Pensacola Computer Help Technoblog
I have just run into a real nasty new version of a Rogue fake antivirus malware that in addition to screwing with a user’s machine, actually performs a malicious act by hiding all of the users files as well as public shared files on the users computer. I have gotten a few calls from people saying “Help, I lost my files”, or “all my files are gone”. This malicious new virus/malware makes it appear as if the user files have been deleted or wiped off the computer. The files are not lost or deleted though, they have just been hidden.
The Rogue antivirus is a class of malware that pretends to be a real antivirus or antimalware program or some cases I have seen recently a fake windows diagnostic program that says you have memory errors or hard disk errors. In reality these programs ARE the infection. The fake program usually gives you messages that your system is infected or has issues, and tries to get you to either buy a worthless program, or get you to give someone your credit card number. Don’t do either!
To the user, it appears as if all their files – documents, music, pictures, files on the desktop etc have simply disappeared. Don’t worry though, this is not the case. The virus/malware sets a hidden attribute on all the users folders and files and also does the same to public shared folders and files. This can be undone by selectively resetting or unhiding the folders and files that have been hidden **NOTE: Be careful doing this as not all hidden files and folders in your user profile are meant to be unhidden, some are hidden by default and should remain so. If you are unsure of what to do, contact a computer professional to help you.
At Pensacola Computers, we can help you if you are not sure how to do this yourself, and can even do it in a remote session – for help removing viruses and malware, and recovering lost or hidden files visit http://pensacolacomputers.com for contact information.
Categories: Uncategorized
Previous 
Next 
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire
Am also finding that, at least in a case yesterday where all files became hidden, that it removed the Windows Activation, and removed the Windows activation service from Administrative Tools. As a matter of fact, if you click on Administrative Tools, the folder is empty, even if you choose to show hidden files and folders.
Need to copy data and reimage machine.
We had this fake antivirus hiding files reported yesterday. We found it hid the users folders and also the “All users” folders also. Quick to rectify the problem but a real pain.
I too have run into this virus. I have a toshiba satelitte that runs visita priemum home edition (64 bit). There are three profiles on my computer, and my wife’s profile has been afflicted twice with the ‘hide your profile’s desktop / music / personal documents’ virus. It also hide all of the common files on my hard drive. One other interesting note is that both virus attacks occured after my wife plug in her iphone. This has lead me to believe that there may be some kind virus on her iphone that triggers this virus. (Has anyone else noticed this?)
How I fixed the computer was:
1.) Booted the computer up in safemode and shutting off the virus using rkill (see link), installing a spyware program (see the link below.), removing the infected files, turning off the host file, and replacing the host file. (Sounds complicated, but the website below gives good instructions.) The computer then need to reinstall some of the windows folders saved from an earlier date. The computer did this automatically.
http://www.bleepingcomputer.com/download/anti-virus/rkill
2.) I used the online microsoft help, who performed a second virus scan and then showed me how to unhide the files.
If anyone knows about a possible link between installing an iphone and triggering the virus, please let me know.
Good luck!
I ran into a fake anti-virus program last night and I lost everything on my Desktop. In the start-up menu it still listed the programs but when I selected the program it stated “Empty” underneath it. I went into task manager and into the processes tab and removed any process that looked out of place (Normally a series of numbers). This stopped the fake malware but there were mutiple versions of the process running, so don’t assume that just because you deleted one process that the program has stopped running. I then went into the safe mode with networking and downloaded the Malwarebytes and removed two infections. I restarted the computer in normal windows mode but the files were still hidden. I did a system restore and all my programs returned to normal but all my documents, pictures, music and personal files are gone. Not sure if they are still hidden or they were removed during the restore. The restore stated that personal documents would not be affected so I think the files are there, I just can’t seem to find them. Any suggestions?
If files appear hidden, you can go to Windows Explorer (make sure to show the menu bar from Layout if using Vista or 7), then go to the Tools Menu > Folder Options > View Tab and Check the Show Hidden Files, Folders and Drives. You can then right click on a hidden folder, select properties, then uncheck the Hidden box and apply to all files and folders within that folder. Be very careful of any so called fix tools for this on the web, as many of them do a global reset of all your files on your computer which can cause problems – some files and folders are hidden and system files for a reason, and it is a good idea for these to remain as they were originally.
I ran into this virus also it showed up on my wifes computer she claimed after visiting Wikipedia. Norton A/V did not catch it right away. Here documents we also hidden but another side effect was all Program Entries in the Start Menu have their .exes missing. Able to recover documents. Also ran Norton PowerEraser to check for root kit. Going to backup data and wipe and reload OS to be certain everything is ok.