) - {5EA09FEA-707B-FB28-AF23-9B7F1EA97C20} - C:\WINNT\mfcwz32.dll
O3 - Toolbar: sitemove - {45084689-F2B1-ACD4-5C96-37D71CCC71D7} - C:\PROGRAM FILES\VC JUNK\FIVE MAPI.DLL
O4 - HKLM\..\Run: [sdkql.exe] C:\WINNT\sdkql.exe
Examine the HJT entries identified to you to determine the locations of any files you need to quarantine.
What you need to do is open My Computer, then open your C drive, then work your way to the folder(s) and file(s) indicated. If you cannot see the files, you may need to set your system to Show Hidden Files and Folders, as per the instructions here.
Sometimes a directory name will not be shown fully, but will be "truncated" to 8 characters, with a "~" in the name. For example:
C:\PROGRA~1\THATTI~1\castplay.exe
C:\PROGRA~1\ELSETONS\2DOES.exe
Anything with a "~" in the name is a folder with a longer name, but it starts with the letters indicated. In these examples, "progra~1" = Program Files. The folder "thatt~1" with the letters "thatt" and have more letters after that. It may be "thattimeof year" or, with spaces "that time of year." Locate the folder that is most likely to be the match, and open it. See if the exe or dll file in question is inside of it, for instance, castplay.exe in the 1st example.
To quarantine the files, open My Computer, open your C drive, and create a new folder by right-clicking, selecting New Folder, and naming it QUARANTINE. Then, move each of the files you have located above into the Quarantine folder by dragging and dropping them. (If you are moving them from a different hard drive, make sure to actually move them, not just copy them. A drag and drop between hard drives will copy a file, not move it. Hold down the SHIFT key when dragging and dropping between hard drives to do a move instead of a copy.)
One you have all the suspect files in the Quarantine folder, you now need to rename them to prevent them from accidentally (or purposefully) being re-run on your computer. Right click on each file, and rename the 3 letter "extension" part of the names. I recommend using the following naming system:
- rename .exe files to .xxx
- rename .dll files to .ddd
- rename .htm or html files to .hhh or .hhhh
- rename .tmp files to .ttt
- if quarantining a whole folder, add an XXX to the end of the folder name. You do not need to rename everything inside the folder, as having moved it to a different location and renaming the folder as well will break the filepath of any startup entries or services, so nothing inside it will run at startup.
If you are told to quarantine a file type that is not on this list, just take one of the 3 letters in the extension that will make it easy to remember what type of file it is (eg, using "x" for .exe's) and type that letter 3 times.
Why quarantine files? Why not delete them?
Well, we are all human. We all make mistakes sometimes. You may grab the wrong file by accident, and if you delete it and empty the recycle bin...it's gone. Or someone helping you with your HJT log may make a mistake, and tell you to get rid of a certain file, which is actually a legitimate file. If one of the HJT entries identified to you turns out to be a legitimate entry, and you delete the file associated with it, then you may encounter problems with some software package. Or, if you delete files instead of quarantining them, and you delete the wrong file by mistake, you can have software problems. Quarantining files is safer than deleting them, as you can always rename them and move them back if you need to. If you cannot remember where to move a file back to, you can always check your HJT log you posted here on Icrontic to find out where it came from.
Deleting Quarantined Files
If you want to clean out the quarantine after a couple of weeks, feel free to do so. Just make sure you have run most of your other programs to make sure that nothing appears to have been affected. If everything is running properly, go ahead and delete the quarantined files after 2 weeks or so.
If you need assistance with any of these steps, feel free to ask, and someone will help at the earliest convenience.
There is an excellent tutorial for all Windows operating systems located at the Symantec website (makers of Norton Anti-virus and many other security and utility software.)
Click here for their tutorial, and click on the yellow/black + sign beside your Operating System version to open the specific instructions for your system.
If you need assistance with any of these steps, feel free to ask, and someone will help at the earliest convenience.
.