Folder Options Recovery From Virus

Folder Options Recovery From Virus Attack
Some Current Indonesian Windows Viruses that were reported had widely spread out
around the world had unique characteristics of attacking techniques. One of the old
popular techniques was Changing (I like to call it “making a Mess”) Windows Folder
Options by modifying Windows Registry.
Some Indonesian virus programmers preferred to play “hide and seek” only by hiding
files in the computer target without making a dangerous destructive action of the
computer system. Commonly, the attackers tried to hide the files by changing their
file attributes into “hidden” and “system”, so that the files status is not just hidden, yet
super-hidden as simply protected Windows system files.
The Victims cried that they had lost their such files. Some of them had realized that
their files had been super-hidden, but they could not get their hidden files back since
they could not change the Folder Options settings to the normal previous state after
the virus programmer had ‘frozen’ the Folder Options Settings. And the rest of them
did not realize that their files had just been invisible and, frequently, replaced by fake
files (files that contain malicious scripts — the virus itself). Mostly, in the case of the
frozen Folder Options Settings, the virus had made registry modifications at “Checked
Value” and “Unchecked Value” Check Box Options.
This article tells about How To:
1. Unfreeze The Frozen Folder Options
2. Recover Folder Options Settings that had been changed by Virus
3. Show The Files that had been hidden by Virus
1. Unfreeze The Frozen Folder Options
There are two ways to Unfreeze The Frozen Folder Options. First, Kill The Resident
Virus with trusted AntiVirus, and second, Recover Folder Options by re-modifying
the registry keys that had been changed by attacking Virus to their normal previous
state.
2. Recover Folder Options Settings that had been changed by Virus
1. Download Two Registry Entry Files below:
- a. Download Show_FolderOptions_and_ControlPanel.reg (download here)
- b. Download Folder_Options_Recovery_-_Show_All_Files.reg (download here)
—- and “Merge” it into Your Windows Registry Database, OR
2. Manual Recovery via Windows Registry by Creating Two Registry Entry
Files:
- a. Open Windows Notepad or other Text Editors
- b. Copy these Registry Entry lines written below:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\E
xplorer]
“NoFolderOptions”=dword:00000000
“NoControlPanel”=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
“NoControlPanel”==dword:00000000
and save as Registry Entry File (.reg):
“Show_FolderOptions_and_ControlPanel.reg“ -> this is useful for the condition if
Folder Options had been hidden and Control Panel had been disabled by the Virus.
Yet, if Folder Options remains visible and Control Panel had not been disabled, then
Copy and Paste into Your Notepad:
these Registry Entry lines written below:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp
lorer\Advanced\Folder]
“Type”=”group”
“Text”=”@shell32.dll,-30498″
“Bitmap”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
“HelpID”=”shell.hlp#51140″
lorer\Advanced\Folder\ClassicViewState]
“Type”=”checkbox”
“HKeyRoot”=dword:80000001
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”
“ValueName”=”ClassicViewState”
“CheckedValue”=dword:00000000
“UncheckedValue”=dword:00000001
“DefaultValue”=dword:00000000
lorer\Advanced\Folder\ControlPanelInMyComputer]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyCom
puterIcons”
“ValueName”=”{21EC2020-3AEA-1069-A2DD-08002B30309D}”
lorer\Advanced\Folder\DesktopProcess]
“ValueName”=”SeparateProcess”
lorer\Advanced\Folder\DesktopProcess\Policy]
lorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess]
@=”"
lorer\Advanced\Folder\DisableThumbCache]
“ValueName”=”DisableThumbnailCache”
lorer\Advanced\Folder\FolderSizeTip]
“ValueName”=”FolderContentsInfoTip”
lorer\Advanced\Folder\FriendlyTree]
“ValueName”=”FriendlyTree”
lorer\Advanced\Folder\Hidden]
“Bitmap”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
lorer\Advanced\Folder\Hidden\NOHIDDEN]
“Type”=”radio”
“ValueName”=”Hidden”
lorer\Advanced\Folder\Hidden\SHOWALL]
“ValueName”=”Hidden”
lorer\Advanced\Folder\HideFileExt]
“ValueName”=”HideFileExt”
lorer\Advanced\Folder\NetCrawler]
“ValueName”=”NoNetCrawling”
lorer\Advanced\Folder\NetCrawler\Policy]
lorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]
@=”"
lorer\Advanced\Folder\PersistBrowsers]
“ValueName”=”PersistBrowsers”
lorer\Advanced\Folder\ShowCompColor]
“ValueName”=”ShowCompColor”
lorer\Advanced\Folder\ShowFullPath]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState
”
“ValueName”=”FullPath”
lorer\Advanced\Folder\ShowFullPathAddress]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState
”
“ValueName”=”FullPathAddress”
lorer\Advanced\Folder\ShowInfoTip]
“ValueName”=”ShowInfoTip”
lorer\Advanced\Folder\SuperHidden]
“WarningIfNotDefault”=”@shell32.dll,-28964″
“ValueName”=”ShowSuperHidden”
lorer\Advanced\Folder\SuperHidden\Policy]
lorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=”"
lorer\Advanced\Folder\Thickets]
“Text”=”Managing pairs of Web pages and folders”
“Bitmap”=”C:\\WINDOWS\\System32\\\\SHELL32.DLL,4″
“HelpID”=”TBD”
lorer\Advanced\Folder\Thickets\AUTO]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer”
“Text”=”Show and manage the pair as a single file”
“ValueName”=”NoFileFolderConnection”
lorer\Advanced\Folder\Thickets\NOHIDE]
“Text”=”Show both parts but manage as a single file”
lorer\Advanced\Folder\Thickets\NONE]
“Text”=”Show both parts and manage them individually”
lorer\Advanced\Folder\WebViewBarricade]
“ValueName”=”WebViewBarricade”
– 2.3. Save Text Lines above as a Registry Entry File (file format: .reg) :
“Fix_Folder_Options.reg“
– 2.4. “Merge” it into Windows Registry Database:
3. Show The Files that had been hidden by Virus
After The Registry Entry Files had been merged successfully into Windows Registry
Database, Folder Options will be ‘Your own’, and All Hidden Files (including Hidden
System Files) will be shown with their unchanged file attributes (hidden and system
attributes).
Then, finally You can simply manually change their file attributes back to their
original attributes by a free recommended software named Attribute Changer that
can be downloaded from here or directly from here.
NOTE:
The Resident Virus must be killed first with trusted AntiVirus (as the easiest way)
before You can merge the Registry Entry File above into the Windows Registry
Database to Recover Folder Options, or It won’t Work since the Virus will put the
Folder Options Setting back to the wrong way…

Folder Options Recovery From Virus

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Folder Options Recovery From Virus

Enviado por

Direitos autorais:

Formatos disponíveis

Folder Options Recovery From Virus Attack

Você também pode gostar