Ran a System Restore and now all of my docs are "greyed-out"?

Got some nasty malware so restored to a couple of weeks back.
When my system restrated, I noticed that ALL of the word and xls docs on my computer are greyed-out, yet stilll accessible.

How do I change this?

 

If you mean "hidden" but showing because you have SHOW HIDDEN AND SYSTEM FILES set as a preference, there are probably a but load of additional files that are hidden as well.

This is becoming a fairly common virus "trick"

You can right click each file and change the attribute back to unhidden, but a faster way would be to download unhide from bleeping computer

http://download.bleepingcomputer.com/grinler/unhide.exe

 

sounds like the same problem a colleague had on his desktop which turned out to be a nasty trojan virus and was a to remove.
he had over 100 attacks of various viruses and trojans and spyware and malware. i managed to clean everything except 1 and it took almost a week.

he had norton that had run out a year ago so tried 3 antivirus scans. avg/avast/and wse. also malwarebytes pro. of course loaded one at a time and then deleted.
this all had to be done in safe mode and disconnected from the internet.
once i had done all the scans i had to manually go into each document and photographs properties as the virus had ticked hidden so untick it in properties attributes and hopefully you will be able to save them.

 

Avira free let this malware in my system, luckily had a system restore point and had to unhide the files/ folders manually.

The above mentioned program should work.

 

I just got rid of most of the malware/virus via Malwarebytes but I still have this thing that happenes when I try to do a search. Regardless of what I click on, I get re-routed to some prize website.

I hope I dont have to manually go into any individual files...

Heres the weird thing. I restored to two weeks ago yet the problem is still there? Are you referring to the bleeping-computer program above?

 

"I just got rid of most of the malware/virus via Malwarebytes but I still have this thing that happenes when I try to do a search. Regardless of what I click on, I get re-routed to some prize website.
AKWIT, it sound like a browser hijack - When you scanned with Malwarebytes was it run in safe mode? What antivirus are you running now BTW?

 

Akwit,

System Restore DOES NOT restore file attributes. He said he had to restore them manually. Unhide saves you the trouble. It also "unhides" a lot of things that you might miss if you do it manually. Your virus likely hid a lot of other things beside your documents.

As for your redirects--the malware type you had accomplishes this in two ways that I have seen.

The first is by inserting a proxy server reference in your browser settings---this redirects all of your internet browsing through a proxy server of the makers choosing. How this is removed depends on the browser you are using. Ex: in IE, go to START > CONTROL PANEL > INTERNET OPTIONS, choose the CONNECTION tab and choose the LAN SETTINGS button. If use a proxy server is checked at the bottom, uncheck it.

The other method is a ROOTKIT, which is much more difficult to remove.

 

I was frightened to see my empty desktop, folders, Program files at first. The malware also popped up some infinite windows saying "Temp write failed at xxxxx".

I did a system restore using F8, unhide files/folders and did a full scan with MBAM (nothing detected). There are no issues as of now.

System restore served it's purpose.

 

Yes. I ran it to make sure that I didn't miss any folder.

 

First off, I saw that two headed cat on the news a couple of weeks and it bugged me out-lol.
Second, I have Symantec Corporate.
I have always heard its best to run Malwarebytes regularly and if that doesnt work, then to do it in Safe Mode. I have yet to do the latter.

Gerry-
I will downlaod/use the unhide program you rec from bleepin-computer.
My proxy setting is already unchecked.
Im going to try some safe mode anti-virus and malware hunting and hopefully that does it.

Someone needs to start a non-for-profit organization that focuses solely on getting lonley developers/hackers around the world, laid.
Id make a donation today.

 

most malware programs will not detect rootkits.

try and download gmer from gmer.net and see if it detects the rootkit--usually, it will be embedded in an important system file.

Actually, these lonely hackers are typically working for criminal syndicates in eastern europe and the east waiting for sad souls to imput their credit card numbers so they can go on a shopping spree at your expense.They are not the lonely schmoes sitting in their mom's basement with nothing better to do.

Sadly, they are probably getting more tail than you are.....

 

LOL, probably.

Ill try the gmer program now cuz ive done everything in safe mode now and none of the programs are coming up with anything yet I am still having problems being re-routed to other sites and, now Firefox wont open...

Do I run this in safe mode as well?

 

Gerry-I just ran gmer but didnt know what to do once it was done.
Was I suppossed to kill all processes?

I saved the file but had to get out of safe mode...

 

Gmer is a difficult program to work with, but the key here is did it identify anything on the malware page?

 

Yes.
Two "red" files, both with labeled "WinFldrv.sys".
Do I "kill" these or delete them?

 

Not yet....what Operating System are you using? What service pack?

Where is the file located?

 

Win 7; Service pack 1.

The file is located in App data, users, low, windows.

I ran a variety of ant-virus/malwayre and spyware programs in safe mode and things appear to be back to normal. I had one really weird problem (audio from what seemed like video commercials even when all windows were closed)-hopefully this is gone as well.

 

definitely not a place for that file...new virus variant. Thanks, I will keep an eye out for it.

 

Ok-so my malware is not gone.
I am still hearing commercials but dont see anything playing anywhere.
Whats interesting is that it won let Firefox open.
So I deleted the program and went to go download it again and the malware redirected me to a fake Firefox download site! I almost did it but Symantec stopped me.

Ive done everything I know of to get rid of this thing. What am I missing here?

Should I delete and redownload IE9? It seems to be in there somehow as the only way for me to stop the audio commercials is to go into the task manager and stop the IE process.

 

You still have a rootkit.

http://en.wikipedia.org/wiki/Rootkit

Read up there.

Removing them is difficult. If I had the machine in front of me, it would be one thing, but you need a more guided process than I can provide here as I am only sporadically around.

There are several sites that will take you through, step by step, removing it. It will take a couple of days to walk through the process, but there are some people who are trained in helping you remove all manner of things.

Go here:

http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/

Read the top thread that is pinned, follow the instructions then post a thread titled ROOTKIT INFECTION

Someone will step up in a few hours and then walk with you through the process until the end.

 

Thanks-will do.