cant see hidden folders

dunno where to post this
well... im sure a lot of ppl remembers this virus... but daaammmm... has it evolved?????
i mean.. i already tried the regedit stuff and went to SHOWALL to change checked to 1... and nothing... after a lot of tries, i realized that when i pressed F5 in regedit, the value instantly changed to 0 again... ive been messing around with this thing and have gone to the point of killing almost every process.. cand delete the vital ones... and still this thingh...

any suggestion plz?

thanks a lot!

 

Tried the same in Safe Mode ?

 

yes sir, did... still the same keeps changing the value to 0

 

What virus is that (hey! Memory is one of the first things to go! )? Also, sounds like whatever's gotcha has infected/taken control of regedit, so you may need to try another way. The registry can be edited manually through Powershell which, as far as I know, does not use the services of regedit.exe; if the malware is controlling regedit.exe, that might be a way to circumvent it.

 

done with powetshell and still the same thing.. OMG! im going to lose it T.T

 

Or you could try the Remove Restrictions Tool/RRT from Sergiwa software; link and link.
Remember it will not remove any malware.
I'd use SUPERAntispyware and/or Malwarebytes'Antimalware for cleaning the infection if your AV can't do the job.
Cheers.

 

One thing you might try to use is SysInternals' RegMon, which provides a GUI for monitoring access and changes to the registry.

It might be possible to start up RegMon, then go into regedit, make the change, have it get changed back, and then use the monitoring history from RegMon to try and identify what bit of nastiness just went in and changed it back.

 

so here is what i found with regmon and its xactly what im looking for, opens all the hide foder and hide system files and put 0... then opens KAVa... wich im pretty sure has to do with this kavo.exe and kavo0.dll... but i cant delete em unless i have the hidden folder option again...

any ideas on whats next?

 

The virus that makes us can't see hidden folders... Rontokbro?

 

Aespinalc, have you seen this and this webpage discussing the same problem?
Maybe either Prevx CSI or ThreatFire can clean your notebook after which you can change the reg values permanently.
Cheers.

 

unfortunatedly i have no idea how i solved the problem... fortunatedly the process that kept changing the register stopped working (dunno why) and i could finally see hidden folders and erase kav0.exe and kavo.dll

thankls all

 

If it happens again, you can try using this:

Code:

On MS-DOS / Command Prompt:

attrib -r -s -h

The syntax is the following:

Code:

On MS-DOS / Command Prompt:

attrib -r -s -h C:\Folder
attrib -r -s -h C:\Folder\file.exe
attrib -r -s -h C:\file.exe

It changes the attributes of files and / or folders that are hidden, individually and does not realy depend on the Windows Registry.

Source: [LINK.]

By the way, Comodo Firewall Professional's Quarintined Files module, if you try to add a file to the Quarintine, Comodo's Explorer Shell will pop up, and it will show hidden files of any kind, including boot files that are hidden even further by Windows and are not visible not even by "Show hidden folders and files.".